Page 1 of 1

separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Posted: Tue Jul 23, 2019 9:18 am
by roswitina
I have a Mikrotik rb3011uias with the current firmware 6.46beta9testing.
I want to manage up to 4 separate internet accesses on this microtic.

ISP1 <-> LAN1; ISP2 <-> LAN2 ....

I don't want bundling and load balancing.

What is the simplest way to achieve this cleanly and transparently on the rb3011? I assume that Mangle - Roules will help me. How would I do that?
Is there another way that might be "easier"?
Internet accesses all have 200/40 MBit. Can I take full advantage of this solution (several separate ISPs on one microtic) for all accesses?

Rosi

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Posted: Tue Jul 23, 2019 9:37 am
by sindy
Rather than mangling I'd use VRF in this case. With VRF, the routing-mark is assigned based on the in-interface of the packet, without any /ip firewall mangle or /ip route rule rules, and there is also no fallback to routing table main if no route with that routing-mark is found.

/ip route vrf add routing-mark=isp2 interfaces=wan-isp2,lan-isp2 will ensure that whatever comes in via one of these interfaces will get a routing mark isp2, and also that the dynamically added routes to connected subnets attached to those interfaces will be marked with that routing-mark. And by adding a default route through ISP2's gateway with routing-mark=isp2 you're done.

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Posted: Tue Jul 23, 2019 11:15 am
by roswitina
That sounds good. i'll try it and share my experience with you.

Question:
Do I have to set up a source NAT rule (masquerade) for each LAN with the respective routing-mark?

thank you

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Posted: Tue Jul 23, 2019 12:02 pm
by sindy
If you need src-nat (or masquerade if the WAN address is dynamically changing), it is enough that the rules in chain=srcnat of /ip firewall nat match on out-interface. Unless you specify a routing-mark condition in them, they will act on a packet with any routing-mark. So it's not the same like routes where no routing-mark is equal to routing-mark=main.

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Posted: Tue Jul 23, 2019 3:01 pm
by korg
Hi roswitina,

did you see my topic which have the same subject?

korg