Community discussions

MUM Europe 2020

Search found 49 matches

by tucker
Mon Mar 22, 2010 7:41 pm
Forum: General
Topic: Bonding packet scheduler
Replies: 0
Views: 23592

Bonding packet scheduler

Hi, I have been a long term user of bonding and in general works very well. I tend to use RR for upload bonding and works well. However on aggregation it never reaches anywhere close to the limit of bonded links. I have done a lot of packet analysis on this and the reason is simple. The RR algorithm...
by tucker
Thu Feb 12, 2009 5:19 pm
Forum: RouterBOARD hardware
Topic: RB450 and Billion 5200 compatibility issue - repeatable bug?
Replies: 1
Views: 1390

RB450 and Billion 5200 compatibility issue - repeatable bug?

Introduction I have identified what appears to be either a compatibilirty issue or a possible bug in the Rb450 hardware or firmware. This may also be a bug in the DSL router used - Billion BiPac 5200S or a combination of the two issues. I have been able to narrow this down into a reliable and repea...
by tucker
Thu Feb 12, 2009 2:56 pm
Forum: RouterBOARD hardware
Topic: RB1000 performance/reliability issues
Replies: 0
Views: 995

RB1000 performance/reliability issues

I have placed 3 RB1000 units in a co-lo facility where we route IP space to. Two routers are designed to operate in a VRRP pair as a transit router gateway. The third RB1000 will sit behind this pair and operate as a server router and firewall. At present the VRRP system is not configured and we are...
by tucker
Thu Feb 12, 2009 2:37 pm
Forum: RouterBOARD hardware
Topic: RB493ah ethernet ports stop routing then restarts
Replies: 33
Views: 9313

Re: RB493ah ethernet ports stop routing then restarts

I have a very similar situation on RB450 and RB1000 - so similar it seemed too much to be coincidende. On an RB450 a Billion 5200 ADSL router connected via eth3 works intermittently. It initially appears fine but shows jittery ping from RB to Billion router - linked with a single CAT5. Then the ping...
by tucker
Thu Oct 23, 2008 7:00 pm
Forum: General
Topic: GRE and EoIP strangeness
Replies: 4
Views: 1553

Re: GRE and EoIP strangeness

I have looked in detail at the protocol and packet flow and have indeed seen the stateless and uni-directional flow of GRE as you suggest. This all makes sense. I have tracked down my problem on the strangeness. I need to be able to policy route traffic to leave on a particular interface from one ro...
by tucker
Wed Oct 22, 2008 1:37 am
Forum: General
Topic: GRE and EoIP strangeness
Replies: 4
Views: 1553

Re: GRE and EoIP strangeness

I have done some further tests and cannot seem to shed light on this. With the EoIP tunnel setup there are two GRE connections showing on intermediate router. One from left to right and one from right to left - effectively they are asymmetric. I am not sure if this is confusing the link monitoring. ...
by tucker
Tue Oct 21, 2008 7:17 pm
Forum: General
Topic: GRE and EoIP strangeness
Replies: 4
Views: 1553

GRE and EoIP strangeness

I have a setup where I am bonding 3 GRE tunnels from one box to another. On the head box I have assigned 3 IP addresses in the same subnet. On the tail box I have assigned 3 IP address in 3 subnets. On the tail I have inserted route statements to ensure that head IP 1 gets routed via subnet 1 on the...
by tucker
Tue Oct 21, 2008 7:11 pm
Forum: General
Topic: Route mark query
Replies: 10
Views: 1628

Re: Route mark query

I had rebuilt the dynamic table in the routing table to ensure access to local subnets. I seem to have solved most of the issues now. The log shows the packet egress interface before mangle and route policy changes the interface. Torch confirms the packet actually leaves on the interface specified b...
by tucker
Mon Oct 20, 2008 12:19 am
Forum: General
Topic: Route mark query
Replies: 10
Views: 1628

Re: Route mark query

I think I have found the problem .... and it is interesting! The log file does not tell the truth. The log file shows egress on ether5. I placed a packet sniffer on ether5 and no ping traffic from my linux host. I placed a sniffer on ether4 and the ping traffic was egress on ether4. Tomorrow when I ...
by tucker
Sun Oct 19, 2008 11:42 pm
Forum: General
Topic: Route mark query
Replies: 10
Views: 1628

Re: Route mark query

I have just carried out some more testing. I deleted the rules for routing and rebuilt them (using CLI) and ended up with the route table as follows: /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=81.187.102.30 routing-mark=out-dsl4 scope=30 \ target-scope=10 add disabled=no dist...
by tucker
Sun Oct 19, 2008 10:43 pm
Forum: General
Topic: Route mark query
Replies: 10
Views: 1628

Re: Route mark query

I am checking by pinging from a remote Linux box. I have added several firewall rules to log traffic based upon the connection mark and the route mark. I have added the following rules /ip firewall filter add action=log chain=output comment="" connection-mark=in-dsl4 disabled=no \ log-prefix="cm in-...
by tucker
Sun Oct 19, 2008 7:20 pm
Forum: General
Topic: change order of routes
Replies: 3
Views: 1956

Re: change order of routes

Thanks for the reply. So more specific routes are selected over less specific routes by default. If two routes have same mask and one has route mark how is the order selected? I assume since the route mark is a more specific route it would be selected in preference to the less specific route. I have...
by tucker
Sun Oct 19, 2008 3:09 pm
Forum: General
Topic: change order of routes
Replies: 3
Views: 1956

change order of routes

Is there any way to change the order of routes in the routing table? Method for either CLI or GUI would be appreciated. I have read documentation numerous times but see no reference to route order or selection method or how to change the route order. I had wanted to create more selective rules befor...
by tucker
Sun Oct 19, 2008 12:33 am
Forum: General
Topic: Route mark query
Replies: 10
Views: 1628

Re: Route mark query

Thanks for the reply. This is driving me mad! It seems crazy to take so much effort to achieve something so simple. Having done all the hard work for quite complex bonded tunnels I cannot solve the simple things!! I have read your post numerous times and I have made some changes but still cannot get...
by tucker
Sat Oct 18, 2008 9:19 pm
Forum: General
Topic: Route mark query
Replies: 10
Views: 1628

Re: Route mark query

I have just repeated this configuration on a fresh RB150 with system default and latest v3.13 RouterOS firmware. I simply cannot get the packets coming in on ether4 to leave on ether4. At present I have default gateway on ether5 and regardless of what I do the packets leave by ether5. I have firewal...
by tucker
Fri Oct 17, 2008 7:40 pm
Forum: General
Topic: Route mark query
Replies: 10
Views: 1628

Route mark query

Hi, I have a RB with two DSL connections. IP addresses as follows WAN1: 10.1.1.1/30 gw 10.1.1.2 - ether4 WAN2: 10.1.1.5/30 gw 10.1.1.6 - ether5 Each DSL connection will route packets only for the IP assigned so I need to make sure packets leave on the interface they come in on. I have applied connec...
by tucker
Thu Sep 18, 2008 12:26 pm
Forum: General
Topic: Tunnel with multiple gateway
Replies: 13
Views: 2916

Re: Tunnel with multiple gateway

I have also used static routes to reach remote peers and that has worked fine. However that raises the problem with the head office connection I suggested. Head office has one high speed link and I need two tunnels from the remote office terminated on the same IP address at the head office. This mea...
by tucker
Thu Sep 18, 2008 11:15 am
Forum: General
Topic: Tunnel with multiple gateway
Replies: 13
Views: 2916

Re: Tunnel with multiple gateway

Thanks for reply and detailed summary. That looks very similar to what I am looking to achieve. I had not been using IPIP tunnels as I have tended to prefer the use of EoIP for some situations where I need to use a bridge occasionally. However in those situations I could run the EoIP over IPIP then ...
by tucker
Tue Sep 16, 2008 2:29 pm
Forum: General
Topic: Tunnel with multiple gateway
Replies: 13
Views: 2916

Re: Tunnel with multiple gateway

I will draw something up shortly - I appreciate the comments. A brief overview - IP addresses are fictional but typical of what we have. Each DSL line has a routed /30 with static IP addresses. No firewalls or NAT at DSL routers - RB sees real IP addresses. Site 1 DSL Line 1: 1.1.1.0/30 RB is 1.1.1....
by tucker
Tue Sep 16, 2008 1:20 pm
Forum: General
Topic: Tunnel with multiple gateway
Replies: 13
Views: 2916

Re: Tunnel with multiple gateway

That does indeed work but depends on one end being able to initate the connection. Problem is I have the same setup at each site - one DSL line for Internet and one for VPN. I need to ensure default gateway is general line and that VPN traffic uses VPN line. That means being able to route traffic or...
by tucker
Mon Sep 15, 2008 7:28 pm
Forum: General
Topic: Tunnel with multiple gateway
Replies: 13
Views: 2916

Re: Tunnel with multiple gateway

Traffic through the tunnels will be VPN inter-site. Routing that traffic is not a problem and if I have an active tunnel I can policy route that easily. The problem is ensuring the tunnels use different gateways and I cannot see any easy way to do this. Ideally I would like to bind the local tunnel ...
by tucker
Mon Sep 15, 2008 6:07 pm
Forum: General
Topic: Tunnel with multiple gateway
Replies: 13
Views: 2916

Re: Tunnel with multiple gateway

Thanks for reply. Sort of helps and is similar to what I would do for non tunnel traffic. The problem is how to select the tunnel traffic on a per-tunnel basis for policy routing. Ideally it would be great if RB supported a mangle rule that could identify a tunnel by id. Failing that IPIP has local ...
by tucker
Mon Sep 15, 2008 12:43 pm
Forum: General
Topic: Tunnel with multiple gateway
Replies: 13
Views: 2916

Tunnel with multiple gateway

Hi, I have long been using RB very successfully for tunnels and advanced routing and have been delighted. I have always had one problem that I have never been able to solve satisfactorily. A current setup has just raised a situation when a solution to this would be useful. The problem is simple. I h...
by tucker
Sun Nov 18, 2007 3:26 pm
Forum: General
Topic: SNAT and DNAT the same connection
Replies: 3
Views: 1020

Re: SNAT and DNAT the same connection

Thanks for comment. I assume you are doing it for similar reasons? I had not been using connection mark and I think from recent RoS experience that connection/packet/route marking is the way to get maximum flexibility and function.
by tucker
Sun Nov 18, 2007 3:24 pm
Forum: General
Topic: Persistence of connection/packet/route marks
Replies: 8
Views: 1370

Re: Persistence of connection/packet/route marks

Thanks for the link ... much appreciated!

The connection mark/track seems to work well. A bit more testing and tidying and will report back exact configuration then document it.

Thanks again for all the help!
by tucker
Fri Nov 16, 2007 7:24 pm
Forum: General
Topic: SNAT and DNAT the same connection
Replies: 3
Views: 1020

SNAT and DNAT the same connection

I have a need to apply SNAT and DNAT to the same connection. The reason is that I have a RB150 behind 3 DSL routers. Each DSL has telnet and http interface and I need access from external while securing this. I also need to be able to access the interface on one router from connection of one of the ...
by tucker
Thu Nov 15, 2007 7:15 pm
Forum: General
Topic: EoIP packet routing
Replies: 2
Views: 811

Re: EoIP packet routing

I can see that the tunnel id is located from bit 224 or byte 28 within the raw IP packet. I now need to see how a regex can match this at L7. I am not sure how L7 matching works. I assume it matches the data section of the packet and not the whole packet. Also I cannot get it to accept hex values an...
by tucker
Thu Nov 15, 2007 7:13 pm
Forum: General
Topic: Persistence of connection/packet/route marks
Replies: 8
Views: 1370

Re: Persistence of connection/packet/route marks

Thanks for the comments. I can see the benefit in marking packets and how it allows much better control on queue. As part of my plan is now to shape the lines I will review packet marking. I can see how other traffic can enter the router in input and I only want to mark and route unicast traffic to ...
by tucker
Thu Nov 15, 2007 6:42 pm
Forum: General
Topic: EoIP packet routing
Replies: 2
Views: 811

Re: EoIP packet routing

I have just dumped some packets and found that the EoIP tunnel Id does exist in the IP packet. It appears to be at a fixed offset within the packet. If I can work out how the L7 can be used to extract the word from the packet then match it it should be easy to packet mark packets according to which ...
by tucker
Thu Nov 15, 2007 6:00 pm
Forum: General
Topic: EoIP packet routing
Replies: 2
Views: 811

EoIP packet routing

I have long thought it would be great to be able to policy route EoIP packets. Ideally I would like to be able to route traffic according to the tunnel id. The reason for this is that I have a bonded DSL setup that I am trying to standardise and have discussed in previous threads. The issue I have i...
by tucker
Thu Nov 15, 2007 5:51 pm
Forum: General
Topic: Traffic shaping
Replies: 1
Views: 1275

Traffic shaping

I am working on a traffic shaping system that will achieve several objectives: 1. Classify egress traffic into 4 different bands - VoIP, interactive, standard and bulk. Traffic will be rated and bandwidth allocated according to which "speed lane" it is classified into. 2. Control traffic at each end...
by tucker
Thu Nov 15, 2007 5:39 pm
Forum: General
Topic: dual gateways
Replies: 2
Views: 613

Re: dual gateways

I have a thread that has been under discussion (http://forum.mikrotik.com/viewtopic.php?f=2&t=19887) that may shed some light on this as it relates to multiple gateways ... I think from your description the symptom may be similar.
by tucker
Thu Nov 15, 2007 5:37 pm
Forum: General
Topic: Persistence of connection/packet/route marks
Replies: 8
Views: 1370

Re: Persistence of connection/packet/route marks

Thanks again for the comments and feedback ... this has indeed pointed me in the direction. I have run some trials and reduced the configurations. I now have something that seems simple and works. This is what I have done: 1. Mangle on input chain and mark connections selecting on in interface and d...
by tucker
Thu Nov 15, 2007 3:27 pm
Forum: General
Topic: Persistence of connection/packet/route marks
Replies: 8
Views: 1370

Re: Persistence of connection/packet/route marks

tucker - Can a packet have a connection mark, a packet mark and a route mark at the same time? Can a packet have multiple packet marks? Is a connection mark associated with all packets related to the connection? yes no - not at the same time. You can however use a packet mark to filter a packet aga...
by tucker
Thu Nov 15, 2007 3:11 pm
Forum: General
Topic: rc10 Bug?
Replies: 10
Views: 2022

Re: rc10 Bug?

Thanks for feedback.

I think I have found two other script commands that crash the console ... working on them to see if I can replicate them and on different devices.
by tucker
Thu Nov 15, 2007 10:48 am
Forum: General
Topic: Persistence of connection/packet/route marks
Replies: 8
Views: 1370

Persistence of connection/packet/route marks

I am trying to understand fully packet, connection and route marking. Can anyone confirm any of the following? Can a packet have a connection mark, a packet mark and a route mark at the same time? Can a packet have multiple packet marks? Is a connection mark associated with all packets related to th...
by tucker
Wed Nov 14, 2007 4:58 pm
Forum: General
Topic: rc10 Bug?
Replies: 10
Views: 2022

rc10 Bug?

On latest rc10 if I run the following command from terminal it crashes the console. I have tried this on several rc10 systems and the same effect happens /interface :put [find type=ether] I cant see any reason why this would cause a crash on the console rather than simply dumping an error. I am usin...
by tucker
Mon Nov 12, 2007 4:41 pm
Forum: Scripting
Topic: Script debugging
Replies: 2
Views: 9875

Re: Script debugging

Thanks for the reply. Most of the routers I have worked with are 2.9 but have some on 3.0 using beta and rc. On the 3.0 boards print worked fine and displays syntax errors in red. However the syntax highlighting as I type does not work and shows text just in black. Are there are options to enable hi...
by tucker
Mon Nov 12, 2007 3:09 pm
Forum: Scripting
Topic: Script debugging
Replies: 2
Views: 9875

Script debugging

I have been developing some scripts and have been troubled bu debugging. I find it very hard to debug scripts as I have not found a way to get reports on syntax errors or simple problems. If there is even a slight error the script does not run and no output is generated. I find this is making it ver...
by tucker
Sun Sep 23, 2007 10:54 pm
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

Re: Multiple WAN default gateway strangeness

Thanks for the config info. This is very similar to what I am doing and works very well. The only issue is that it becomes very wasteful on IP addresses at the head-end. It also means the routes become quite difficult to manage - especially if as I have you have multiple remote routers connected to ...
by tucker
Tue Sep 18, 2007 12:17 am
Forum: General
Topic: IPIP Tunnel Query
Replies: 2
Views: 671

Re: IPIP Tunnel Query

It does indeed help and that is largely what I had done. I have routed egress packets according to the destination address. This works well when the routers on each end have the same number of separate Internet connections as gateway. However when one end has only a single connection e.g. a hosted r...
by tucker
Sun Sep 09, 2007 9:57 pm
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

Re: Multiple WAN default gateway strangeness

That seems to make sense. Just so I am sure, are you suggesting that the connections are marked in the pre-routing stage according to the interface they originate from. Then route the connections or packets in routing stage according to the mark they have had assigned during pre-routing. I can see h...
by tucker
Sun Sep 09, 2007 2:01 am
Forum: General
Topic: IPIP Tunnel Query
Replies: 2
Views: 671

IPIP Tunnel Query

I have been struggling with the lack of source based routing when working with multiple interfaces and routes to a remote destination and have had some issues with multiple WAN interfaces. I have been able to solve my egress issue by connection marking ingress traffic according to the interface it e...
by tucker
Sun Sep 09, 2007 1:40 am
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

Re: Multiple WAN default gateway strangeness

Sorry for delayed response. I would be happy to post my config but I have never yet got it to the point where I am totally happy. At present I still have the multiple gateway problem. Basically I cannot find a way to reliably make sure a packet egresses by the interface on which it ingresses. So if ...
by tucker
Wed Mar 21, 2007 1:42 am
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

Using multiple ip at the head-end and static routes at the tail end worked fine. Traffic was routed on relevant connection and it all worked well. I havent yet tried the l2tp option but have it running with EoIP over IPIP and also with EoIP directly. Bonding with 4 lines working well and traffic tes...
by tucker
Tue Mar 20, 2007 1:46 am
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

Thanks for the reply. The trick with the dst-nat is smart! The redirect to map the traffic to a local interface is a nice work around to get the tunnel endpoint onto separate IP addresses. I havent fully analysed the packet flow to see how and where this works! The l2tp tunnel is a good idea and I a...
by tucker
Mon Mar 19, 2007 12:41 pm
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

I have prepared some information on the setup and the tests I have completed. Information and dumps attached below. I will leave the configuration in this state and will apply only changes related to this thread so we have a controlled environment. Thanks again for all the help. It is very welcome a...
by tucker
Sun Mar 18, 2007 3:56 pm
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

Thanks. From what I have read on forums I knew it must be possible. I had been testing with ICMP which is not good as it does not work with connection tracking. My next test was to connection track GRE then try that. A bit of work with torch on a working single EoIP test tunnel had shown that EoIP s...
by tucker
Sun Mar 18, 2007 1:51 am
Forum: General
Topic: Multiple WAN default gateway strangeness
Replies: 14
Views: 5620

Multiple WAN default gateway strangeness

I am reasonably new to RB and ROS having moved from using custom Linux and BSD distros on embedded PC hardware. I have a lot of experience with networks but reasonably new to RB. I have a situation on test where I have RB150 with 3 DSL lines. Each DSL line has a /29 with RB assigned one address and ...