Policy Based Routing issue and question

doublecaps · June 25, 2012, 8:30pm

Hello, I currently have 2 connections to one of our remote sites and I want to route specific traffic through one of the connections because it uses a lot of bandwidth.
To be more specific, I want to route the traffic from and to DVR at the remote site.

I don’t want to implement PCC because on the the ISPs have high latency and inteferes and I get poor performace for some applications (SIP, Oracle DB, etc).

I’m trying to setup Policy based routing, but i can’t get it to work the way I want it. The mangle rules stats are increasing but when I do a trace it still goes through the main route.

Here is what I have configured so far:
ip firewall mangle
;;; 174: Mark Routing DVR ->Neptuno
chain=prerouting action=mark-connection new-connection-mark=ABC-DVR
passthrough=yes src-address=192.xxx.174.94
6 ;;; 174: Mark Routing DVR ->Neptuno
chain=prerouting action=mark-connection new-connection-mark=ABC-DVR
passthrough=yes dst-address=192.xxx.174.94
7 ;;; 174: Mark Routing ->Neptuno
chain=prerouting action=mark-routing new-routing-mark=ABC-DVR
passthrough=yes connection-mark=ABC-DVR
8 ;;; 174: Mark Routing ->Neptuno
chain=prerouting action=mark-routing new-routing-mark=ABC-DVR
passthrough=yes connection-mark=ABC-DVR

ip route print detail where routing-mark=ABC-DVR
0 A S ;;; DVR Almacen
dst-address=192.xxx.174.0/24 gateway=10.xxx.174.2
gateway-status=10.xxx.174.2 reachable ether1 → To Neptuno distance=1
scope=30 target-scope=10 routing-mark=ABC-DVR

ip route rules
2 routing-mark=ABC-DVR action=lookup table=ABC-DVR

The stats counters for the mangle rules are showing activity
5 ;;; 174: Mark Routing DVR ->Neptuno
prerouting mark-connection 522491 2184
6 ;;; 174: Mark Connection DVR ->Neptuno
prerouting mark-connection 119548 2331
7 ;;; 174: Mark Connection ->Neptuno
prerouting mark-routing 636859 4412
8 ;;; 174: Mark Routing ->Neptuno
prerouting mark-routing 637099 4416

If I trace from the router, using the ABC-DVR routing table it uses the correct route
[admin@xxxxxx-WAN] > tool traceroute 192.xxx.174.94 routing-table=ABC-DVR ADDRESS STATUS
1 10.xxx.174.2 162ms 120ms 139ms
2 192.xxx.174.94 257ms 350ms 260ms

however when I trace it from a PC it goes through the other ISP.
C:>tracert -d 192.xxx.174.94
Tracing route to 192.xxx.174.94 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.xxx.173.1
2 382 ms 121 ms 145 ms 10.xxx.253.1
3 111 ms 81 ms 38 ms 192.xxx.174.94

Can anyone give me any suggestion on what I’m doing wrong?
I tried doind the same thing on the router at the remote site, but get the same results.

MikroTikIQ · June 26, 2012, 10:22pm

Hi..

there is some extra config on you router..

its simple can be done..!!!

but I would like to have more info.. that is your DVR IP.. and your Local IP..

Also if you can send more config about router IP....

And if you can draw your senario.. will be great and will have more specific solution..

Also I would to know how you use both of ISP..?? in mikrotik config..!!!

do you have specific IP address in your local network want only to reach the DVR..?

Here I can give you some hint..

Make static route

this way you can force any one want to reach your DVB go through Specified gateway..

/ ip route add dst-address= DVR ip address gateway=Your recommanded ISP gateway..

\

mark all ip that want to access the dvr via Recommanded ISP...

/ ip firewall mangle add chain=forward dst-address= "dvr ip address" out-interface=(your recommended ISP interface) action=mark-connection new-connection-mark=DVR

Sure to NAT the our going IP with the ISP ip address..

/ ip firewall nat add chain=src-nat src-address=local network address out-interface=(recommended ISP) connection-mark=DVR action=src-nat to-address=(your recommended isp ip address)

Test and give me result

Ali.
Mikrotik-IQ
MTCNA-MTCWE-MTCRE-MTCTE-Trainer