Community discussions

MUM Europe 2020
 
sergey
just joined
Topic Author
Posts: 14
Joined: Wed Dec 19, 2012 1:28 pm

source routing

Tue Sep 03, 2013 12:50 am

Hello

I have 3 networks:
192.168.100.0/24 (LAN1)
192.168.101.0/24 (LAN2)
192.168.102.0/24 (LAN3)

There is an interface 192.168.100.1/22 on the router. Also there are 3 ISP connected to the router.
The policy must be:
- LAN1 uses 1st available connection
- LAN2 always goes via 2nd ISP
- LAN3 always goes via 3rd ISP

Configuration:
/ip firewall mangle
add action=mark-connection chain=forward in-interface=bridge-lan new-connection-mark=from_lan2 src-address=192.168.101.0/24
add action=mark-connection chain=forward in-interface=bridge-lan new-connection-mark=from_lan3 src-address=192.168.102.0/24
add action=mark-routing chain=prerouting connection-mark=from_lan2 in-interface=bridge-lan new-routing-mark=to_isp2
add action=mark-routing chain=prerouting connection-mark=from_lan3 in-interface=bridge-lan new-routing-mark=to_isp3

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether8 src-address=192.168.100.0/22
add action=masquerade chain=srcnat out-interface=ether9 src-address=192.168.100.0/22
add action=masquerade chain=srcnat out-interface=ether10 src-address=192.168.100.0/22

/ip route
add distance=1 gateway=109.86.229.254 routing-mark=to_isp1
add distance=1 gateway=37.229.191.254 routing-mark=to_isp2
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping distance=2 gateway=8.8.4.4
add distance=1 dst-address=8.8.4.4/32 gateway=37.229.191.254 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=109.86.229.254 scope=10
ISP3 disconnected at the moment (there is no route to it)

The problem that clients from LAN2 (192.168.101.0/24) do not have access to Inet. Bit if I disconnect cable connected to ISP1, Inet becomes available for LAN1 and LAN2.
/ip route print 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          109.86.229.254            1
 1 A S  0.0.0.0/0                          37.229.191.254            1
 2 A S  0.0.0.0/0                          8.8.8.8                   1
 3   S  0.0.0.0/0                          8.8.4.4                   2
 4 A S  8.8.4.4/32                         37.229.191.254            1
 5 A S  8.8.8.8/32                         109.86.229.254            1
 6 ADC  37.229.128.0/18    37.229.156.88   ether9                    0
 7 ADC  109.86.229.0/24    109.86.229.211  ether8                    0
 8 ADC  192.168.100.0/22   192.168.100.1   bridge-lan                0
Any ideas what it may be?

Thanks!
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1068
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: source routing

Tue Sep 03, 2013 6:28 am

Verify that ping actually might still be working which would cause the expected action to fail.
 
sergey
just joined
Topic Author
Posts: 14
Joined: Wed Dec 19, 2012 1:28 pm

Re: source routing

Tue Sep 03, 2013 11:03 am

You are right. Ping does work.
 
sergey
just joined
Topic Author
Posts: 14
Joined: Wed Dec 19, 2012 1:28 pm

Re: source routing

Wed Sep 04, 2013 12:43 am

It is final configuration with 3rd connection but it still does not work as expected
/ip route
add distance=1 gateway=109.86.229.254 routing-mark=to_isp1
add distance=1 gateway=37.229.191.254 routing-mark=to_isp2
add distance=1 gateway=192.168.252.1 routing-mark=to_isp3
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping distance=2 gateway=8.8.4.4
add distance=3 gateway=192.168.252.1
add distance=1 dst-address=8.8.4.4/32 gateway=37.229.191.254 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=109.86.229.254 scope=10
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1068
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: source routing

Wed Sep 04, 2013 4:48 pm

 
sergey
just joined
Topic Author
Posts: 14
Joined: Wed Dec 19, 2012 1:28 pm

Re: source routing

Wed Sep 04, 2013 5:15 pm

I have read the doc quickly. Thanks.

Do you mean to use different routing tables? main for directly connected networks:
add distance=1 gateway=109.86.229.254 routing-mark=to_isp1
add distance=1 gateway=37.229.191.254 routing-mark=to_isp2
add distance=1 gateway=192.168.252.1 routing-mark=to_isp3
and create other table for dgw:
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping distance=2 gateway=8.8.4.4
add distance=1 dst-address=8.8.4.4/32 gateway=37.229.191.254 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=109.86.229.254 scope=10
?
 
sergey
just joined
Topic Author
Posts: 14
Joined: Wed Dec 19, 2012 1:28 pm

Re: source routing

Thu Sep 05, 2013 12:06 am

I have replaced
add action=mark-connection chain=forward in-interface=bridge-lan new-connection-mark=from_lan2 src-address=192.168.101.0/24
add action=mark-connection chain=forward in-interface=bridge-lan new-connection-mark=from_lan3 src-address=192.168.102.0/24
by
add action=mark-connection chain=prerouting in-interface=bridge-lan new-connection-mark=from_lan2 src-address=192.168.101.0/24
add action=mark-connection chain=prerouting in-interface=bridge-lan new-connection-mark=from_lan3 src-address=192.168.102.0/24
(changed forward chain to prerouting chain) in mangletable and everyting seems fine

Thanks all for help!
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1068
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: source routing

Thu Sep 05, 2013 2:33 am

... changed forward to prerouting in mangle table and everyting seems fine ...
Awesome!

Here is a cool link about chains that I'm reading very slowly. I'm finding it helpful in addition to the official packet flow diagrams MikroTik provides.
 
sergey
just joined
Topic Author
Posts: 14
Joined: Wed Dec 19, 2012 1:28 pm

Re: source routing

Thu Sep 05, 2013 11:39 am

Thanks for the useful links.

I know about packet flow in iptables and use this diagram but unfortunately I forget some things periodically like this time.
But official MikroTik packet flow diagram is awesome! Thank you very much for it!

Who is online

Users browsing this forum: Bing [Bot], CZFan, Gombeen666, mali2003, mbovenka, mrtrca and 146 guests