Community discussions

MikroTik App
 
vmsh0
just joined
Topic Author
Posts: 8
Joined: Tue Nov 20, 2018 9:59 pm

Generate connected routes with routing marks

Wed Aug 04, 2021 12:13 pm

Hello,

Is there a way to generate connected routes with routing marks in ROS 6?

I have a policy routing rule which assigns different routing marks to different ingress interfaces. However, routing entries for connected interfaces are generated without a routing mark. So, effectively, if I assign packets from interfaces eth1 and eth2 a routing mark rm1, there will be no routing between these two interfaces, as there are no routes marked rm1 for what's connected to eth1 and eth2.

The simple solution is to create such routes statically. However this denormalizes the configuration, as now if I add/remove/change any addresses from such interfaces I also have to manually update the routing table. Which is fine and works, but I'm curious as to whether I'm missing a better solution.

Is there a simple way to "propagate" selected connected routes from the main routing mark to different routing marks?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Generate connected routes with routing marks

Wed Aug 04, 2021 12:24 pm

That is indeed a problem in RouterOS v6. I think it was promised it would be solved in v7.

When your routing marks are only for policy routing, you can quite easily work around this because you can setup your policies so that traffic without routing mark is still routed to that interface. Note that policies are matched top to bottom until a match is found, and there is an invisible "lookup main" at the bottom of the list, so usually it "just works".

However, when you want to use routing marks in a BGP or OSPF instance (make the routing protocol maintain a separate routing table used via policy routing) you cannot use that workaround, as the routing protocol will have no knowledge about the connected routes and will not distribute them.
So the ugly workaround of "copying the connected routes to a new entry with routing mark" is the only one available.
I encounter that problem in our network on a daily basis, and I agree it is not nice.

There is the feature of "VRF" which is some magical way of assigning routing marks and using them in routing tables. It is said to solve this problem automagically.
Unfortunately I have never been able to find an EXACT description of what this feature really does, how it creates the marks and the policies, and if this can be combined with manually set marks. I have seen people use it and get very bad results, like traffic that is supposed to be to a local network address getting routed to the default gateway or some other interface. It is probably "the right thing" but until I fully understand how it works I will not use the VRF feature myself.
But maybe it is useful for you.
 
vmsh0
just joined
Topic Author
Posts: 8
Joined: Tue Nov 20, 2018 9:59 pm

Re: Generate connected routes with routing marks

Thu Aug 05, 2021 5:45 pm

When your routing marks are only for policy routing, you can quite easily work around this because you can setup your policies so that traffic without routing mark is still routed to that interface. Note that policies are matched top to bottom until a match is found, and there is an invisible "lookup main" at the bottom of the list, so usually it "just works".
As a side note - is this what the "lookup-only-in-table" action prevents? I.e. it overrides this cascading behaviour and stops at the matching rule? I couldn't locate any documentation for that.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Generate connected routes with routing marks

Thu Aug 05, 2021 6:42 pm

Yes that is correct. Normally you would use "lookup", it would lookup in the mentioned table (i.e. check the routes with that same routing mark), and if not found it will just continue in the rules list and potentially hit the invisible "lookup main" at the end.

For some strange reason, "/ip route rule" isn't documented at all. That also surprised me sometimes, as I am interested in the relation between "route marking" a packet and the "routing mark" in the route table. I.e. is "route marking" directly selecting a route table, or is a "ip route rule" that selects on the route mark and then does a lookup in some route table still required? If not, what is the preference between those two actions?

Well, VRF is hardly documented as well. It says "Technically VRFs are based on policy routing. There is exactly one policy route table for each active VRF." ( https://wiki.mikrotik.com/wiki/Manual:V ... Forwarding ) but it would be helpful when VRF was fully explained in terms of policy routing, including the possible use of "lookup only in table" (which I think was exposed in policy routing at a later time).

Well, in version 7 this part of RouterOS has been overhauled, maybe it will become a little clearer then.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Generate connected routes with routing marks

Thu Aug 05, 2021 6:58 pm

@pe1chl there is a little reference about Routing Rules here : https://wiki.mikrotik.com/wiki/Manual:IP/Route

To my understanding, when you create a Routing Mark, what you actually do is you create a custom Table.

So, as there is the Main Routing Table, the Local Routing Table there are the ones that we manually create as well ..
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Generate connected routes with routing marks

Thu Aug 05, 2021 7:24 pm

Yes I know that, I am managing plain Linux systems as well and I know this feature.
In fact in RouterOS v6 these extra tables are created "automatically" when you first mention a routing mark name but in v7 this will have to be done explicitly.

But what is scarcely (if at all) documented is:
- the /ip route rule command (as mentioned above by vmsh0, there is no description of what its options actually do)
- how VRF exactly uses these tables. it says there is a table for each VRF but there is no description of the actual "mangle" rules created to set the routing marks, and how they interact with routing marks you add yourself in mangle rules.

That makes it difficult to decide if VRF is an alternative for a policy routing scenario, and how to do a migration to VRF.

Who is online

Users browsing this forum: abdulschizo and 84 guests