2 ISP in 1 LAN and policy routing

bes · May 7, 2006, 8:11pm

Hi,
p2p trafic coming by default route gateway 1.
All other trafic coming by policy route gateway 2.
When i match only 80 TCP port, policy route work good and www coming from gateway2.
And when i matching by mt example all trafic and added policy route internet not work.
this is example from mikrotik homepage

Notes
You can use policy routing even if you use masquerading on your private networks. The source address will be the same as it is in the local network. In previous versions of RouterOS the source address changed to 0.0.0.0

It is impossible to recognize peer-to-peer traffic from the first packet. Only already established connections can be matched. That also means that in case source NAT is treating Peer-to-Peer traffic differently from the regular traffic, Peer-to-Peer programs will not work (general application is policy-routing redirecting regular traffic through one interface and Peer-to-Peer traffic - through another). A known workaround for this problem is to solve it from the other side: making not Peer-to-Peer traffic to go through another gateway, but all other useful traffic go through another gateway. In other words, to specify what protocols (HTTP, DNS, POP3, etc.) will go through the gateway A, leaving all the rest (so Peer-to-Peer traffic also) to use the gateway B (it is not important, which gateway is which; it is only important to keep Peer-to-Peer together with all traffic except the specified protocols)

Example
To add the rule specifying that all the packets from the 10.0.0.144 host should lookup the mt routing table:

[admin@MikroTik] ip firewall mangle add action=mark-routing new-routing-mark=mt
... chain=prerouting
[admin@MikroTik] ip route> add gateway=10.0.0.254 routing-mark=mt
[admin@MikroTik] ip route rule> add src-address=10.0.0.144/32
... table=mt action=lookup
[admin@MikroTik] ip route rule> print
Flags: X - disabled, I - invalid
0 src-address=192.168.0.144/32 action=lookup table=mt
[admin@MikroTik] ip route rule>

advantz · May 8, 2006, 5:10am

my thought of commands :

/ip firewall nat add chain=srcnat src-address=10.0.0.144/32 to-src-address=10.0.0.x action=src-nat

/ip firewall mangle add chain=prerouting src-address=10.0.0.144/32 action=mark-routing new-routing-mark=mt

/ip route add gateway=10.0.0.254 routing-mark=mt

rz8168 · May 9, 2006, 7:46pm

Can you try this?

/ip firewall mangle add chain=prerouting src-address=10.0.0.144/32 action=mark-routing new-routing-mark=mt-p2p p2p=all-p2p

/ip firewall mangle add chain=prerouting src-address=10.0.0.144/32 action=mark-routing new-routing-mark=mt

/ip route add gateway=10.0.0.253 routing-mark=mt-p2p comment=“gateway 1”
/ip route add gateway=10.0.0.254 routing-mark=mt comment=“gateway2”

valens · May 9, 2006, 9:43pm

If you want certain traffic goes and back on the same pipe, you need to do SRC-NAT to IP Address given from that ISP. You can not just route the traffic, unless you do BGP and you can choose which IP blocks advertise though one ISP and another ISP.

dannyboy · May 15, 2006, 5:07pm

Hello,

I think i am getting close to what I want to do!! I think policy routing is my solution but need clarification and explanation on how I would do this. I have 30 clients and two ISPs. I also use pppoe to connect my clients. I was thinking of creating two ip pools and two profiles. Profile #1 with ip pool #1 “192.168.10.20-192.168.10.35” and profile #2 with ip pool “192.168.100.20-192.168.100.15”. Now what I dont know how to do is to tell the MT router to check if ip is from network 192.168.10.0/24 and send that traffic to gatway #1 and the same for the other ip. Is this clear to you? Its hard for me to explain.

Daniel