Routing marks, overriding default route

cvv · December 4, 2009, 5:22pm

Greetings.

I’ve got two WAN interfaces:
1 - Default
2 - for backup purposes

I’m using netwatch, pinging 209.131.36.159 to find out whether Default route is working or not.

I’ve set the following packet marking:

[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting action=mark-routing new-routing-mark=to-pppoe passthrough=yes dst-address=209.131.36.159

Here is the route list:

[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0   S  ;;; Test Route
        209.131.36.159/32                  pppoe-out1         1       
 1   S  ;;; Default Route
        0.0.0.0/0                          pppoe-out1         1       
 2 A S  ;;; Backup Route
        0.0.0.0/0          192.168.1.100   192.168.1.1        2       
 3 ADC  10.198.128.0/17    10.198.150.41   satnet             0       
 4 ADC  172.16.1.0/24      172.16.1.1      cvv                0       
 5 ADC  172.16.2.0/24      172.16.2.1      other              0       
 6 ADC  192.168.1.0/24     192.168.1.100   dlink-2540u        0

In the “Test Route” I’ve set:

Dst. Address 209.131.36.159
Gateway: pppoe-out1
Routing mark: to-pppoe

So, I’d expect all the packets for 209.131.36.159 to be routed to pppoe-out1, not any other interface.

But that doesn’t work my way. When I disable pppoe all the packets go to Backup Route 192.168.1.1 and everything is pinging fine.

What am I doing wrong???

butche · December 4, 2009, 8:11pm

Set passthrough=no on the mangle rule

cvv · December 4, 2009, 9:46pm

Hi Butche!

That doesn’t help

butche · December 4, 2009, 10:01pm

Wait! If pppoe-out1 is disabled (or goes down), then the route you put there that uses that interface goes invalid (it’ll turn blue). You can do something like this:

/ip route
add gateway=BOGUS.IP.ADDRESS dst-address=209.131.36.159 distance=100

The “BOGUS.IP.ADDRESS” does not have to exist. Here is how I do this:

/interface bridge add name=Loopback1
/ip address add interface=Loopback1 address=10.10.1.1/30

In this case, the “BOGUS.IP.ADDRESS” would be 10.10.1.2

cvv · December 4, 2009, 10:49pm

Yes actually, the route label goes blue and both the routes (Default route and Test route as they are the same pppoe) are marked unreachable.

Do you mean that as far as the route is unreachable the routing mark doesn’t work and the packets go through any other route available?

My aim is to test the pppoe interface, that’s why I want 209.131.36.159 packets go thru this only interface whether it is disabled, enabled, cable cut, provider hardware problem or whatever. I’m pinging external server, so that even if provider router is ok, but there is some problem in-the-middle, the situation is going to be noticed. If packets don’t go thru, Netwatch is supposed to trigger down event. Pretty simple.

Can’t see how could this bogus ip address help me.

butche · December 4, 2009, 11:04pm

This is because it is no longer a reachable route, since the interface is down.

Do you mean that as far as the route is unreachable the routing mark doesn’t work and the packets go through any other route available?

If the route is unreachable, the routing mark has no effect, since there is no route.

My aim is to test the pppoe interface, that’s why I want 209.131.36.159 packets go thru this only interface whether it is disabled, enabled, cable cut, provider hardware problem or whatever. I’m pinging external server, so that even if provider router is ok, but there is some problem in-the-middle, the situation is going to be noticed. If packets don’t go thru, Netwatch is supposed to trigger down event. Pretty simple.

Can’t see how could this bogus ip address help me. >

The bogus IP and bridge is there so that there is a static route that exists if the pppoe connection is down. This bogus ip idea is something I use when I need to be sure that a packet will follow a known path or none at all. I’m on too short a schedule to explain it further than that.

cvv · December 5, 2009, 9:24pm

Thanks for the hint.
I’ll try to mess with it tomorrow

cvv · December 5, 2009, 10:21pm

Yes, Butch, got your idea, finally! Silly me!

Works just fine. Thanks a million!

butche · December 5, 2009, 11:34pm

Glad I could be of assistance. Please let me know if there are other things you may need. My contact info is below.