Can we make connections jump public interface?

WirelessRudy · March 25, 2010, 1:14am

Is it possible to have a prolonged traffic stream above certain speed (use connection rate in mangle) to jump to another default gateway? Will the date stream/connection break?
On public side of router traffic will pass through other routers depending on policy routing decicion before hitting ISp network. One router will provide local IP with new public fixed client IP, second router will do general client NAT. (different ISP anyway)

In download or streaming (http) video with buffering a short break in data stream will not be such a problem.
But will the connection survive? Src.IP will change so probably remote server will disconnect?
And Conn.tracker? Will connection survive but become dead since new connection will be build? (With new src port?)

Connection tracker in QoS router will have local client IP address/port and remote dst-address/port info
By jumping public interface in router the src-ip/dst-ip stays the same.

Example:
Client opens http download > normal default route to HQ lease line but limit in speed.
Routing gateway will mangle this new traffic and with connection rate change routing mark with result that data stream will pass to different WAN interface. (LQ line)

From remote file internet server following happens:
Client with IP xxx.xxx.xxx.xxx request download.
Server respond “ok” and send data to xxx.xxx.xxx.xxx
After some secs. traffic stream from src IP xxx.xxx.xxx.xxx is halted. But new request is made from new src-ip. (client comes from other ISP connection.)
I presume Server will not proceed with sending data stream to this ´for him´ new host?

Is there a way we can make client make new request to same src-address/dst-address (not port) combination in the local router that now will be processed on basis of previous connection, and thus immediately get routing mark leading to LQ WAN interface?
Maybe put dst-address for that traffic coming from client X in address list and make new routing rule for src-dst address list combination that will survive some time (30 secs?) so traffic from that combination will be forced to LQ gateway?

In MT manual it is explained that we can make change in priority on heavy_traffic_connection compared to normal.
But here the conn.tracking data (src-IP+port<>dst-IP+port combination) stays intact.
It would be nice if I could set something up so I can use same to change route to remote server via other gateway and not break the connection completely.

The more I think about it, the lesser change I see for an solution. But maybe anyone has an idea?
(Maybe something with ECMP or BGP?)

Chupaka · March 25, 2010, 3:13am

you cannot change your uplink interface withour breaking the connection

not bad solution is just limiting huge connections with lower speeds over current uplink. in addition, you can add the client to temporary address list, and pass all his further connections to low-quality uplink =)

krakenant · March 25, 2010, 1:53pm

How about you mangle the connection, and then set the next hop for that connection to the the other connection. It seems the MikroTik would send this traffic internally and not over the internet and once it reaches the other IP it wouldn’t NAT it, but would then send it out the secondary IPs gateway. I haven’t had the setup necessary to attempt this sort of thing and my knowledge of whether or not the MikroTik would actually send the traffic internally and then the second internet connection send it out as normal and the traffic return on the same path is sketchy, might be worth a try though if you don’t find a better solution..

WirelessRudy · March 25, 2010, 2:54pm

I might have to think on something with mangle and connection rate and esthablised connections.

When a connection is opened (state=new) it get normal routing mark and goes out to HQ line
When that specific connection is to be considered ´heavy´ (CR mangle) it will get another routing mark and is thus send to other gateway. But now connection is broken..
So user will have to make new attemp, is there anyway the router will recognize this (same src-IP and dst-IP+port) new request and mangle this with “related” (to the last broken´) connection and sends now the request out with the secondary default gateway to the LQ link.

I think it needs some trials to see if it can be achieved this way and I know, it is not an ideal situation. But it would save me to pay for the increase in speed of a more heavy HQ line.

I never fully understood the working of “related” as to “esthablished” and “new” argument in the mangle fully.
How do I write a rule with “related” argument. I see no option to tell that rule where it is related to?

chupaka, you must be able to tell me a bit more on this last?

rgds

Chupaka · March 25, 2010, 3:17pm

‘related’ is just some connection that has relationship with another connection. for example, some ICMP packets saying ‘this TCP connection has destination-unreachable’; or FTP data connection is related to FTP control connection; or PPTP GRE connection is related (isn’t it?) to PPTP 1723/TCP connection…

for now, I don’t see the way you can find re-established connection…