Hello, I’m running a small network with dual WAN gateways and some routing policy to get traffic to some specific addresses to use one of the WAN interfaces. I recently replaced my router with an RB2011 ROS v7.15.1 and was running into issues getting the policy working correctly, I had previously had dual WAN and policy working on a different model with v7.x. I started troubleshooting right at the basics and discovered that the issue I am having is inconsistent routing when using a static route specifying ether2 as the gateway. If I specify an IP for the gateway, the routing works. That’s great, except the WAN service on ether2 is DHCP. I checked docs and they say that setting the gateway to an interface name should work.
Not sure what I am missing, I have a pretty basic config otherwise, no VLANs, pretty close to default with the exception of a couple of firewall rules and a couple of LAN subnets on a couple of bridges, all that works fine. I removed ether2 from the bridge, added it to the WAN interface list, set up srcnnat rules for each WAN interface instead of using interface list. I can’t think of much else that could be causing the issue. Ideas? Troubleshooting ideas?
Using interface name as gateway works … for interfaces of point-to-point type (e.g. PPPoE). For point-to-multipoint type of interfaces (e.g. ethernet) this may or may not work, it largely depends on configuration of upstream gateway.
The reason is this: on ethernet, when a device wants to send a frame, it has to know MAC address of next hop receiver. When using IP address of next hop router as a gateway, your device asks for MAC address corresponding to gateway’s IP address … and router responds with own MAC address (just like every other ethernet/IP device does).
Now when using interface name as gateway, your router assumes that every destination according to routing rule (i.e. whole internet when we’re talking about default gateway) is “directly” accessible on the other side of that interface (and we all know that’s not true, right? There’s always a few routers in between). So this only works if upstream router is configured with very greedy proxy-arp responding with own MAC address to all queries regardless the IP address. And not all ISPs have that kind of configuration. One of problems with such setup is that such router will have to answer a lot of ARP whohas questions (if clients are forced to use IP address as gateway, then they’ll reuse reply for many different connections while when using interface as gateway they’ll ask for MAC address for every connection targeting a new internet host … and that might also overflow their own MAC address table).
Now, with DHCP lease most often comes also information about gateway IP address. Which should be used in vast majority of cases. So I don’t see the reason for you to pkax games here. Unless you gave a good reason to do it differently … which I’d very much like to know.
Thank-you, that is a great explanation. I have a test setup where I have the DHCP WAN interface connected to another Mikrotik in my control
and it has Internet access, I set the arp to proxy-arp on the interface I am connected to and it works. One of those tiny details either buried deep in documentation or not clearly defined.
Why the shenanagins? Trying to get routing rules to work. My working config from another unit with v7.something is not working on the new unit and I was/am going to do it the old fashioned way. Trust me, I’d rather leave dhcp-client to do the dirty work.