ECMP & NAT are broken

Hello,

I tried implementing ECMP (multiple default agteways) on two cable modems. One has a static IP, the other a dynamic IP. No problems there. Once you load balance the connections (meaning ECMP) and you dig into the packets on each interface you will see the wrong source addresses used for the masquerade.

2 gateways - 2 cable modems
2 masquerade lines, one for each. this works.

I figured a picture is better than anything - so here it is in the config.

Problem: When I sniff the network connection, either using ‘Packet Sniffer’ tool, or Ethereal on a totally separate machine, I see source IP addresses being used on the wrong interface. It does rotate thru and use masquerade - every other source / dest pair gets a new IP - BUT, the router still sends the packets out on whatever interface it feels like, not the one thats for that pipe.

Version 2.8.7

Ethereal shows me that the MAC address of the outgoing traffic is coming from the single interface, coxRes, but with both masqueraded IP addresses. Only 1 NAT source should been seen on that interface, there is no physical connection between those 2 connections, they each have their own cabling right to their own modems each on separate coax lines.

Outbound NAT when using multiple gateways does not work 100% reliably at this time. Can anyone verify if they have this working, or is it a bug?

Anyone? I even submitted a trouble ticket to Mikrotik support and have heard nothing for a few days now. This truly is a bug - does not one else even use dual gateways ?

Please help … Thanks - Sam

You should use v2.8.11 – this problem is fixed in this version.

John

Hello,

Just updated to version 2.8.11. During the upgrade from 2.8.7 to 2.8.11 I lost all firewall chain rules - all of them. Nothing else was lost, only the rules in the chains. weird. Thank goodness for backups.

Anyhow, the problem is still present in 2.8.11, the latest version. I can use packet sniffer or ethereal to verify that source addresses are being advertised on the wrong physical wire. This needs to be fixed so that we can actually use Mikrotik with more than 1 gateway … as it stands it’s not working and we cannot proceed with load balancing things using Mikrotik. Hope you guys can figure this out shortly and get an update. If you need a supout let me know, I’d be glad to help troubleshoot so we can get resolution in a quick manner.

Thanks,
Sam