Two route with same gateway and dst-addres but different routing mark

ibm · August 12, 2015, 6:59am

With the following routes if I disable the route with comment loadbalancing1 the route check1 despite remains active, loses connectivity.

/ip route
add comment=loadbalancing1 distance=1 gateway=10.0.0.1 routing-mark=wan1
add comment=loadbalancing2 distance=1 gateway=10.1.0.1 routing-mark=wan2
add comment=failover1 distance=1 gateway=10.0.0.1
add comment=failover2 distance=2 gateway=10.1.0.1
add comment=check1 distance=1 gateway=10.0.0.1 routing-mark=check1
add comment=check2 distance=1 gateway=10.1.0.1 routing-mark=check2

marrold · August 12, 2015, 8:11am

If the traffic has a routing mark, and the ‘active’ route is for a different routing mark, it wont route. You need to add separate routes with different priorities, so in fail over situation marked traffic still matches a route-

Something like this-

/ ip route add dst-address=0.0.0.0/ gateway=10.10.10.1 routing-mark=data distance=1 check-gateway=ping
/ ip route add dst-address=0.0.0.0/ gateway=192.168.10.1 routing-mark=voice distance=1 check-gateway=ping
/ ip route add dst-address=0.0.0.0/ gateway=10.10.10.1 routing-mark=voice distance=2 check-gateway=ping
/ ip route add dst-address=0.0.0.0/ gateway=192.168.10.1 routing-mark=data distance=2 check-gateway=ping

ibm · August 12, 2015, 4:14pm

With the following routes if I disable the route with comment loadbalancing1 the route check1 despite remains active, loses connectivity.

/ip route
add comment=loadbalancing1 distance=1 gateway=10.0.0.1 routing-mark=wan1
add comment=loadbalancing2 distance=1 gateway=10.1.0.1 routing-mark=wan2
add comment=failover1 distance=1 gateway=10.0.0.1
add comment=failover2 distance=2 gateway=10.1.0.1
add comment=check1 distance=1 gateway=10.0.0.1 routing-mark=check1
add comment=check2 distance=1 gateway=10.1.0.1 routing-mark=check2

ibm · August 18, 2015, 4:15pm

Bump

ibm · August 24, 2015, 11:23am

Bump

ibm · October 4, 2015, 4:28pm

Bump

ulysses · October 4, 2015, 6:48pm

May I ask how are you testing your setup? What do you mean by “looses connectivity”?

ibm · October 4, 2015, 6:57pm

Doing a ping from the routerboard with the routing mark that I want to test.

ulysses · October 4, 2015, 7:07pm

Try setting a correct src-address during ping, you may have some troubles if the packet is not masqueraded, for example.

In other words, the behavior is absurd as you are describing it, so I assume that since you are not disclosing the full picture, there are other reasons for the ping to timeout.

Also, you may want to observe the ping packets with the help of /tool sniffer to see if it actually goes out of the correct interface and in is has a correct src address set.

ibm · October 4, 2015, 7:34pm

Why should I use src-address if I set already a routing mark?

ibm · October 9, 2015, 7:08pm

Bump

ulysses · October 9, 2015, 7:14pm

Did you use sniffer to look at the packets?

you should set src-address on ping in case you have multiple ip addresses assigned to the router interfaces. In that case it would select some of the ip addresses and it may be one that is going to break your policy routing rules.

ibm · October 9, 2015, 8:58pm

When I test in ping tool I set the routing mark I want to use in the advanced tab.

ibm · October 18, 2015, 10:41am

Bump

ulysses · October 19, 2015, 7:36am

So, have you checked where exactly the packets go with the sniffer?