Do you think I can still do this (associate the vlan with certain pppoe) without connection marks and routes based on marks I did in that another setup I mentioned ? If I still need these, then I could do just that without the vlans.
I attached the ip and routes from winbox, but when I exported the config, I do not have any routes or public ips in the text, I think it is because these are all set dynamically and I don’t have set any rules for them.
Dear OP. I think you have almost all possible combinations (routing rules, routing marks, bridges, VLAN). All configurations (both posts) can work.
(On the VLAN: study the complex theory in Mikrotik as @anav mentioned (documents the bridge method). Normally you bring all involved ethernet interfaces to the same bridge, if you use the “bridge method”, the other way of doing it is the “switch method”. Methods cannot be mixed). VLAN’s can be of benefit in the WAN (upstream) and LAN (downstream) hybrid connections, where you separate the VLANs later, in a Switch, Router, Server or AP.)
Do you think I can still do this (associate the vlan with certain pppoe) without connection marks and routes based on marks
If you look at your routes, one is distance1 and the other is distance 2
The default for both is one, but you entered 2 I believe for rds-home and thats why rds-work is reachable and BLACK font (being used as Main table route).
while rds-home is reachable and BLUE FONT (not being used)
It also shows you the DAC line of the network the active route is using 10.0.0.1 via rds-business and the preferred source (the IP of the rds-work)
What this means is that all traffic will go out rds work at the moment as expected due to your setup (having the shorter distance)
Now we want to move to a slightly different model… and forget adding preferred source, not the way to do it!
First step is to change the pppe client setting for distance to be 1 for the rds-home so both are equal.
Then I would create copies of the two existing routes.
Add comment to each copy so you can tell one from the original (Directing Home Users, and Directing Work Devices for example)
For the Directing home users
destination address = 0.0.0.0/0 gateway= pppoe-rds-home distance=1 Routing Mark=4_home
For the Directing work devices
destination address = 0.0.0.0/0 gateway = pppoe-rds-work distance=1 Routing Mark = 4_work
Now create two Route Rules For Directing home users
source address = 192.168.3.0/24
Table= 4_home
Action= lookup in table
For Direction work devices
source address = 192.168.4.0/24
Table = 4_work
Action = lookup in table.
The result will be that the appropriate group of users will go out the table assigned.
Alternatively in the Route Rules you could use the bridge interface,
aka use INTERFACE vice SOURCE ADDRESS ( bridgehome, bridgework )
For working without the need for mangle rules to set routing marks …
Still missing the ISP2 routing table, with ISP2 distance =1 (and if you want failover ISP1 distance=2)
Main routing table with ISP1 distance=1 and ISP2 distance=2 is OK
Remark: you can change the distance of the DHCP-client inherited default routes to a higher distance in the DHCP-client setting
"Then make a static default GW route with dst=pppoe2 as the main route (lowest distance value) and optionally a second one with pppoe1 as a backup default GW (higher admin distance value) for the "isp2" routing table. (routing-mark=isp2)
Once those exist, you can make a route rule which says if the source IP is from lan2, then action=lookup-only-in-table table=isp2"
The main table is a routing table LOL.
In the main table there can be many routes.
The simple, clean, direct way to meet the requirements of the poster is two create two route marks and direct users to the appropriately created tables 4_home and 4_work.
Case closed.
In the alternative scenario where the OP wants to play with vlans, there is no difference required for the approach to the IP Routes solution,
other than the person would use (in the route rule) vlan interfaces vice bridge interfaces, IF, the op decided not to use source address
Note that if this was two separate ISPs, not related, then the recommendation would still stand.
In the case, if one ISP went offline, the router would see that the offline Table (be it 4-work or 4-home) is not routable and would move all the associated users to the next available route in the main table., which would the default route for rds-work or rds-home depending upon which associated ISP was offfline. So backup is automatic.
So I added the two routes and created two rules (this is under routes window > rules, correct ?!)
With the attached setup, both 192.168.3.x computers and 192.168.4.x computers seem to use the “home” connection.
I tried setting the interface under rules, associating with each of the two bridges, but I didn’t see a difference.
Any ideas ? Maybe the value after action “lookup only in table” is wrong ? Do I select the mark name after that ? Or “main” ?
First thing, one should use look up in table vice look up ONLY in table, because then if one ISP is offline the other one will not be used for traffic.
In this case it doesnt matter same provider, but it does go to show that you have been a naughty boy not following instructions LOL.
I am not sure why its choosing the home connection everytime but the routes table does show only in black whereas with equal distance they both should be,
neverthelless that is the main table and if the router wants or needs to choose one a primary thats fine that should not affect your routing mark selections.
I will have to think about it…
I didn’t understand the expressions you used in first part, can you please tell me again what should be the “action” and the “table” after it ?
And I think you assumed the ISP connections would always be online or offline, but I often see the home connection having issues, while the “business” plan still works (from my ISP’s end).
I guess this part is not important for now.
Edit: it kept using home connection, then I disabled the home-pppoe, it instantly used the work connection, when I enabled both, it remained on the work one. It seems to remember routes and stick to what works, if that makes any sense.
Good to know for troubleshooting why it wont use the route mark setting.
Dont worry about the route rules, the ones you have are fine,
It may be some thing about two pppoe accounts coming on the same ethernet interface but I cannot find that documented anywhere,
Would be good to see your config as it stands now with all rules.
What is wrong is that on an /ip route rule row, routing-mark is a match field, whereas table is an output parameter to be set if all the match fields match.
routing-mark and routing table name are almost synonyms everywhere else in the configuration, but not here, as the /ip route rule rows can be used to translate one routing-mark (which has been assigned by vrf or by a mangle rule) to another one (specified in the table column).
So you rules never match, because nothing before them assigns any routing-mark to the packets. Just make the routing-mark column empty in both rules and keep the rest as you’ve shown, and it should start doing what you want.
The interface column matches on in-interface; since you match on src-address, there’s no need to match also on interface in this simple setup.
If I understand correctly it is like seeing a box named “routing mark” and is confusion because it doesn’t say “routing mark to set” or “routing mark to match”. Did I get this right ? I noticed this problem with the interface and it makes it a pain for beginners to set things up.
Edit: I tried clearing the values under routing-mark column in rules window, rest is as in above image. It didn’t change anything and set it back as in image above.
Maybe this points something out: I noticed if I uncheck the “add default route” in my two pppoe interfaces, then it doesn’t connect to internet at all, I thought it should use the two routes I manually set (as in above image).
Maybe if you all agree this needs mangle to set some connection marks and then setup the routes based on that, then I will try that
I thought it can be done without.
No you need to follow directions properly.
As sindy astutely pointed out (he has four eyes while us mere mortals have two!!.
You added the extra routing mark entry in the route rule…
READ MY INSTRUCTIONS AGAIN!!!
For the Directing home users
destination address = 0.0.0.0/0 gateway= pppoe-rds-home distance=1 Routing Mark=4_home
For the Directing work devices
destination address = 0.0.0.0/0 gateway = pppoe-rds-work distance=1 Routing Mark = 4_work
Now create two Route Rules
For Directing home users source address = 192.168.3.0/24
Table= 4_home
Action= lookup in table
For Direction work devices
source address = 192.168.4.0/24
Table = 4_work
Action = lookup in table.
Does it say anywhere to add a routing mark entry LOL.
Simply remove those and it will work.
This could be a DNS issue. Whereas the devices in 192.168.3.0/24 and in 192.168.4.0/24 use the routes with the respective routing-mark values thanks to the rules, the Mikrotik itself uses the routes in routing table main (i.e. those with no routing-mark values) for its own traffic. So if the “home” and “business” devices use the Mikrotik as their DNS server, the Mikrotik needs to forward their DNS queries, but it cannot if add-default-route is set to no on the /interface pppoe client rows (and no, there is no way to let Mikrotik forward home DNS queries via one PPPoE and business DNS queries via the other one, so if you want to separate this too, you have to tell the hosts to use external DNS servers, so their DNS queries will be routed just like any other traffic).
Mangle rules are a fine tool to select the WAN based on source and destination ports etc., not necessary for your simple case.
Remove the routing-mark values from the rules again, and once you do that, post the proper text export of the configuration rather than the screenshots.
it works now, after removing the routing marks you two mentioned Thanks !
Now I want to mess things up …
Besides this ISP with two separate connections, I also have another ISP on ether2-telekom, it would be nice if this would remain as a backup connection in case the other two from same ISP fail.
I seen I can setup distance to “2” for this “Telekom” ISP, then (for testing) I disable the two pppoe of first ISP, and now this Telekom ISP only works if I also disable the two rules in “routes rules” tab.
Maybe there is an easy way to get this working ? By adjusting the two rules maybe ?
I set that distance=2 for “telekom” isp by DHCP client, because that is how I connect that one, not by PPPOE.
By means of the rules, you choose a dedicated routing table for each source subnet. So one possibility is to add a backup default route via “Telekom” to both routing tables, home-connection-mark as well as work-connection-mark, with distance=2. Another possibility is to change the action=lookup-only-in-table in the rules to just action=lookup, which means that if no matching active route can be found in the routing table indicated, a matching route in routing table main is used. And the DHCP client adds the route to routing table main.
None of the ways above provides a backup against a problem at ISP side, where the PPPoE connection is OK but ISP’s own connection to internet is broken, as in such a situation, the primary route via PPPoE stays active, so the backup one is not used. To eliminate this, you need a more advanced setup (but you still don’t need mangle rules ).
The fact that the primary routes are PPPoE ones complicates that setup a bit. Too late here, won’t say more today.
Nice, that worked, adding a “distance 2” route for my Telekom backup ISP, and changed the existent rules from “lookup only in tables” to “lookup”.
It now switches to my backup isp if the other two fail.
Thanks !
I will search a bit to see what “lookup” vs “lookup only in tables” does.
As I explained, LOOKUP tells the router for the source address traffic or interface identified, to use the table identified in the route rule instead of the main table.
If the table being pointed too is not available, lets say the ISP is offline, then the router will revert to the next available route in the main table for that traffic (with source address or interface).
LOOKUP ONLY in table is a stronger command in the sense that EVEN IF the ISP is down, the router will NOT revert to the main table to look for a reachable route to pass the traffic.
In other words, there is no backup potential, use only this table and nothing else.
Thanks !
…
).