Send all traffic from host to specific GW: performance issue ?

warenbe · April 15, 2023, 9:06am

Hi
i trying to send all traffic from host 192.168.11.100 to a specific gateway

here is what i did:

# created specific table
/routing table add disabled=no fib name=VersOrange
# created a routing to specific carrier for this table
/ip route add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-orange routing-table=VersOrange scope=30 suppress-hw-offload=no target-scope=10
# Added mark for packets coming from the carrier
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-orange new-connection-mark=Orange-conn
# marking connection from the specific host
/ip firewall mangle add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge new-connection-mark=Orange-conn passthrough=yes src-address=192.168.11.100
# Marking packets When they have a specific connection mark
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=Orange-conn in-interface=bridge new-routing-mark=VersOrange passthrough=yes

When i check, i see that packets from the host seems to go through the correct gateway.
but the performance is absolutely awfull: for example, doing a iperf from the host give 410 Kb/s. (this is a gigabyte optical fiber)
what do i miss ?

anav · April 15, 2023, 10:58am

Why did you use mangling…??

All you need is
Table.
Route
AND
ROUTING RULE

add action=lookup src-address=192.168.11.100 table=useOrange

if you never want the host to access the main table if orange is down, then switch action to action=lookup-only-in-table

warenbe · April 15, 2023, 1:35pm

That’s something i tried also, but it does not work. that’s why i tried with mangling.

/routing table add disabled=no fib name=VersOrange
/routing rule add action=lookup dst-address=::/0 src-address=192.168.11.100/32 table=VersOrange
/ip route add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-orange routing-table=VersOrange

and here is the current routes

[admin@RouterOS] > ip route print
Flags: D - DYNAMIC; A - ACTIVE; c, s, d, v, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS       GATEWAY            DISTANCE
  D v 0.0.0.0/0         pppoe-orange              3
  DAd 0.0.0.0/0         xxx.xxx.5.254              2
0   s 0.0.0.0/0         10.0.0.1                 10
  DAc 10.0.0.0/24       ether3 Backup_4G          0
  DAc 10.10.10.0/24     bridge                    0
  DAc 78.196.5.0/24     ether2 Fibre_Free         0
  DAc 192.168.11.0/24   bridge                    0
  DAc 193.253.160.3/32  pppoe-orange              0
1  As 0.0.0.0/0         pppoe-orange              1

but, the host still use the GW xxx.xxx.5.254 instead of pppoe-orange

warenbe · April 15, 2023, 5:13pm

as seens here:
http://forum.mikrotik.com/t/routing-rule-not-working/151983/5

removing/recreating the routing rule solved the issue
defintly a bug
i’m with 7.8.

anav · April 15, 2023, 6:10pm

Switch to 7.9rc2 works well for me!
You dont need to mangle

warenbe · April 15, 2023, 7:14pm

thx i’ll do

warenbe · April 15, 2023, 7:41pm

working fine with rc3.

warenbe · April 25, 2023, 9:09am

Well i have another question related to this

so, i have the host 192.168.11.100 , this host must use a specific gateway
so i have a routing table, and routing rules like this:

/routing table add disabled=no fib name=VersOrange
/routing rule add action=lookup disabled=no src-address=192.168.11.100/32 table=VersOrange

Works well, my host use this gateway.
so, now my routes are like this:

Flags: D - DYNAMIC; A - ACTIVE; c, s, d, v, y - BGP-MPLS-VPN
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS       GATEWAY            DISTANCE
  D v 0.0.0.0/0         pppoe-orange              3
  DAd 0.0.0.0/0         xxx.xxx.xxx.254              2
0   s 0.0.0.0/0         10.0.0.1                 10
  DAc 10.0.0.0/24       ether3 Backup_4G          0
  DAc xxx.xxx.xxx.0/24     ether2 Fibre_Free         0
  DAc 192.168.11.0/24   bridge                    0
  DAc xxx.xxx.xxx.3/32  pppoe-orange              0
1  As 0.0.0.0/0         pppoe-orange              1
2  As 0.0.0.0/0         ether2 Fibre_Free         1
3  As 0.0.0.0/0         ether3 Backup_4G          1

We use the gateway xxx.xxx.xxx.254 with metric 2 for all hosts
And for the host with ip 192.168.11.100 we use the pppoe-orange gateway

but now my hairpinning nat rules does not work for the host 192.168.11.100
to get it working, i had to add this line:

/ip route add disabled=no dst-address=192.168.11.0/24 gateway=bridge routing-table=VersOrange suppress-hw-offload=no

that seems logic after all.
so, if we want to use multiple routes tables with different route policy, we have to add the local network in all tables ?
or is it because i made something unusuall ?
what is the good practice for this kind of scenario ?