Simultaneously Route and Bridge

boomalator · May 28, 2014, 6:59am

[Moved to an appropriate forum. Apologies if you’ve seen this twice.]

Many, many, many days ago, Chupaka wrote an interesting comment in this thread: http://forum.mikrotik.com/t/graph-change/19524/1

He said “you do not need use only bridge - drop unicast traffic on bridge, route unicast traffic on standard manner”.

This might be just the solution for what I need to do, but I want to see if it’s possible and if I understand it.

At the moment, I have a client site with an absolutely immutable business requirement that traffic from certain hosts that is sent from a specific UDP port, as a 255.255.255.255 (FF:FF:FF:FF:FF:FF) broadcast, MUST be available everywhere on the LAN. This not up for debate, it’s an essential real-time line-of-business application. This, however, means that a 300-acre site with nearly 500 devices is being run as a big honking huge bridged LAN (no routing). We’ve kept things tolerable by ensure that the LAN is Gigabit everywhere, but we sometimes have 1.5 mbits of broadcast traffic (mostly arp), and troubleshooting is hard. We have the ability to ROUTE the LAN (as sensible people would do) but keep hitting this roadblock of needing this one broadcast to go everywhere.

A colleague suggested using the Mikrotiks as “Brouters”, but I wasn’t sure how to implement it.

Would this work:

Assume a simplified sample network as in the diagram.

Assign IP addresses to each of the ethernet interfaces (not to the bridge)
Create a Bridge
Add both ethernet ports to the bridge
Configure the Bridge to use the firewall (/int bridge settings set use-ip-firewall=yes)
Create a bridge filter rule to allow our one particular UDP packet (/int bridge filter add)
Create a bridge filter rule to deny everything else
Add default gateway routes and any other routing needed

That sounds too simple to be true.

If a unicast packet then comes along and RouterOS tries to bridge it, and its dropped, where/how would RouterOS “know” that I now want it to be routed? I have been trying to wrap my head around how this unicast packet, addressed to a different subnet, but with both subnets on bridge ports would be handled by the “bridging decision” in the packet flow diagram (http://forum.mikrotik.com/t/new-packet-flow-diagram/66252/1).

I am going to set up some tests with a couple of 750GL’s, but any other insight would be helpful and appreciated.

Thanks!
Boomalator (aka Byron)

AlexS · May 28, 2014, 8:16am

is this one way communication ? You could look at a proxy to do this. I remember seeing one written for games that were lan only, some wrote a proxy to take udp broadcast and router and re broadcast..

your solution
sounds okay at first glance.

Sounds like a silly setup, but … such is life

boomalator · May 28, 2014, 3:10pm

Yes, it is one way. It’s an application that times and scores a sports event, and broadcasts the results in real time to devices including scoreboards, message screens, and PCs. It’s actually a reasonably elegant solution – if the the network only has a few devices. It’s efficient and fast. The application itself isn’t the issue, it’s all of the other broadcast traffic that exists on a network segment.

They actually have a proxy-like tool for the web site. There is an intermediary that listens for the broadcasts and then pushes data to the Web server. However, we cannot make any changes to the “listeners” (receiving hosts), some of which are not PCs; and multiple proxies would introduce a new set of concerns.

Still working on the concept of routing and bridging at once. Mikrotik’s can do some amazing things…