We have three circuits/gateways configured on our microtik router. We used the examples shown for equal cost multipath routing which are pretty straight forward. Something like:
[admin@ECMP-Router] ip route> add gateway=10.1.0.1,10.1.1.1,10.1.1.1
[admin@ECMP-Router] ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 ADC 10.1.0.0/28 Public1
1 ADC 10.1.1.0/28 Public2
2 ADC 192.168.0.0/24 Local
3 A S 0.0.0.0/0 r 10.1.0.1 Public1
r 10.1.1.1 Public2
r 10.1.1.1 Public2
[admin@ECMP-Router] ip route>
We use srcnat masquerading for the hotspot clients on the 192.168.0.0/24 network.
When we do the above nothing works right. AOL fails a lot, IE messes up and just about everything else goes nuts. When we looked at torch for each of the circuits we noticed that the Dst. Address is all messed up. Packets that should be destined for the IP address of 1 circuit are coming in on another circuit. All 3 circuits are getting packets that don’t belong to them. In another post someone mentioned that equal cost multipath routing does not allow a person to assign a preferred source to each gateway like you can with policy type routes. I would think that the router would be able to pick up the preffered source from the dynamic routing statements but I just don’t know.
Does the box need to be rebooted when switched to equal cost multipath routing to clear out the open connections? Is this what’s causing the problem? Any ideas on why packets would be coming back on the wrong interface and causing things not to work right on the hotspot?
Any drawbacks to using equal cost multipath routing? Do voip phones, vpn’s and p2p connections all work correctly with it?
Example of Source NAT (Masquerading)
If you want to “hide” the private LAN 192.168.0.0/24 “behind” one address 10.5.8.109 given to you by the ISP, you should use the source network address translation (masquerading) feature of the MikroTik router. The masquerading will change the source IP address and port of the packets originated from the network 192.168.0.0/24 to the address 10.5.8.109 of the router when the packet is routed through it.
To use masquerading, a source NAT rule with action ‘masquerade’ should be added to the firewall configuration:
no progress. Your example was tried and we still have the same problem.
Torch is still showing packets with a destination address different than what we set the to-addresses in src nat for on each interface in the example you showed.
Yes, we do that now. It’s policy routing. You need to tell it which traffic to mark for which gateway based on some rule. This does not help with trying to use equal cost multipath routing that should auto route connections through each gateway without the need for packet marks or specific packet rules.
Anway, I guess we will just stick with the policy routing we are already doing. I read some negative things about equal cost multipath routing like connections being dropped and stuff and I am also worried about how VOIP phones and VPN’s would work with it. This post has not received other feedback on these issues so I don’t want to pursue something that will create more problems.