Community discussions

MikroTik App
 
ftan
just joined
Topic Author
Posts: 14
Joined: Tue Dec 15, 2020 12:09 pm

Source NAT Multiple ISP

Sun Oct 10, 2021 10:43 pm

Hello,

I have several ISPs. I am currently using src-nat to map a public ip address of ISP 1 to the local lan 192.168.7.x. This is working fine.

I want to be able to use the public IP of ISP 1 for 192.168.7.x but i want the bandwidth that will be used by this local subnet to come from ISP 2. Is this possible?

Thanks.
 
User avatar
jvanhambelgium
Long time Member
Long time Member
Posts: 586
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Source NAT Multiple ISP

Sun Oct 10, 2021 10:44 pm

Hello,

I have several ISPs. I am currently using src-nat to map a public ip address of ISP 1 to the local lan 192.168.7.x. This is working fine.

I want to be able to use the public IP of ISP 1 for 192.168.7.x but i want the bandwidth that will be used by this local subnet to come from ISP 2. Is this possible?

Thanks.
Nope, will not work. ISP2 will not route the public IP of ISP1 that you use for the NAT operation.
At least not as a simple "end-user" (which you are it seems)
 
ftan
just joined
Topic Author
Posts: 14
Joined: Tue Dec 15, 2020 12:09 pm

Re: Source NAT Multiple ISP

Sun Oct 10, 2021 11:22 pm

Any options i have on this?

ISP 1 is giving us more IP addresses and the bandwidth of ISP 2 and 3 are much greater. So i was hoping to use the IP addresses for src-nat of ISP but the bandwidth of ISP 2 and 3.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 8756
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Source NAT Multiple ISP

Mon Oct 11, 2021 1:22 am

You have the wrong approach, instead of trying to design a config around some vague requirements, forget the config.

In a few sentences write down what the user requirements are.
A. what do users or groups of users or devices or groups of devices need to be able to do on teh network (what work do they need to accomplish)
B. what do same, should not be able to do,,,,,,,, they are separate groups for a reason....

In terms of your issue you can take an individual IP, within a subnet, and assign it a different route to the internet compared to fellow subnet users, but then you are committed to that WANIP for that specific user/device. Every time that user/device originates a session it will go out the specific WANIP.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
ftan
just joined
Topic Author
Posts: 14
Joined: Tue Dec 15, 2020 12:09 pm

Re: Source NAT Multiple ISP

Mon Oct 11, 2021 11:20 am

The setup is actually a building and we are supplying internet to different tenants.

There are no restrictions and all users just do internet, email, chat, and etc...

So per tenant i gave them a subnet and did a src-nat to each one. The all want a static ip address when they lookup what is my ip.

So i want to give the IP of ISP 1 to Tenant 1. But when they surf i want them to pass through ISP 2.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 8756
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Source NAT Multiple ISP

Mon Oct 11, 2021 2:54 pm

Someone smarter than me will have to answer that as my answer is NOT possible but keep in mind I have:
a. limited knowledge in networking
b. rudimentary knowledge of MT
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
Larsa
Member Candidate
Member Candidate
Posts: 260
Joined: Sat Aug 29, 2015 7:40 pm

Re: Source NAT Multiple ISP

Mon Oct 11, 2021 3:04 pm

Any options i have on this?

ISP 1 is giving us more IP addresses and the bandwidth of ISP 2 and 3 are much greater. So i was hoping to use the IP addresses for src-nat of ISP but the bandwidth of ISP 2 and 3.

If I understand you correctly you want specific srcnat mappings for SP1 and the rest of the outbound traffic through ISP2/3? Btw, there used to be a bug (although it might be fixed now) in ros v6 when you defined a subnet instead of x/32 addresses on the wan port and splitting up outgoing traffic using for example srcnat for different ips the same subnet.
Last edited by Larsa on Mon Oct 11, 2021 3:12 pm, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 7907
Joined: Mon Dec 04, 2017 9:19 pm

Re: Source NAT Multiple ISP

Mon Oct 11, 2021 3:07 pm

So i want to give the IP of ISP 1 to Tenant 1. But when they surf i want them to pass through ISP 2.
The maximum you can get is that you give ISP1 addresses and dst-nat rules for incoming connections to tenants who want to run servers locally, but you use ISP2's addresses for src-nat. So instead of determining their public IP autonomously, the tenants will have to configure it manually (because outgoing requests will use ISP2, so all those "what's my IP" services will show that one).

Another way could be that you would order your own public IP range and agree with the ISPs to talk BGP to you. This way you would advertise that IP range to the world via both ISPs using BGP, preferring the one with better bandwidth.

Yet another way would be to run a VM somewhere in a datacenter and a tunnel from there, but that causes either MTU problems or bandwidth issues if you hide the fact of fragmentation from the users. And in DCs it is usually also not easy to get multiple public IPs for a single VM.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 8756
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Source NAT Multiple ISP

Mon Oct 11, 2021 3:30 pm

Based on the advice from Sindy.....
ISP1 provides enough addresses for all tenants
ISP1 will be used thus for any external incoming connections (servers, vpn tunnels).
ISP1 traffic will be connection marked to ensure return traffic from tenants will go out ISP1 *****

All tenant originated traffic will be source natted relative to ISP2, the faster ISP (given isp2 IP address when sent externally)
All tenant originated traffic will be routed such that it goes out ISP2
- by ensuring the ISP2 route on the main table is the preferred route (lower distance for example)
- ***** is the reason we need to mark the ISP1 traffic to ensure that particular traffic goes out ISP1 despite the Main Routing Table preference!

Therefore the requirements are mostly met:
a. The bulk of tenant associated traffic goes out ISP2
b. Tenants get assigned their own public IPs via ISP1
c. Tenants can establish VPN tunnels or port forwarding via ISP1

Practical questions remain.
How do public IPs on ISP1 get assigned to tenants??
How do tenants know what their public IP is because using whatsmyip as stated will show ISP2 router address?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: Google [Bot], soponyaibence and 37 guests