Community discussions

MikroTik App
 
atanas012
just joined
Topic Author
Posts: 2
Joined: Wed Jan 15, 2025 11:24 am

MikroTik with 10 WAN each with whole class C network

Thu Jan 16, 2025 11:54 am

Hello,
I have configured my router so every WAN port have a hole class C network. I have 2531 Vlans created on 5 Ethernet ports. All Vlans assigned IP addresses, separated DHCP servers. I created routing tables for all ISP networks and routing rules for every Vlan so I can bind it to a specific network address space. Then I use src-nat to route the traffic from internal Vlan network to a specific external IP. I can`t post the hole config here as it is more then 18000 lines but In the post is a single IP whit subnet and everything else copy paste.
Also the router I use is CCR1036 whit 16GB of RAM
behind the router are VPS`s each get an IP assigned from the specific Vlan that is defined for them and have internet. As for network speed I`m pleased that all VPS was able to achieve 150-200 Mbit traffic, not at once as one network provided from my ISP share 1Gbit traffic.
The problem I have is that 9 Network works as I want and everything is ok, but when I try to get the WAN10 network to work the most progress I got is to ping external Gateway from the VPS and terminal in router. All the rules are the same and config is double checked if I missed something.
So to give the summary the config I have work whit 2289 external IPs and 2289 Vlans all matched 1 to 1 so I can have all my VPS servers in the cluster whit separated external IP. The problem is that I can make the 10th network work, or maybe I just want to much of my router? The RouterOS version is 7.16.2
Any help, advice or reproach will be appreciated, The hole config is in the attachment is anyone is interested
Config:
/ip address
add address=87.116.112.3/24 interface=WAN1 network=87.116.112.0
add address=10.1.3.1/24 interface=vlan3 network=10.1.3.0
/ip pool
add name=dhcp3 ranges=10.1.3.2-10.1.3.254
/ip dhcp-server
add address-pool=dhcp3 interface=vlan3 name=dhcp3 server-address=10.1.3.1
/ip dhcp-server network
add address=10.1.3.0/24 dns-server=1.1.1.1 gateway=10.1.3.1
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=87.116.112.1 routing-table=N-87.116.112.0 scope=30 suppress-hw-offload=no target-scope=10
/routing table
add disabled=no fib name=N-87.116.112.0
/routing rule
add action=lookup disabled=no dst-address=0.0.0.0/0 interface=vlan3 table=N-87.116.112.0
/ip firewall nat
add action=src-nat chain=srcnat out-interface=WAN1 src-address=10.1.3.0/24 to-addresses=87.116.112.3
/interface ethernet
set [ find default-name=ether7 ] comment=Vlan_2-506 name=LAN1
set [ find default-name=ether8 ] comment=Vlan_507-1013 name=LAN2
set [ find default-name=ether9 ] comment=Vlan_1014-1519 name=LAN3
set [ find default-name=ether10 ] comment=Vlan_1520-2025 name=LAN4
set [ find default-name=ether11 ] comment=Vlan_2026-2531 name=LAN5
set [ find default-name=ether12 ] comment=eth6-Managment name=LAN6
set [ find default-name=ether1 ] comment=in_eth1-112.0 name=WAN1
set [ find default-name=ether2 ] comment=in_eth2-115.0 name=WAN2
set [ find default-name=ether3 ] comment="in_eth3-36.0 (OK)" name=WAN3
set [ find default-name=ether4 ] comment=in_eth4-119.0 name=WAN4
set [ find default-name=ether5 ] comment=in_eth5-120.0 name=WAN5
set [ find default-name=ether6 ] comment=in_eth6-121.0 name=WAN6
set [ find default-name=sfp1 ] comment=in_SFP1-122.0 name=WAN7
set [ find default-name=sfp2 ] comment=in_SFP2-123.0 name=WAN8
set [ find default-name=sfp3 ] comment=in_SFP3-124.0 name=WAN9
set [ find default-name=sfp4 ] comment=in_SFP4-127.0 name=WAN10
/interface vlan
add interface=LAN1 name=vlan3 vlan-id=3
You do not have the required permissions to view the files attached to this post.
Last edited by chechito on Mon Jan 20, 2025 3:17 pm, edited 1 time in total.
Reason: misspelled title
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11387
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikorik whit 10 WAN each whit whole class C network

Sat Jan 18, 2025 12:50 pm

maybe I just want to much of my router?
I don't think it is a matter of insufficient resources.

when I try to get the WAN10 network to work the most progress I got is to ping external Gateway from the VPS and terminal in router
...
The problem is that I can make the 10th network work
I could spot, quite by chance, an anomaly: the routing rule that matches on interface=vlan2279 is the only one that has min-prefix set (to 0). The presence of this parameter and value causes this rule to be "ignored" for routes in the indicated table whose destination is 0.0.0.0/0, which matches your description that you can only ping the gateway but nothing behind it. However, this rule is related to WAN3, not to WAN10.

Which brings me to another point - at least in 7.16, there is a nasty bug, if you change the parameters of a routing rule (others have reported that for other configuration elements as well), the change does not make it from the "visible" configuration" to the "running" one; to make the changes get to the running config, you have to remove and recreate the routing rule completely, or disable and re-enable it (which apparently removes it from the "running configuration" and then inserts it with the complete set of values). So if you've made some changes in the parameters of some routing rules, the "running configuration" may still use the original values. So maybe you had that min-prefix=0 set also for the rules for WAN10 and then removed it?

Other than that, you could reduce the load of the router by replacing each group of 253 routing rules by a single one:
/routing rule
add action=lookup disabled=no dst-address=0.0.0.0/0 interface=vlan3 table=N-87.116.112.0
...
add action=lookup disabled=no dst-address=0.0.0.0/0 interface=vlan254 table=N-87.116.112.0

can be replaced by
/routing rule
add action=lookup disabled=no dst-address=0.0.0.0/0 src-address=10.1.0.0/16 table=N-87.116.112.0

This way, each LAN->WAN packet would have to check just 5 routing rules on average, as compared to current 1200+. It would also help to add a rule dst-address=10.0.0.0/0 action=lookup table=main as the first one so that WAN->LAN packets would not have to go through the subsequent 10 (or 2500+ currently).
 
atanas012
just joined
Topic Author
Posts: 2
Joined: Wed Jan 15, 2025 11:24 am

Re: Mikorik whit 10 WAN each whit whole class C network

Mon Jan 20, 2025 2:25 pm

Hello,
Thank you for the replay. I did rewrite my rules as you suggested so around 3000 lines of the config are gone :)
The problem was on the ISP side, but as I`m a newbee just construct my configuration from info around the web I was thinking I`m at fault for the non working network.
But still manage to optimize a little