Community discussions

MUM Europe 2020
 
limaunion
just joined
Topic Author
Posts: 18
Joined: Sun Sep 03, 2017 5:51 pm

Couple of doubts: routable subnets

Sat Nov 11, 2017 5:52 pm

Hi! I'd like to validate if my assumptions are correct.
Here's my situation and requirements:

- Switches are non manageable
- Two different internal subnets
- Two different WAN ports (Internet)
- Each subnet must reach the Internet using its own cable modem (bridge mode).
- There's a server in common, so both subnets should be routable between them.
- Firewall/NAT rules + DHCP-server + DNS for each subnet

You'll find below a diagram for better understandibility.

Can the rb750 support all this? is a routable VLAN the way to go? or is there a better alternative?
Thanks so much for any input!
ndesign2.png
!
You do not have the required permissions to view the files attached to this post.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1062
Joined: Fri Jul 28, 2017 2:53 pm

Re: Couple of doubts: routable subnets

Sat Nov 11, 2017 6:48 pm

Easy. Of course, if cable modems will connect to RB by ethernet.
 
User avatar
blajah
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Jun 12, 2015 8:58 pm
Location: Belgrade, Serbia
Contact:

Re: Couple of doubts: routable subnets

Sat Nov 11, 2017 8:58 pm

Hi,
You do not need VLANs if you do not have reason to use them. Easiest way to accomplish this is to use Eth1 for ISP1, Eth2 for ISP2, eth 3 for 1st LAN subnet ( connection to 1st switch) and Eth4 for 2nd LAN subnet. At this point you have a just phisically connected network segments, and now you want to include some logic to them. You could start with access control between network segments, because router is routing all traffic between directly connected networks. After this, you want to set-up routing. You could use this as guide.
I have bigger routing table.
 
limaunion
just joined
Topic Author
Posts: 18
Joined: Sun Sep 03, 2017 5:51 pm

Re: Couple of doubts: routable subnets

Sun Nov 12, 2017 3:17 am

Thanks for your answer but excuse my ignorance. Following your example:

eth1 = isp1
eth2 = isp2
eth3 = lan1
eth4 = lan2

How can I logically link eth1 with eth3 and eth2 with eth4? Do I need to set up 2 different switch groups? the problem is that the rb750 only supports one switch group afaik. You mention 'access control' but I couldn't find anything related to this. The link you provided talks about address lists, I'm reading about that.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1062
Joined: Fri Jul 28, 2017 2:53 pm

Re: Couple of doubts: routable subnets

Sun Nov 12, 2017 10:50 am

You will need routing marks by firewall mangle.Like:

Address lists:

/ip firewall address-list add address-list=CableModem1 address=192.168.1.0/24
/ip firewall address-list add address-list=CableModem2 address=192.168.2.0/24

Interfaces of your two Uplinks for cable modems:

/ip address
add address=1.1.1.2/29 interface=ether1
add address=2.2.2.2/29 interface=ether2

NAT Masquerade with your Uplinks:

/ip firewall nat
add action=masquerade chain=srcnat src-address-list=CableModem1 out-interface=ether1
add action=masquerade chain=srcnat src-address-list=CableModem2 out-interface=ether2

Marking your input in your Cable modem 1 and output for your LAN1 from your Cable modem 1

/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1 new-connection-mark=Input/ISP1
add action=mark-routing chain=output connection-mark=Input/ISP1 new-routing-mark=ISP1 src-address-list=CableModem1 passthrough=no

Marking your input in your Cable modem 2 and output for your LAN2 from your Cable modem 2

/ip firewall mangle
add action=mark-connection chain=input in-interface=ether2 new-connection-mark=Input/ISP2
add action=mark-routing chain=output connection-mark=Input/ISP2 new-routing-mark=ISP2 src-address-list=CableModem2 passthrough=no

Route rule, in order to look the routes, marked with routing mark ISP1 only in routing table ISP1

/ip route rule
add action=lookup-only-in-table routing-mark=ISP1 table=ISP1


Route rule, in order to look the routes, marked with routing mark ISP2 only in routing table ISP2

/ip route rule
add action=lookup-only-in-table routing-mark=ISP2 table=ISP2

Default routes, marked with name ISP1 and ISP2.

/ip route
add distance=1 gateway=1.1.1.1 routing-mark=ISP1
add distance=1 gateway=2.2.2.1 routing-mark=ISP2

Read more about mangle, marking packets and routes:

https://wiki.mikrotik.com/wiki/Manual%3 ... all/Mangle
 
limaunion
just joined
Topic Author
Posts: 18
Joined: Sun Sep 03, 2017 5:51 pm

Re: Couple of doubts: routable subnets

Sun Nov 12, 2017 2:26 pm

Thanks so much! really appreciate it.
I'll try your configuration at my home lab.
 
limaunion
just joined
Topic Author
Posts: 18
Joined: Sun Sep 03, 2017 5:51 pm

Re: Couple of doubts: routable subnets

Sun Nov 12, 2017 2:56 pm

>Interfaces of your two Uplinks for cable modems:
>
>/ip address
>add address=1.1.1.2/29 interface=ether1
>add address=2.2.2.2/29 interface=ether2

Will this work if my ISP offers only dynamic IP addresses?
 
stoser
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Aug 21, 2016 12:04 am

Re: Couple of doubts: routable subnets

Sun Nov 12, 2017 4:48 pm

The thread that @blaja linked to, and the PCC load balancing page referenced within that thread, describe all of the necessary details to accomplish what you are trying to do. Based on your continuing questions, I don't believe that you have read them, studied them, and internalized them. If you need additional instructional pages, search for some of the concepts that I will reference in the next few sentences: What you are essentially trying to do is a primitive form of load balancing, whereby one subnet always goes out of one gateway, and another subnet always goes out another gateway. You need to specify routing marks for traffic coming from each subnet, and then use those routing marks to specify which gateway to go out of. If each subnet ALWAYS goes out of 1 gateway, then you don't need to specify connection marks (so you can skip that part of the PCC wiki). You will obviously need to NAT (masquerade) the outgoing traffic for both routing marks.

To answer your last question: yes, it will work with dynamic ISP addresses, but you will not reference the dynamic WAN addresses in your mikrotik rules. You can either use the internal LAN addresses of your modems and have the cable modems perform as routers and perform NAT, or, if your cable modem can be put into bridge mode and the Mtik can handle the connection, you can use the Interface Name that you specify in the Mtik for that connection. There are countless threads and WIKI pages describing these processes. I remember learning how to do this years ago, years before I even joined the forum, simply by searching for similar threads with google. I can assure you that the information is already out there, and that it has been rehashed countless times.

Kind regards,
 
limaunion
just joined
Topic Author
Posts: 18
Joined: Sun Sep 03, 2017 5:51 pm

Re: Couple of doubts: routable subnets

Sun Nov 12, 2017 5:45 pm

Thanks @stoser! I have more than enough information now.
Best regards.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1062
Joined: Fri Jul 28, 2017 2:53 pm

Re: Couple of doubts: routable subnets

Mon Nov 13, 2017 10:27 am

>Interfaces of your two Uplinks for cable modems:
>
>/ip address
>add address=1.1.1.2/29 interface=ether1
>add address=2.2.2.2/29 interface=ether2

Will this work if my ISP offers only dynamic IP addresses?
It's just example =)

Who is online

Users browsing this forum: No registered users and 15 guests