Community discussions

MUM Europe 2020
 
kiraisme
just joined
Topic Author
Posts: 3
Joined: Tue Apr 23, 2019 5:23 am

problem with new routing mark

Tue Apr 23, 2019 5:35 am

my problem is:
i have 2 internet connection i put everyone on interface..in1 & in2
local interface named out ( interface 5 )
on ip_routes i made markrouting for every gateway as : mark routing ..in1 & in2
and for the firewall mangle i use a rule for prerouting ..scr address (some client) action: new routing mark : in1 or in2...
for now everything is ok but the problem is :
when i change from in1 to in2 in new routing mark
the internet lost for about 30 sec on the client pc
what should i have yo edit or do to change between in1 and in2 whithout loosing internet for 30 sec..
thsnks
 
sindy
Forum Guru
Forum Guru
Posts: 4214
Joined: Mon Dec 04, 2017 9:19 pm

Re: problem with new routing mark

Tue Apr 23, 2019 1:06 pm

What exactly means "internet doesn't work for 30 seconds following the change of new-routing-mark value"? If you try to ping 8.8.8.8 from a client during those 30 seconds, you get no responses? Or just the network indicator on Windows has the ugly /!\ next to it?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
kiraisme
just joined
Topic Author
Posts: 3
Joined: Tue Apr 23, 2019 5:23 am

Re: problem with new routing mark

Wed Apr 24, 2019 12:59 am

thx for reply..
if i ping 8.8.8.8 no answer and came back after about 20 to 30 seconds...
 
sindy
Forum Guru
Forum Guru
Posts: 4214
Joined: Mon Dec 04, 2017 9:19 pm

Re: problem with new routing mark

Fri Apr 26, 2019 3:14 pm

That's weird. I was assuming that these 30 seconds is the time the connections at the PC need to time out as they get broken because the packets start taking a wrong way after the change of routing-mark they get, but new connections should not be affected because already their very first packet takes the new route. So post the export (see my automatic signature for anonymization hints) and provide the exact procedure you follow to change the new-routing-mark.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
kiraisme
just joined
Topic Author
Posts: 3
Joined: Tue Apr 23, 2019 5:23 am

Re: problem with new routing mark

Sun Apr 28, 2019 6:13 am

actually this is my problem ...the pc getting broken internet and then get internet again from new source...
the solution i am searching for is i dont want to have this stop when i change the source of internet!!
for example if i change the source from dsl1 to dsl2 dont stop this 20 second... maybe i should put a rule to keep pingin for internet so when i change the pc should be prepared or something like this ...sorry maybe this is a silly solution but i am new with mikrotik ..
and thanks for helping ..you guys are amazing!
 
sindy
Forum Guru
Forum Guru
Posts: 4214
Joined: Mon Dec 04, 2017 9:19 pm

Re: problem with new routing mark

Sun Apr 28, 2019 10:03 am

actually this is my problem ...the pc getting broken internet and then get internet again from new source...
the solution i am searching for is i dont want to have this stop when i change the source of internet!!
for example if i change the source from dsl1 to dsl2 dont stop this 20 second... maybe i should put a rule to keep pingin for internet so when i change the pc should be prepared or something like this ...sorry maybe this is a silly solution but i am new with mikrotik ..
and thanks for helping ..you guys are amazing!
Initially I understood that you were switching over to the other routing-mark through configuration; from what you wrote now it seems that you had in mind that the Mikrotik started using the other routing-mark because the primary WAN has failed. Which understanding is correct?

In any case, with two uplinks with public IP addresses assigned by the respective ISPs you will always lose existing connections unless you'd have a virtual machine in some data center. The reason is that TCP and UDP sessions are identified by remote participant's IP, so the server in the internet to which your PC has established a session cannot recognize that a packet coming from the address of your WAN 2 belongs to the same session like the packets which were coming from the address of your WAN 1. Or, if you continue sending via WAN 2 with address of WAN 1 and the ISP 2 doesn't drop those packets, the server will match the packets to the session but it will send responses to address of WAN 1 which is down, so the responses won't ever arrive. So in either case the existing sessions via WAN 1 will time out, and this takes tens of seconds. Only sessions established after the failure of WAN 1 has been detected and a failover to WAN 2 has been done will come through. So the time it takes to find out that WAN 1 is down is also important.

Now the check-gateway process checks the availability of a gateway every 10 seconds, so if you use the scripting-free failover method, it takes up to 10 seconds before the routing detects the failure. With scripting the same behaviour yourself, you can lower the detection time to around 2 seconds, because you need to run a script periodically and the scheduler uses a 1 second resolution. But given the session failure detection time, lowering the uplink failure detection time from 10 s to 1 s doesn't help you much.

If you would want to prevent the existing sessions from breaking, you would need an x86 or CHR running as a virtual machine somewhere in a data center, create tunnels between your home Mikrotik and the one in the DC via both your uplinks, and use OSPF to control the failover between the tunnels. In this case, the public IP seen by the remote servers would be the one of the VM in the DC, so the sessions of your PCs wouldn't break if one of your uplinks failed because there would be no NAT between the PC and the VM in the DC, so just a couple of packets would get lost before the OSPF would detect the failure and switch over to the working path.

In this arrangement, the Single Points of Failure (SPOFs) become the two Mikrotiks, but the physical one is a SPOF in any arrangement so it doesn't really make things worse.

And yes, you can also use a "butterfly" setup with two machines at home and two machines in the DC, but it requires that you have your own IP subnet (not one assigned by an ISP) and thus can use BGP to inform the world how to route towards it, so that your IP address is not bound to any SPOF and can migrate between them.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
wfalcon
just joined
Posts: 24
Joined: Thu Mar 23, 2017 3:03 pm

Re: problem with new routing mark

Fri Jun 07, 2019 11:16 am

If you would want to prevent the existing sessions from breaking, you would need an x86 or CHR running as a virtual machine somewhere in a data center, create tunnels between your home Mikrotik and the one in the DC via both your uplinks, and use OSPF to control the failover between the tunnels. In this case, the public IP seen by the remote servers would be the one of the VM in the DC, so the sessions of your PCs wouldn't break if one of your uplinks failed because there would be no NAT between the PC and the VM in the DC, so just a couple of packets would get lost before the OSPF would detect the failure and switch over to the working path.

In this arrangement, the Single Points of Failure (SPOFs) become the two Mikrotiks, but the physical one is a SPOF in any arrangement so it doesn't really make things worse.

And yes, you can also use a "butterfly" setup with two machines at home and two machines in the DC, but it requires that you have your own IP subnet (not one assigned by an ISP) and thus can use BGP to inform the world how to route towards it, so that your IP address is not bound to any SPOF and can migrate between them.
This is actually insane! it's really really good to know such valuable information.
I've been trying to get this to work for literally 2 months now and still I couldn't find a suitable solution! I was searching for hardware devices that can do all that job (of preventing existing connections from breaking - for downloads or ssh or scp etc..) I even tried applying the "bonding" concept as described and documented on kernel.org on both a mikrotik router and a Linux based server. All my work and research results ended up in failure as I couldn't get a download session to unbreak/keep on downloading or ssh stays connected or whatever when one of the links go down.

is there anyway (ofcourse if you have time) you can "immensely" guide or talk about this in details? like what are the requirements, without the "terminal configuration", where and how they should be hosted and what's better and what's not recommended, best practices etc.. I really need this and I guess I found someone who got the knowledge!

Note: I'm an IT Admin not a network engineer, so bare with me on the networking terms and stuff =)
 
sindy
Forum Guru
Forum Guru
Posts: 4214
Joined: Mon Dec 04, 2017 9:19 pm

Re: problem with new routing mark

Fri Jun 07, 2019 11:54 pm

is there anyway (ofcourse if you have time) you can "immensely" guide or talk about this in details? like what are the requirements, without the "terminal configuration", where and how they should be hosted and what's better and what's not recommended, best practices etc.. I really need this and I guess I found someone who got the knowledge!
Open a new topic as although the OP is currently silent here, he may eventually come back and spahgetti topics are hard to follow.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Bing [Bot] and 114 guests