2 ISP question

benmikrotik · August 10, 2011, 8:00pm

Hi All,

I have a current 1 ISP setup. I want to add 1 ISP more but I won’t do load balancing. This 1 additional ISP will be exclusive to a biz subscriber.

The biz subscriber and the residential subscribers will be sharing the same x86 mikrotik box, firewall, DHCP, Qos, L7, web proxycache settings. I want the biz subscriber will connect only to ISP2, and residential subscribers to ISP 1. Any ideas how to do it? Please help me.

Feklar · August 10, 2011, 8:21pm

Look up policy based routing.

benmikrotik · August 15, 2011, 11:10pm

Thanks.

Can someone post a working setup. I cannot get it to work.

Feklar · August 17, 2011, 3:38pm

It’s a much better idea for you to post what you have and what you are expecting and what you are seeing. There are numerous working examples throughout the forum and in the wiki if you search for them.

At a minimum provide:
/ip firewall export
/ip address print detail
/ip route print detail
A network diagram and what your goals are.

benmikrotik · August 18, 2011, 5:30am

Thanks.
Below is my current setup.

I am not sure if I am messing it up.
My goal is just to add 1 more ISP to serve one biz subscriber on the same LAN network as my residential subscribers.

Feklar · August 18, 2011, 3:29pm

It appears you heavily use connection marks, and I’m sure you don’t want to rework that, so your policy based routing will be much like the examples except that you will mark for routing directly. Also since you say your business subscribers are on the same LAN, I’m assuming they are using the same address space, you will need to somehow maintain a database of what IP addresses are those subscribers. Easiest way is either with static DHCP leases, or having them set up a static IP on their machines.

/ip firewall address-list
add address=192.168.30.10-192.168.30.30 disabled=no list=business
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Policy routing for business users" disabled=no src-address-list=business in-interface=ether3 new-routing-mark=business passthrough=yes
/ip firewall route
add dst-address=0.0.0.0/0 gateway=110.55.116.1 routing-mark=business comment="Policy routing for business users"

This is the most basic thing that you can do to get all addresses within that address list to use a specific route. You already have a mark-routing rule in place, you will need to narrow that down so it does not overwrite what this mangle rule does, or remove it. I left passthrough=yes since I’m assuming you still want to process all of the packets against your mangle rules, if you don’t care, then set passthrough=no to save CPU time. Your other connections will fall through to the main routing table.

benmikrotik · August 18, 2011, 3:38pm

Thanks a lot.

I will try this later.