EoIP packet routing

RouterOS General
1

I have long thought it would be great to be able to policy route EoIP packets. Ideally I would like to be able to route traffic according to the tunnel id. The reason for this is that I have a bonded DSL setup that I am trying to standardise and have discussed in previous threads.

The issue I have is that if I bond 3 lines at the tail end they need to connect to a single head-end router so that I can distribute traffic. If the head-end has a single IP address there is no way to tell each EoIP tunnel to use a separate WAN link. I get around this by assigning 3 IP addresses at the head-end and setting destination based policy routing at the head and tail routers. This works perfectly and I get a perfect traffic balance over the link. The main issues are:

  1. The setup is more complicated than it needs to be. I like the principle of simplify as far as possible but dont over simplify!
  2. The use of multiple IP addresses at the head-end router is wasteful.
  3. If the head end router is shared amongst multiple clients the routing at the head-end becomes complicated as each client tail connection needs a separate policy route - potentially a lot of routes!

I would like to be able to control egress routing based upon either the EoIP tunnel number or mac address. It would be great if this was included in RB but sadly it does not appear to be and also seems unusual enough to not warrant consideration.

This gave me several ideas:

  1. If the mac address assigned to the EoIP endpoint is exposed to mangle this could classify the packet and route tag it for policy routing. I have not yet found out if the Mac address is available to mangle or (more likely) is encapsulated in the GRE packet.
  2. Use the L7 classifier to look inside the EoIP GRE packet and extract the tunnel id or mac address using a regex. Again I have not got as far as dumping some packets to reduce this.

My concern is that the L7 may be tricky and thus hard on CPU. I could reduce load by only looking inside new connection packets rather than all packets.

Does anyone have any thoughts or comments on any of this?

2

I have just dumped some packets and found that the EoIP tunnel Id does exist in the IP packet. It appears to be at a fixed offset within the packet.

If I can work out how the L7 can be used to extract the word from the packet then match it it should be easy to packet mark packets according to which EoIP tunnel they belong in.

I have not worked with L7 matching yet. It was only todo list and clearly has now just moved up the list! Does anyone have any experience with L7 and extracting a word in this way from the packet?

3

I can see that the tunnel id is located from bit 224 or byte 28 within the raw IP packet. I now need to see how a regex can match this at L7. I am not sure how L7 matching works. I assume it matches the data section of the packet and not the whole packet. Also I cannot get it to accept hex values and the error suggests I type the code … bit tricky!

Does anyone have any information on L7 matching? I will post a more general message in ROS Beta also.