Community discussions

MikroTik App
 
nemoforum
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Thu Jan 05, 2017 11:08 pm

ROS 7.0beta5 mark based routing BOOTLOOP

Fri Feb 14, 2020 12:26 am

Hello, everyone.
FYI: I already spent some time with support in ServiceDesk, the ticket number SUP-5149.

I'm trying to get mark based routing working. This config (idea) was perfectly working on the latest ROS 6.xx beta.

Router info:
architecture-name: arm
board-name: hAP ac^2
cpu-count: 4
cpu-frequency: 716MHz
cpu: ARMv7
current-firmware: 7.0beta5 (tested as well on 7.0beta4)
firmware-type: ipq4000L
model: RouterBOARD D52G-5HacD2HnD-TC
platform: MikroTik
routerboard: yes

I have a regular home router config except:
/interface bridge
add name=br-wan protocol-mode=none

/interface vlan
add interface=ether2 name=vlan10 vlan-id=10

/interface bridge port
add bridge=br-wan hw=no interface=ether1-wan
add bridge=br-wan interface=vlan10
So, what I'm trying to do:
1. Create L2TP IPSec VPN connection
2. Mark some packets with routing mark based on belonging target IP to the IP address list
3. Route marked packets to the VPN
/interface l2tp-client
add connect-to=my.super.vpn disabled=no ipsec-secret=IPSECSECRET name=\
my.super.vpn password=PASSWORD profile=default use-ipsec=yes user=\
USERNAME

/ip firewall address-list
add address=87.240.128.0/18 list=MYLIST
add address=93.186.224.0/20 list=MYLIST
add address=95.142.192.0/20 list=MYLIST

/routing table
add fib name=ua vrf=main

/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=MYLIST \
    new-routing-mark=ua passthrough=yes

/ip route
add gateway=my.super.vpn@ua
Once I add the route (run last two lines) the router reboots in 0..30 seconds.
Then, after router boots, there is only 5..10 sec to disable/delete the route before the VPN connection became active, otherwise the router reboot again and again.

Does anyone is running into the same issue?

PS: I've tried to reset router configuration (without installing default one) and configured the router from scratch.
 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Tue Nov 03, 2020 8:18 pm

Sorry to pull out this old post.
have you been able to fix the reboot, and is the routing mark setup as proposed by you the right way to do this?

I am looking to migrate my routing-mark based routing from R6 to R7 and are lost for now with the new way in R7.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Tue Nov 03, 2020 9:58 pm

 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Wed Nov 04, 2020 1:00 pm

Yes I am, but don't see any info in that thread on this with concrete example.
Also the version referred to are different.
I have Chateau with 7.0.1 and not clear what works, what not in that release.
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Wed Nov 04, 2020 11:46 pm

I have Chateau with 7.0.1 and not clear what works, what not in that release.
ros 7.0.1 ~ ros7.1beta3

New Route Tables..
https://help.mikrotik.com/docs/display/ ... icyRouting
 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Thu Nov 05, 2020 10:20 am

SiB,

Thank you (again) for steeping in.

I have seen this. But R7 wiki also states:
Instead of routing rules, you could use mangle to mark packets with routing-mark, the same way as it was in ROSv6.
What that this means?
When you try to use routing mark within IP/ROUTE it is not allowed.
we have /routing and /ip/route/ ... what the hell is this? I am getting confused, where are routing marks allowed.

And you can not do a top level export in /routing, you need to go into each sub section "rules", "tables" etc. to export current settings

For now I find this routing in R7 is a mess!

I am not routing expert, so especially missing explanation and examples is making Chateau and R7 quit un-usable to me for now.
What I am looking for is a simple failover example with the R7 from where to start to understand how to make more complex systems.
The Wiki with strike through text, comments, add on, text removals is not giving any additional information.

Again, I have no idea about OSPF, BGB etc. which might the why I don't get it.
But considering that Chateau is clearly a home/SOHO device one should be able to set it up correctly, which includes policy based routing.
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Thu Nov 05, 2020 11:39 am

v7 Routing Protocol Status: https://help.mikrotik.com/docs/display/ ... col+Status

In mangle you have the way to select your traffic the same way and more... and next do action mark-route who send selected traffic to your own route table .
This is the same what you receive in route rules before

PS I focus at helping in LTE that's why I not give you a example rules, I hope you understand.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Thu Nov 05, 2020 12:14 pm

routing-marks can be used the same way as it was in v6, with one difference, you need to add table first in /routing table menu.
This is mentioned in the first sentence:
https://help.mikrotik.com/docs/display/ ... icyRouting
 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Thu Nov 05, 2020 5:04 pm

Hi MRZ,

As you are the "expert", maybe you can provide simple example taken from R6, and translate this into R7:

This is how you would do policy based routing in R6 (I removed recursive part) for failover or load balancing:
192.168.x.x are the two IP of upstream modems/LTE/DSL/PON just as example in this case.
/ip route
add check-gateway=ping gateway=192.168.1.1 routing-mark=to_WAN1 distance=2
add check-gateway=ping gateway=192.168.2.1 routing-mark=to_WAN2 distance=2
add check-gateway=ping gateway=192.168.1.1 distance=3
add check-gateway=ping gateway=192.168.2.1 distance=4
How would this be done in R7 code?

Thank you so much!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Fri Nov 06, 2020 3:53 pm

You should look at the article again, it explains everything:

The same example as in the manual with plugged in your table name and gateway
/routing table add name=to_WAN1 fib
/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1@main routing-table=to_WAN1
Hope you will figure out how to change values for other routes.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Fri Nov 06, 2020 6:17 pm

The article could include few more details:

1) Routing table's fib parameter:
... fib parameter should be specified if the routing table is intended to push routes to the FIB.
Some simple and easy to understand examples when we do and don't want this would be nice.

2) The @main in gateway=172.16.1.1@main. Since most people don't read manuals and therefore don't know that such parameter already existed before v7, they will wonder what it is, why it's suddenly there, if it's mandatory or can be omitted, etc. Some hints about that would help.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROS 7.0beta5 mark based routing BOOTLOOP

Fri Nov 06, 2020 6:23 pm

@main is not mandatory, but is useful to know, because v7 allows to resolve gateways in other tables than main

Who is online

Users browsing this forum: DimaFIX, JDF and 18 guests