Community discussions

MikroTik App
 
dalami
Member Candidate
Member Candidate
Topic Author
Posts: 135
Joined: Mon Dec 12, 2011 9:18 am

Multiple connection marks - or mixing connections, packets, and routing marks

Thu Oct 21, 2021 10:33 pm

Reading and reading - some articles and posts make more sense than others. It feels like the preferred method, where applicable, is to use connection marks for "serious" decision making and then simple connection mark matching afterwards. Sounds reasonable. But...

Previously I've just used connection marks for packet marks - which I either used for queues, NAT, or filters. Straightforward. Mostly. But now I'm getting into the wonderful world of routing which adds another complexity level.

So say I have existing rules that test for the connection port, like UDP 53, to mark it as DNS traffic and then subsequently prioritize it in queue. Now - I want to start checking specific IP's or interfaces for routing purposes. I'm seeing two possibilities:

Option 1 (horrible): duplicate any applicable existing classifications with the routing-specific tests, and create additional sets of connection marks, which will then be acted on. My mangle table just exploded - and for that matter so did my NAT & filter tables.

Option 2 (maybe): perform routing classification first - by marking connections, then marking routing - then re-classify for other purposes and re-mark the connection. But then...my intial test for a presence of a connection mark would be invalid - as the mark would be for the filter/NAT classifications and not for routing. So only the first packet would get marked?

Is Option 2 the right way? Or something else entirely? I'm sure I'm over-complicating things.

Who is online

Users browsing this forum: EmuAGR and 78 guests