Hi!
Can it be 6.9 broke routing marks?
Packet still seem to get marked, but pass the main routes anway, regardless of the routing mark…
I am not seeing this in my CCR, double check your rules suspect you will find an error somewhere. sometimes an upgrade will break things because there is an error in the config but a previous version ignored the error
in version 6.9 all routing mark works fine,
but routes, which use this marks, is disabled (blue color in ip->routes) and not works.
decision = go back to 6.8 version
in version 6.9 all routing mark works fine,
but routes, which use this marks, is disabled (blue color in ip->routes) and not works.
decision = go back to 6.8 version
Yes it could be possible there’s a problem in my setup (a mikrotik router is quite a complicated thing…)
I can see the packets get marked (bytes/packer counter in mangle section is rising) but still the ‘main’ routes are used…
That wasn’t the case before…
It’s a pity there isn’t the same kind of counter in the routing section so one can see how many packets pass for each route..
this is one of the routes that isn’t used:
6 S dst-address=0.0.0.0/0 gateway=192.168.3.20 gateway-status=192.168.3.20 inactive check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=Closeness
what does 'gateway status=192.168.3.20 inactive mean?
The gateway is reachable and when I remove the routing-mark it get’s marked as reachable…
after downgrading to 6.7:
3 A S dst-address=0.0.0.0/0 gateway=192.168.3.20
gateway-status=192.168.3.20 reachable via Closeness distance=1
scope=30 target-scope=10 routing-mark=Closeness
.. and everything works as expected.. so why this ‘inactive’ vs. ‘reachable via..’?
PS: 6.8 works as expected as well. Wanted to make a bug report but I’m unable to sign up as the captcha isn’t loading…
What happened to this parameter in v6.7?
check-gateway=ping
Can be I changed that (I tried some more things before downgrading - but downgrading was the only thing that helped in the end…)
… But in 6.7/6.8 it works with our without check-gateway=ping, in 6.9 it doesn’t work any way.
It is still there in my set up?? CCR v6.9
I have several locations that have policy routing in place - no problems.
Route become inactive when check-gateway=ping is not getting replies. Only thing i can think of - maybe your setup some kind of Routing recursive loopback - where gateway traffic also goes through policy-routing and other gateway traffic through first policy route.
So suggestion is to ensure that gateways are always using main routing table - traffic to those addresses are not marked in mangle and no routing mark is applied to it - just make accept rules at the beginning of that chain for gateway traffic.
Why it breaks on upgrade? Most probably because it tried to look up everything at once.
Strange enough, support wanted a support file from the non working router, so I upgraded to 6.9 again - and now everything is working perfectly.
I don’t see any configuration problems as just removing the routing mark was enough to get the route up, adding it again was enough to get it down again.
But as the absolutely same config is working now… I guess it was just a glitch with the last upgrade process…
Hello Folks!
I can confirm routing marks was broken between RoS6.7 and RoS6.9.
We had a severe incident the past weekend due to this, 24 hours without email traffic…
For years we have tagged source address: scmgateway protocol: tcp/smtp with mailroute.
In routing we route all traffic tagged mailroute to smtp asa5510
Default gateways we have two using classic mikrotik failover, asa5510 is not any default gateway.
Suddenly after upgrade, one customer call in and say, hey where is my emails, customer complains.
After investigating where mail traffic went, all has been queued up in scmgateway, routerboard had not passed traffic on to asa5510, it is not going anywere and stay in mailqueue.
Rollback to RoS6.7 immediate solved the problem.
Please fix this issue, dont forget also CRS vlan leakage and CCR ethernet ports that flaps and got disabled at random.
ROS 6.9 broke Routing Mark on my RB2011L. But it doesn’t have same problem on my RB951-2n.
It is also broken on RB-450G. Route with routing mark stays blue (inactive), gateway states reachable.
Also, marking a packet for the “main” routing table is also gone.
Downgrade to 6.7 fixes the problem.
Anyone with such issues, please contact support. We have not yet received any information that would help identify this issue.
Can anyone confirm that they are working this through with Mikrotik support as I have also discovered the same problem in 6.9 and I see no merit in logging the issues with Mikrotik if someone in this forum is already on the case.
Generate supout file from older version before upgrade. Then upgrade and generate another one where routing marks are not working.
Send both files to support.
the odd thing is that it works fine for about 24 hours then I come in the following morning and all my VOIP traffic is going up the main line so I reboot and hey presto, all working again. I’ll try and see if I can downgrade and get something together for support. Are other people having this problem finding that it is sporadic or is it happening all the time?
Anyone sent a supout file yet? I have this issue on my ccr, I have 2 physical wan and a vpn wan, seems like one physical wan does not work.
Skickat från min SM-N9005 via Tapatalk