Community discussions

MikroTik App
 
doublecaps
just joined
Topic Author
Posts: 15
Joined: Sun Feb 28, 2010 1:52 pm

Policy Based Routing issue and question

Mon Jun 25, 2012 11:30 pm

Hello, I currently have 2 connections to one of our remote sites and I want to route specific traffic through one of the connections because it uses a lot of bandwidth.
To be more specific, I want to route the traffic from and to DVR at the remote site.

I don't want to implement PCC because on the the ISPs have high latency and inteferes and I get poor performace for some applications (SIP, Oracle DB, etc).

I'm trying to setup Policy based routing, but i can't get it to work the way I want it. The mangle rules stats are increasing but when I do a trace it still goes through the main route.

Here is what I have configured so far:
ip firewall mangle
;;; 174: Mark Routing DVR ->Neptuno
chain=prerouting action=mark-connection new-connection-mark=ABC-DVR
passthrough=yes src-address=192.xxx.174.94
6 ;;; 174: Mark Routing DVR ->Neptuno
chain=prerouting action=mark-connection new-connection-mark=ABC-DVR
passthrough=yes dst-address=192.xxx.174.94
7 ;;; 174: Mark Routing ->Neptuno
chain=prerouting action=mark-routing new-routing-mark=ABC-DVR
passthrough=yes connection-mark=ABC-DVR
8 ;;; 174: Mark Routing ->Neptuno
chain=prerouting action=mark-routing new-routing-mark=ABC-DVR
passthrough=yes connection-mark=ABC-DVR


ip route print detail where routing-mark=ABC-DVR
0 A S ;;; DVR Almacen
dst-address=192.xxx.174.0/24 gateway=10.xxx.174.2
gateway-status=10.xxx.174.2 reachable ether1 -> To Neptuno distance=1
scope=30 target-scope=10 routing-mark=ABC-DVR

ip route rules
2 routing-mark=ABC-DVR action=lookup table=ABC-DVR

The stats counters for the mangle rules are showing activity
5 ;;; 174: Mark Routing DVR ->Neptuno
prerouting mark-connection 522491 2184
6 ;;; 174: Mark Connection DVR ->Neptuno
prerouting mark-connection 119548 2331
7 ;;; 174: Mark Connection ->Neptuno
prerouting mark-routing 636859 4412
8 ;;; 174: Mark Routing ->Neptuno
prerouting mark-routing 637099 4416

If I trace from the router, using the ABC-DVR routing table it uses the correct route
[admin@xxxxxx-WAN] > tool traceroute 192.xxx.174.94 routing-table=ABC-DVR ADDRESS STATUS
1 10.xxx.174.2 162ms 120ms 139ms
2 192.xxx.174.94 257ms 350ms 260ms


however when I trace it from a PC it goes through the other ISP.
C:\>tracert -d 192.xxx.174.94
Tracing route to 192.xxx.174.94 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.xxx.173.1
2 382 ms 121 ms 145 ms 10.xxx.253.1
3 111 ms 81 ms 38 ms 192.xxx.174.94


Can anyone give me any suggestion on what I'm doing wrong?
I tried doind the same thing on the router at the remote site, but get the same results.
 
MikroTikIQ
Trainer
Trainer
Posts: 44
Joined: Sat Jun 16, 2012 1:42 pm

Re: Policy Based Routing issue and question

Wed Jun 27, 2012 1:22 am

Hi..

there is some extra config on you router..

its simple can be done..!!!

but I would like to have more info.. that is your DVR IP.. and your Local IP..

Also if you can send more config about router IP....

And if you can draw your senario.. will be great and will have more specific solution..

Also I would to know how you use both of ISP..?? in mikrotik config..!!!

do you have specific IP address in your local network want only to reach the DVR..?

Here I can give you some hint..

Make static route
# this way you can force any one want to reach your DVB go through Specified gateway..
/ ip route add dst-address= DVR ip address gateway=Your recommanded ISP gateway..


# mark all ip that want to access the dvr via Recommanded ISP...
/ ip firewall mangle add chain=forward dst-address= "dvr ip address" out-interface=(your recommended ISP interface) action=mark-connection new-connection-mark=DVR

# Sure to NAT the our going IP with the ISP ip address..
/ ip firewall nat add chain=src-nat src-address=local network address out-interface=(recommended ISP) connection-mark=DVR action=src-nat to-address=(your recommended isp ip address)



Test and give me result

Ali.
Mikrotik-IQ
MTCNA-MTCWE-MTCRE-MTCTE-Trainer

Who is online

Users browsing this forum: dancar80, davidnvega, Google [Bot], halit93ak, itivanreyes, lcat, martix77, und3ath and 203 guests