Community discussions

MikroTik App
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Route traffic between two interfaces

Fri Feb 24, 2017 2:41 pm

Hello.
Two days ago I just bought this good device CRS125-24G-1S. Now I have problem with routing the traffic between the ports ether9 and ether10
The router is configured to act as home gateway but on ports ether9 and ether10 I have multicast traffic which is very important for my two servers and I want to isolate this traffic from DHCP server because is flooding all the time.
I hope you understand .

Here is my setup
Server 1 Centos7 have two NIC'S one is connected to DHCP server and works ok for public.
But second NIC is eno2 has ip 10.15.14.5 and is connected to ether9
Server 2 Centos7 have two NIC'S and first one is connected to DHCP server for public traffic.
Second NIC is enp8s0f1 has ip 10.15.15.5 and is connected to ether10
The problem is that both servesr are not communicating with each other .

Server1 is not able to ping Server 2
[root@~]# ping 10.15.15.5
PING 10.15.15.5 (10.15.15.5) 56(84) bytes of data.

Server2 not talk with Server1
[root@~]# ping 10.15.14.5
PING 10.15.14.5 (10.15.14.5) 56(84) bytes of data.

Server1 route table
[root@~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eno1
10.15.14.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
224.0.0.0 0.0.0.0 240.0.0.0 U 0 0 0 lo

Server 2 route table
[root@~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 enp8s0f0
10.15.15.0 0.0.0.0 255.255.255.0 U 0 0 0 enp8s0f1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp8s0f0

CRS125-24G-1S can talk with both servers
[admin] > ping 10.15.14.5
SEQ HOST SIZE TTL TIME STATUS
0 10.15.14.5 56 64 1ms
1 10.15.14.5 56 64 0ms
2 10.15.14.5 56 64 0ms
3 10.15.14.5 56 64 0ms
sent=4 received=4 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms

[admin@] > ping 10.15.15.5
SEQ HOST SIZE TTL TIME STATUS
0 10.15.15.5 56 64 0ms
1 10.15.15.5 56 64 0ms
2 10.15.15.5 56 64 0ms
3 10.15.15.5 56 64 0ms
sent=4 received=4 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

Also both servers can ping CRS125-24G-1S but they can't commmunicate with each other on eth9 and eth10 .

here is my setup config from CRS125-24G-1S
# feb/24/2017 12:28:18 by RouterOS 6.36.3
/interface ethernet
set [ find default-name=ether1 ] comment=WAN mac-address=F4:xx:6D:xx:40:xx name=ether1-WAN
set [ find default-name=ether2 ] comment="DHCP server"
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether6 ] master-port=ether2
set [ find default-name=ether7 ] master-port=ether2
set [ find default-name=ether8 ] master-port=ether2
set [ find default-name=ether9 ] comment=multicast
set [ find default-name=ether10 ] comment=multicast
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] disabled=yes
set [ find default-name=ether14 ] disabled=yes
set [ find default-name=ether15 ] disabled=yes
set [ find default-name=ether16 ] disabled=yes
set [ find default-name=ether17 ] disabled=yes
set [ find default-name=ether18 ] disabled=yes
set [ find default-name=ether19 ] disabled=yes
set [ find default-name=ether20 ] disabled=yes
set [ find default-name=ether21 ] disabled=yes
set [ find default-name=ether22 ] disabled=yes
set [ find default-name=ether23 ] disabled=yes
set [ find default-name=ether24 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes

/ip neighbor discovery
set ether1-WAN comment=WAN discover=no
set ether2 comment="DHCP server"
set ether9 comment=multicast
set ether10 comment=multicast

/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254

/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 always-broadcast=yes disabled=no interface=ether2 name=dhcp1

/ip address
add address=10.10.12.235 comment="WAN WAN" interface=ether1-WAN network=10.10.12.0
add address=192.168.1.1/24 comment="DHCP server" interface=ether2 network=192.168.1.0
add address=10.15.14.1/24 interface=ether9 network=10.15.14.0
add address=10.15.15.1/24 interface=ether10 network=10.15.15.0

/ip dhcp-server lease
add address=192.168.1.107 mac-address=6C:xx:xx:66:80:xx server=dhcp1
add address=192.168.1.97 mac-address=2C:xx:D7:51:xx:A8 server=dhcp1

/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1

/ip dns
set servers=213.1xx.160.x8,21x.xx.1x0.19

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN
add action=dst-nat chain=dstnat dst-port=7560 in-interface=ether1-WAN protocol=tcp to-addresses=192.168.1.107 to-ports=7560
add action=dst-nat chain=dstnat dst-port=1864 in-interface=ether1-WAN protocol=tcp to-addresses=192.168.1.107 to-ports=1864

/ip route
add distance=1 gateway=ether1-WAN

/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

/system identity
set name="myrouter"

/system routerboard settings
set protected-routerboot=disabled
 
User avatar
reidavidinho
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Mon Jul 25, 2016 11:11 am
Location: Ibadan, Nigeria
Contact:

Re: Route traffic between two interfaces

Fri Feb 24, 2017 3:07 pm

Confirm if the interfaces you are trying to use are not slaves under the master port.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: Route traffic between two interfaces

Fri Feb 24, 2017 3:24 pm

They are not slaves ether9 and ether10
 
Rudios
Forum Veteran
Forum Veteran
Posts: 972
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: Route traffic between two interfaces

Fri Feb 24, 2017 3:45 pm

I guess both servers are using their default gateway (192.168.1.1) and therefore their ether2 connected slave.
I would create a dedicated route on both servers, that if the other server is the destination, forward the packet to the 10.15.x.1 gateway.
Last edited by Rudios on Fri Feb 24, 2017 4:14 pm, edited 1 time in total.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: Route traffic between two interfaces

Fri Feb 24, 2017 4:04 pm

Rudios: Yes both servers have default gateway 192.168.1.1
I add these routes.
But I have the same problem. They are not communicating

Server1
route add -net 10.15.15.0 netmask 255.255.255.0 gw 10.15.15.1 dev eno2

Server2
route add -net 10.15.14.0 netmask 255.255.255.0 gw 10.15.14.1 dev enp8s0f1
 
User avatar
blajah
Member Candidate
Member Candidate
Posts: 222
Joined: Fri Jun 12, 2015 8:58 pm
Location: Belgrade, Serbia
Contact:

Re: Route traffic between two interfaces

Sat Feb 25, 2017 9:35 pm

Can you ping respective interfaces IP addresses from servers - 10.15.x.1?
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: Route traffic between two interfaces

Sat Feb 25, 2017 9:56 pm

Can you post the routing table from Router?
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: Route traffic between two interfaces

Sat Feb 25, 2017 10:32 pm

Routing table from router
jpg.JPG
Now i have reinstalled the both servers and mikrotik router also.

Server1 eno2 10.15.14.5
I can't add this route
[root@]# route add -net 10.15.15.0 netmask 255.255.255.0 gw 10.15.15.1 dev eno2
SIOCADDRT: Network is unreachable
server1.JPG

Server2 enp8s0f1 10.15.15.5
Also this route command not working
[root@]# route add -net 10.15.14.0 netmask 255.255.255.0 gw 10.15.14.1 dev enp8s0f1
SIOCADDRT: Network is unreachable
server2.JPG
Both networks are not reachable between
You do not have the required permissions to view the files attached to this post.
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: Route traffic between two interfaces

Sun Feb 26, 2017 5:48 am

You typed wrong the gateways, so it cannot be added.
[root@]# route add -net 10.15.15.0 netmask 255.255.255.0 gw 10.15.15.1 dev eno2
SIOCADDRT: Network is unreachable
> Must be: route add -net 10.15.15.0 netmask 255.255.255.0 gw 10.15.14.1 dev eno2

I have tested in a environment like of your and i taken my conclusions.
My environment:
VM1: 10.1.1.227/24 gw 10.1.1.1 metric 2 dev enp0s3 | vlan150 192.168.248.2/29 gw 192.168.248.1 metric 450 dev enp0s3.150
VM2: 10.1.1.224/24 gw 10.1.1.1 metric 3 dev enp0s3 | vlan151 172.31.255.2/29 gw 172.31.255.1 metric 451 dev enp0s3.151
Router: 10.1.1.1/24 | vlan150 192.168.248.1/29 | vlan151 172.31.255.1/29
Without the below routes, don't work, with these routes, work fine.

You must add a route in each server.
Server1: route add -net 10.15.15.0/24 gw 10.15.14.1 dev eno2
Server2: router add -net 10.15.14.0/24 gw 10.15.15.1 dev enp8s0f1
With this, you tell where the packet should go, otherwise the packet gets lost in routing.
Even CRS with routes correct and the servers without the routing table defined, the servers not reply, i don't know why this happens... Then you must add the routes from code in each server to work fine.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: Route traffic between two interfaces

Mon Feb 27, 2017 10:56 am

@null31: Thank you very much . It works excellent!!

Who is online

Users browsing this forum: Ahrefs [Bot] and 36 guests