I have an EdgeRouter-X and a Mikrotik CRS328 switch. I am thinking about replacing the EdgeRouter-X with a Mikrotik RB5009UG+S+IN to take advantage of my symmetric gigabit internet connection. I assume all of the basic stuff can be replicated on this device (e.g. VLANs, firewall rules, etc.) but there are two mildly unusual functions my current router does that I am not sure if the RB5009UG+S+IN supports:
I use “bcast-relay” to route broadcast packets on specific ports across VLANs. The reason for this is that I have devices that can only be discovered by their apps via broadcast packets, but those devices are on a separate VLAN with no internet access. Example:
service {
bcast-relay {
id 1 {
interface switch0.300
interface switch0.100
port 30050
}
}
}
This allows devices on VLAN 100 (trusted LAN) to send broadcast packets on port 30050 to devices on VLAN 300.
I use a static ARP to re-transmit wake-on-LAN packets across VLANs for similar reasons:
This allows me to wake devices on the 192.168.3.0/28 network by sending a wake-on-LAN packet to 192.168.3.13 with the MAC address set to the device’s MAC.
Can I do both of these things on a Mikrotik RB5009UG+S+IN? Thanks for any help.
Not sure how this would be done as the same commands dont translate directly but there are ways to achieve almost anything.
Zerotier functionality would create it such that you could put any two vlans on the same virtual switch to achieve the same effect I believe.
I think it from this GitHub project: https://github.com/britannic/ubnt-bcast-relay . So it’s actually L3 broadcast messages, on a specific port, that it need to forward. Not multicast packets.
So what need to be replicated is if a packet is sent to 255.255.255.255:30050 on a VLAN/subnet (pvid=300), it’s gets COPIED also to another VLAN/subnet (pvid=100). And vise versa. I’m not so sure that’s so easy in RouterOS (and not a built-in feature on UBNT either it seems).
Broadcast scope is kinda what makes a L3 subnet a subnet, so we’re well outside the standards here. The firewall can’t manufacture new broadcast packets… While I suppose bridging via ZeroTier with a flow rule to limit only this specific broadcast would work…but now you’ve introduced ZeroTier machinery to copy just a few packets.
But if you relaying broadcasts, it may time to ask if the things that need this really need to be in a separate VLAN… and if bridge filtering accomplish the purpose as a VLAN so you can have common subnet for your VLAN 100 and 300 and thus avoid “bcast-relay” need.
afaik, both edgerouter and mt they have different underlying systems. the first being freebsd xorp vyatta like system, and the other one is linux iptables like system.
so, mt as a second language has its own implementation.
as far as service broadcast relay concerned,
i think it should be similar to those dhcp or smb relay. so i maybe it is doable.
input or prerouting interface, output or postrouting Interface, forward chain, proto tcp udp port, accept.
mikrotik have /tool wol on help page. so maybe you can check it out for your requirement.
Never heard of having common subnets for different VLANs. It seems more complicated to me to put the devices onto the trusted VLAN and create firewall rules to lock them down specifically than to just put them on a separate VLAN (which already has those lockdowns) and use a broadcast relay to get around the crappy design of the associated app.
If this can be initiated via an ssh command to the Mikrotik router, and the router can send WoL packets to any VLAN/subnet then I think that might work, thanks.
Get your need. More I dunno how you’d do this without some complexity I think is my larger point. Perhaps a container would work since we’re talking about RB5009, but even with only one interface to containers, means the container needs to be configured with your VLANs too.
Since there is no mDNS or SSDP proxy builtin either (which are actually a UBNT built-in feature), this proxy’ing discovery across VLAN has come up before. Mikrotik’s response is typically:
So easy to imagine a broadcast proxy may not be in the cards as a supported feature. But I’m pretty sure a container could fill in this need, at least on the RB5009 – which is a nice router & supports containers.