IP Routes:
A static route for each ISP with the respective PPPoe connection as the gateway, and a routing mark (RMISP1/RMISP2)
This works fine, and both incoming and outgoing traffic on the different range subsets is using the correct ISP,
but because I have no default route my Mikrotik can’t do DNS lookups or anything.
I’ve tried adding a default route, with a higher distance, but then my outgoing traffic for each subset of the range goes out via the default route instead of the respective ISP.
I’ve been struggling with this for two days and I’ve officially given up. Can anybody point me in the right direction?
If you mark routing for outgoing packets correctly, they’ll look in given routing table, where they’ll find only one correct route and use it. Other routes in main routing table should not matter.
Solution 1:
You don’t need two routes marked, only one is necessary. I.e. ISP1 no-mark and ISP2 RMISP2.
My setup works fine with two pppoe-client, where one pppoe with default-route=yes and the second pppoe with default-route=no. I mark the connections from range2 and works with no problems.
My code:
/interface pppoe-client
add add-default-route=yes disabled=no interface=puro-lulz name=someisp password=yyyyyy use-peer-dns=yes user=xxxxxxx
add add-default-route=no disabled=no interface=puro-lulz name=pppoe-out1 password=yyyyy user=xxxxx
/ip firewall address-list
add address=10.1.1.88 list=kz-ips
add address=10.1.1.40 list=kz-ips
add address=10.1.1.90 list=kz-ips
/ip firewall mangle
add action=mark-routing chain=prerouting comment=kz-ip new-routing-mark=kz-routing passthrough=yes src-address-list=kz-ips
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=kz-routing
## I use fasttrack on the range1 to first pppoe-client.
/ip firewall filter
add action=fasttrack-connection chain=forward routing-mark=!kz-routing src-address=10.1.1.0/24
# Of course I have one masquerade NAT rule for each pppoe-client interface.
With this you don’t have problem with DNS queries to external Name Servers.
EDITv2: Solution 2:
Or more easy than that above to solve the DNS problem, is create a mangle rule with output chain…
I don’t have that problem. Also my two pppoe are for same ISP with different IPs.
I use the RB750Gr2 (hEX) and each pppoe account has 16/2 Mb. I have 7 devices which use internets and one as seedbox (uses the marked route). I play some online games and don’t have lag, the latency is the same from the route unmarked.
With “full load”, 29/3.5 Mb, I have some peaks of 17~26% cpu, also I use switch mode and not bridge.
I has two different ISP, one on PPTP, second is ethernet.
Set one as default and mangle second is working, but connection goes to be laggy, like i said. If i delete default route with no mark, and mangle two IPS all good, but router can’t connect to update servers, ntp, etc.
Then in this case, you must use the chain output to do mangle for these services using dst-port and protocol, like the rule I showed above about DNS (Solution 2).
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
If you have much packets to process and load of cpu is high, is better have fasttrack enabled, because the fasttrack does a bypass on the firewall and others filters (are described in above link) to reduce the load.
A real example from me: Without fasttrack, the forward to another subnet is limited to 680 Mb with cpu in 100%. With fasttrack I can get 950 Mb with cpu in 86%.
I have just tried this and I end up with the exact same problem. The incoming traffic is routed through the correct routing mark, but the outgoing traffic still goes via the default route.
This did not work either. The router is still not able to do DNS lookups.
I tried modifying the rule as such:
Chain: Prerouting
Src Address: 192.168.0.254 (Mikrotik Router)
Mark Routing: Default
But the router is still not able to do DNS lookups, and ping fails with “no route to host”
It seems that outgoing traffic is using the last dialed pppOE connection. The route distances make no difference, it just choose to use the dial dialed connected.
In what situation fasttrack really help?