route traffic to other router on same broadcast domain

dfrantzen · February 12, 2019, 9:34am

Hi Guys,

I have a Core router and a CHR router both Mikrotik. The Core router is routing a /29 public subnet, then it has a gateway on my CR on the same subnet aswell.
My problem is because my CR has a ip on the same subnet then it doesnt route the traffic through the CHR because it already has l2 connection to the servers on the inside of the CHR.
I want all traffic from and to the /29 to go through the CHR.

How do i do this? Mangle? ip route policy?

I would like an example if possible.

Thanks.

mkx · February 12, 2019, 10:08am

Create another subnet for that purpose. A /30 with private IPs would do. Or even point-to-point (with /32 addresses) if you want to nit-pick.
It doesn’t have to be separate LAN infrastructure (although it would be good from sanity point of view … at least separate VLAN).

dfrantzen · February 12, 2019, 10:39am

Hi thx i did think about that, but isnt it possible to do the other thing i asked?

mkx · February 12, 2019, 11:23am

Out of curiosity: why is introduction of another subnet not a good solution for you?

dfrantzen · February 12, 2019, 12:02pm

Because its waste of IP’s.

If i use private ips between the two routers then i have to NAT on my CR and i want anything to be configured on the CHR (NAT,FIrewall etc…)

mkx · February 12, 2019, 1:44pm

You don’t have to NAT anything if those two addresses (or /30) are only used on inter-router segment for routing towards next hop. As I wrote, they can easily be private IPs (non-routable). Its only the matter of setting a (static) route with GW address being the other end (private address) … which you already have, just with addresses from your LAN address space (if I understood your current config right).

The only drawback is that they are seen when one makes traceroute …

dfrantzen · February 12, 2019, 2:27pm

Hi its not possible to route a public subnet over a private subnet and out to the internet and back again without NAT.

mkx · February 12, 2019, 7:34pm

Assuming

R1 port A is “global” WAN. It’s got public IP address a.b.c.d/X and ISP’s gateway has a.b.c.e
R1 port B is “LAN” with ethernet connectivity towards R2 with address 172.19.1.1/30.
It also has ethernet connectivity towards LAN, but that’s not used.
R2 port A is “LAN” with ethernet connectivity towards both LAN and R1
LAN address is 10.f.g.h/16
R1 connectivity address is 172.19.1.2/30

So IP config on R1 would be:

# WAN setup
/ip address
add address=a.b.c.d/X interface=A network=a.b.c.0
/ip route
add gateway=a.b.c.e
# connectivity towards LAN is via R2
/ip address
add address=172.19.1.1/30 interface=B network=172.19.1.0
/ip route
add dst-address=10.f.0.0/16 gateway 172.19.1.2

… and R2:

# LAN interface ... this IP address is set as default gateway for all LAN hosts
/ip address
add address=10.f.g.h/16 interface=A network=10.f.0.0
# next to reach out for WAN
/ip address
add address=172.19.1.2/30 interface=A network=172.19.1.0
/ip route
add gateway=172.19.1.1

You only perform NAT (both src-nat and dst-nat) on R1. If you actually do NAT on R2, then the non-default route on R1 looks differently (it should target your public /29 subnet instead of LAN subnet).

Think about packet flow … what operations are performed and which routing decisions are taken. And you’ll see you don’t need any extra NAT for proper packet flow between R1 and R2. It’s all about static routes for specific target subnet using appropriate next hop.