Hi,
We are running a small network with two ISPs as primary and secondary. The secondary one remains idle most of the time.
We wish to route only the youtube traffic on the second one. For this mangle rule was created and an address list of you tube is formed.
However, I am not able to figure out on how to forcibly route the traffic for the address list on ISP2.
Please suggest.
Thanks
The easiest thing to do would be to just use static routes to point YouTube addresses via ISP2.
You only need a policy based route if you wanted only a subset of your LAN devices to use the second circuit, otherwise just use static routes for youtube.
You could try ‘catching’ youtube traffic using domains in an address list.
First you add youtube domains on an address-list.
You’d have to find out all domains used by youtube using your browser’s developer tools.
/ip firewall address-list add list=youtube address=youtube.com
/ip firewall address-list add list=youtube address=www.youtube.com
/ip firewall address-list add list=youtube address=s.ytimg.com
/ip firewall address-list add list=youtube address=i.ytimg.com
/ip firewall address-list add list=youtube address=youtube-nocookie.com
/ip firewall address-list add list=youtube address=r2---sn-xjpm-4g5e.googlevideo.com
/ip firewall address-list add list=youtube address=r5---sn-hpa7zn7r.googlevideo.com
...
..
.
The googlevideo.com domain is kind of tricky since it changes depending on content. And since it’s on https, an L7 rule most likely won’t work.
If you use Mikrotik’s DNS server, you can write a script that will check the DNS cache for all entries containing googlevideo.com and add the resolved IPs to the youtube address-list.
Then you add a mangle rule to mark-routing on packets destined to those domains (ips).
/ip firewall mangle add dst-address-list=youtube action=mark-routing routing-mark=youtube
Finally you add a static route for that routing mark with gateway your ISP2.
/ip route add dst-address=0.0.0.0/0 gateway=ISP2 routing-mark=youtube
It’s definitely not ‘bulletproof’ but it should get you started.
OP did say that he has an address list for YouTube as his basis for the policy routing.
Since the stated goal is a destination-based policy, I recommend using routes (which are destination-centric by their very nature) instead of packet marking.
Although the ability to leverage the dns-based address list feature certainly has advantages
Yes you are right, and if the website in question was something simple (eg: forum.mikrotik.com) I would agree with the ‘static routes’ approach.
But youtube is chaotic. You can’t realistically find all IPs of this HUGE geo-distributed service and keep them up to date.
I think my approach is more realistic for the task at hand.
Me, I’d just look up Google’s IP blocks and route those. Who cares if Google Docs and GMail go the same way too? This is just a traffic engineering exercise and if a little extra Googleness comes in on ISP2 along with the videos, so be it. Google’s IPv4 blocks are going to be fairly stable, given that the RIRs don’t have any more addresses to hand out to organizations, and certainly not in the block sizes that Google consumes.