source routing

nuclearcat · Wed Jun 07, 2006 1:03 pm

Is there option, similar to linux:

ip rule add dev eth0 table 201

So i can chose routing table depends on interface where is traffic came.

nuclearcat · Wed Jun 07, 2006 1:19 pm

I have looked to manual, and seems i need to describe why i need this kind of command

For example we have a box with 2 interfaces, wireless and ethernet (usual PtP setup). Both sides have huge amount of networks, let's say:
BOX1 - eth0 - 10.1.0.0/24, 4.5.6.0/30 , ...... and 100 like this
BOX2 - eth0 - 1.2.3.0/30, 3.3.3.0/24 , .... and 200 like this

I can put bridge (as i heard performing worst than routing), but i can do also nice setup with source routing. For example:

BOX1 and BOX2:
BOX1 WiFi address 10.0.0.1 and BOX2 WiFI address 10.0.0.2
BOX1 eth def gw 10.254.254.1 and BOX2 def gw 10.253.253.1
BOX1:

ip rule add dev eth0 table 201
ip route add table 201 default via 10.0.0.2
ip route add default via 10.254.254.1

BOX2

ip rule add dev eth0 table 201
ip route add table 201 default via 10.0.0.1
ip route add default via 10.253.253.1

Still it is not optimal code, cause for management purproses box can be reached only by ethernet network, but it can be easily fixed.
I think such way, much better than handling 100-200 routes, running rip/ospf and etc.

janisk · Wed Jun 07, 2006 1:37 pm

read here
about policy routing

nuclearcat · Wed Jun 07, 2006 1:41 pm

In mikrotik i didnt see option, which can classify packet by source interface, means interface from where packet came.
I have readed this manual already.

janisk · Wed Jun 07, 2006 1:50 pm

in here you can read about MANGLE and how it works - this is what you need together with policy routing.

you just have to set routing marks in mangle

Wed Jun 07, 2006 1:52 pm

yes, make mangle rule which marks packets from certain interface, and assigns them routing-marks. after that make routes, based on the routing marks.

nuclearcat · Wed Jun 07, 2006 2:19 pm

normis, agree.
But maybe it is more correct (for performance reasons, because on my example you dont need to use netfilter) to add one more option in next release for source routing?

Wed Jun 07, 2006 2:24 pm

why? it is already only two steps simple.

nuclearcat · Wed Jun 07, 2006 2:52 pm

if you handle it over iif (ip rule add dev), it is handled directly in kernel code net/route.c (RTA_IIF option).

If you are using iptables with mangle, you have to run netfilter, where is routine will do lookup of incoming interface(in netfilter), mark a packet, route.c will lookup for mark in packet. Still precise answer can be done only by profiling, i will setup my new network lab in this week, if you want, i can give you results, what is the real difference in performance.

It is sure just only suggestion, because if you have your own code to apply things changes to kernel, it is just in iproute2 1 line of code

                        addattr_l(&req.n, sizeof(req), RTA_IIF, *argv, strlen(*argv)+1);

If you are wrapping requests over iproute2, same, very simple changes, because i think already you have src-address, which can be done also over mangle, but you did it also without mangle (ip route rule add src-address= if i am not wrong).

I can do my own setup with linux for such needs, and i appreciate a lot, that you let me run linux on your routerboards. It doesnt worth even to discuss, because already with mangle it fits my needs. But... if you like, maybe good to add in future...

Wed Jun 07, 2006 2:57 pm

RouterOS is not some simple linux distribution. it is RouterOS

nuclearcat · Wed Jun 07, 2006 3:13 pm

I didnt said it is simple linux distribution, it is even i think more far from linux, than any other distribution

It is totally different, and you have done very useful CLI and GUI interfaces, which make it totally different from Linux, and very easy to manage for newbies, and in same time it is very practical to run it in large networks for professionals, because first of all you have unified management interface, and tools to handle large networks. If someone will setup linux, he will be lost very fast, in comparison with Mikrotik. Additionaly he have to test his own kernel build, do performance optimisation .... it is really cannot be compared. So i am not comparing Mikrotik at all with Linux, but believe me i know, how it is done, netlink interface for example in ur distribution, it is same netlink interface.

I am running my own embedded system, and i understand very well that you did huge amount of work guys, and i appreciate it. I will use your software and hardware solution for my wireless links, it fit perfectly my needs, but for example for PPPoE NAS i am running my own "build" of linux, because it is not reasonable to ask you , to do useless for ur customers work (ex: parental control crossconnected to our Radius public interface).
I think we will have long and good cooperation. Last year we spent for equipment and software licenses, from one canadian company (you know them), about $300000. But we are not very happy about some specific issues, and now i am order sample units of your hardware, to test them properly. If it will fit our needs, next order will be 100-500 units of routerboard.

Wed Jun 07, 2006 3:20 pm

thank you for the comments

nuclearcat · Wed Jun 07, 2006 3:25 pm

I was trying to explain, that i am not rookie in such things.

Is there a way to send you private message? Maybe over talkroom? Or email? I want to give move explanation about current situation, maybe you can give me advice also, but it is not for public.

Wed Jun 07, 2006 3:30 pm

you can write to support@mikrotik.com if you wish. i read all the messages to that address

source routing

source routing

Who is online