Community discussions

MikroTik App
 
rosariowireless
just joined
Topic Author
Posts: 7
Joined: Wed Sep 13, 2006 5:25 am
Location: Rosario-Santa Fe-Argentina

TWO ISP´S: packets coming out to the wrong interface

Tue Apr 22, 2008 5:18 pm

We've two internet connection on diferent ISPs and we're load balancing these connections using ECMP. Both have dst-natted ports

to internal servers (ie: web, smtp).



+-----------+

ISP1 ---> | MK RB 532 | ---> LAN (Servers, Workstations).

ISP2 ---> | |

+-----------+



Yesterday we've noticed that if we ping (from far far away on the Internet) an ISP2 address, the echo reply *may* go through ISP1 (it's up to what the ECMP route wants). Fortunately both ISP1 and ISP2 allow to send packets whose source address is

outside the address space they gave us and this works, even when it's wrongly configured.



Our goal is to make sure that packets that arrived from ISP1, go back to ISP1 and vice-versa.



We tried:



1) route-mark the packets in mangle/prerouting

2) use a default gateway route to ISP1 for packets marked as comingo from ISP1 and vice-versa.



Didn't work because it tried to send packets destined to our LAN to ISP1. A solution would be to duplicate the entire routing table, but i think is quite messy.



We also tried this with policy routing, with the same results.

Anibal.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: TWO ISP´S: packets coming out to the wrong interface

Tue Apr 22, 2008 6:45 pm

Greetings!

It seems you are trying to load balance, and then defeat that by redirecting the load balancing. Maybe just disable the load balancing. Let it go out the port it came in.
 
changeip
Forum Guru
Forum Guru
Posts: 3823
Joined: Fri May 28, 2004 5:22 pm

Re: TWO ISP´S: packets coming out to the wrong interface

Tue Apr 22, 2008 7:48 pm

You have to setup route marking and policy routing properly for things to go out the same interface it came in on. It's not as easy / simple as it seems. Search the forums for my userid and the words 'prerouting' and 'mangle' and 'output'
and you will find examples. The problem is with pings (ICMP) they are somewhat connectionless and not mangled the same as other traffic.
Colo and Wholesale Bandwidth Available! Sales at SanDiegoBroadband dot com

Who is online

Users browsing this forum: CZFan, iperoni, sindy and 42 guests