Community discussions

MikroTik App
 
fabieng
just joined
Topic Author
Posts: 11
Joined: Tue May 14, 2019 10:29 am

pref src not honored in rOS7

Fri May 06, 2022 12:54 pm

Hello ,
i have a rb5009 with a particular internet connection,
With my config , the clients connected to the mikotik all have acces to internet without issues , but the mikrotik himself doesn't.

here is the anonymised config
# may/06/2022 11:27:06 by RouterOS 7.2.2
# model = RB5009UG+S+
/ip address
add address=192.168.16.1/24 interface=br-lan network=192.168.16.0
add address=198.198.198.50 comment="interco private network" interface=ether1 network=198.198.198.51
add address=109.109.109.110 comment="ip pub 1" interface=ether1 network=109.109.109.110
add address=109.109.109.111 comment="ip pub 2" interface=ether1 network=109.109.109.111

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=198.198.198.51 pref-src=109.109.109.110 routing-table=main suppress-hw-offload=no

/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 src-address=192.168.0.0/16 to-addresses=109.109.109.110/31
So has you can see this is one of these /31 interconnection ,
I ping my Gateway fine , and my 2 public IP's are pingable from the wan.
my nat is working fine and my client are all accessing internet without issue ,
the problem is with the pref-src in the /ip route section
when i try to ping 1.1.1.1 from my RB3011
[root@5009] > ping 1.1.1.1
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                                                                    
    0 1.1.1.1                                                      timeout                                                                                                                                                                   
    1 1.1.1.1                                                      timeout                                                                                                                                                                   
    2 1.1.1.1                                                      timeout                                                                                                                                                                   
and when i use the sniffer i see that the wrong address is used as src adresss , and my route setting (pref-src) is ignored
[root@5009] > tool/sniffer/quick ip-address=1.1.1.1
Columns: INTERFACE, TIME, NUM, DIR, SRC-MAC, DST-MAC, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, SIZE, CPU
INTERFACE  TIME   NUM  DIR  SRC-MAC            DST-MAC            SRC-ADDRESS   DST-ADDRESS  PROTOCOL  SIZE  CPU
ether1     0.198    1  ->   DC:2C:6E:3C:E4:A9  F0:4A:02:F5:43:F4  198.198.198.50  1.1.1.1      ip:icmp     70    1
ether1     1.201    2  ->   DC:2C:6E:3C:E4:A9  F0:4A:02:F5:43:F4  198.198.198.50  1.1.1.1      ip:icmp     70    1
ether1     2.202    3  ->   DC:2C:6E:3C:E4:A9  F0:4A:02:F5:43:F4  198.198.198.50  1.1.1.1      ip:icmp     70    2
ether1     3.203    4  ->   DC:2C:6E:3C:E4:A9  F0:4A:02:F5:43:F4  198.198.198.50  1.1.1.1      ip:icmp     70    2
ether1     4.205    5  ->   DC:2C:6E:3C:E4:A9  F0:4A:02:F5:43:F4  198.198.198.50  1.1.1.1      ip:icmp     70    2
I did a similar config on a RB3011 on ROS6 at an other place , and it was working perfectly
do you guy's have any idéa how can i change my source address on that router ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19252
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: pref src not honored in rOS7

Fri May 06, 2022 1:30 pm

I am no expert in these things but you may want to try using another table for the first item and for the second item dont get why using such a wide source address, when your LAN subnet is much smaller??

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=198.198.198.51 pref-src=109.109.109.110 routing-table=main suppress-hw-offload=no

/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 src-address=192.168.0.0/16 to-addresses=109.109.109.110/31
(/ip address
add address=192.168.16.1/24 interface=br-lan network=192.168.16.0)


For the first item suggest
/routing table add name=usePref fib
/routing rule add src-address=109.109.109.110 action=lookup-only-in-table table=usePref
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=198.198.198.51 table=usePref
 
fabieng
just joined
Topic Author
Posts: 11
Joined: Tue May 14, 2019 10:29 am

Re: pref src not honored in rOS7

Fri May 06, 2022 3:19 pm

thanks anav , i will try that and update that post with results
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: pref src not honored in rOS7

Sat May 07, 2022 12:16 am

I tried your exact addresses with CHR 7.2.3 and it works as expected (uses route's pref-src as source).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19252
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: pref src not honored in rOS7

Sat May 07, 2022 1:39 am

I will never understand pref source sigh........ no matter how many times you explain it LOL.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11986
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: pref src not honored in rOS7

Sat May 07, 2022 3:16 pm

Just for example,
If on ether1 WAN you have 3 public IP addresses (ignoring why)
until no other specific settings are involved, the interface use the IP with lowest value,
If the 3 IP are 2.255.255.1, 2.0.0.1 and 2.0.1.1, is used 2.0.0.1 because it have the lowest value.
With pref-src you can specify, when valid, what of the 3 IP must be used.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19252
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: pref src not honored in rOS7

Sat May 07, 2022 4:07 pm

Just for example,
If on ether1 WAN you have 3 public IP addresses (ignoring why)
until no other specific settings are involved, the interface use the IP with lowest value,
If the 3 IP are 2.255.255.1, 2.0.0.1 and 2.0.1.1, is used 2.0.0.1 because it have the lowest value.
With pref-src you can specify, when valid, what of the 3 IP must be used.
Well that was easy!!!
https://www.youtube.com/watch?v=3YmMNpbFjp0

I wish Sob could be so clear! ;-P
Seriously, is that the only time to use it (multiple IPs for one WAN).
Try one a little more complex, to make me think a tad harder.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11547
Joined: Thu Mar 03, 2016 10:23 pm

Re: pref src not honored in rOS7

Sat May 07, 2022 4:20 pm

I guess @anav is waiting for this one:

when router has one or more point-to-point interfaces and one doesn't assign IP addresses to those interfaces, then when router needs to create and send a packet through that interface, it uses IP address of one of (randomly?) selected interfaces as source address (which might even be completely wrong for given scope, peer might use different route for that IP address). One can override that by setting pref-src on route config:
/ip route
add distance=1 dst-address=192.168.13.0/24 gateway=wg-if pref-src=192.168.42.1
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19252
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: pref src not honored in rOS7

Sat May 07, 2022 4:38 pm

I guess @anav is waiting for this one:

when router has one or more point-to-point interfaces and one doesn't assign IP addresses to those interfaces, then when router needs to create and send a packet through that interface, it uses IP address of one of (randomly?) selected interfaces as source address (which might even be completely wrong for given scope, peer might use different route for that IP address). One can override that by setting pref-src on route config:
/ip route
add distance=1 dst-address=192.168.13.0/24 gateway=wg-if pref-src=192.168.42.1
Yes, thats a good start, what the heck is a point to point interface and furthermore one that doesnt get assigned IP addresses? I didnt know you were greek!! ;-)
 
fabieng
just joined
Topic Author
Posts: 11
Joined: Tue May 14, 2019 10:29 am

Re: pref src not honored in rOS7

Mon May 09, 2022 11:21 am

I tried your exact addresses with CHR 7.2.3 and it works as expected (uses route's pref-src as source).
Hello , i've taken a look this morning , and my pref src thing is still not working ,
what funny is i can connect to the public ip via ssh , but when inside the router i can't ping outside since the router wants to use the bad adress as src
the issue might be because the ip that i added are in /32

if you want to take a look i can open a ssh acces , the public ip's are working
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11547
Joined: Thu Mar 03, 2016 10:23 pm

Re: pref src not honored in rOS7

Tue May 10, 2022 8:57 am

the issue might be because the ip that i added are in /32

I'd expect that IP you want to use as pref src has to be routable via interface used ... In most trivial case this means that IP address belongs to same IP subnet as upstream gateway which means that /32 addresses are useless. And AFAIK SRC-NAT doesn't apply when you manually set pref-src address.
 
fabieng
just joined
Topic Author
Posts: 11
Joined: Tue May 14, 2019 10:29 am

Re: pref src not honored in rOS7

Wed May 11, 2022 1:13 pm

i just went on an other site where we have the same hardware and a similar config ,
and on the other site , the pref-src is working ,

i'm baffled
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: pref src not honored in rOS7

Thu May 12, 2022 1:29 am

According to https://help.mikrotik.com/docs/display/ ... ctedRoutes, there were some changes:
The preferred source is not used anymore for connected routes. FIB chooses the source address based on the out-interface. This allows making setups that in ROS v6 and older were considered invalid. See examples for more details.
But it talks only about connected routes, where you couldn't set pref-src anyway (except maybe with routing filters). Other manual routes shouldn't be affected. But perhaps under some circumstances something may not work as intended, it's possible, but so far what I tried worked.
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 767
Joined: Mon May 27, 2013 2:05 am

Re: pref src not honored in rOS7

Thu May 12, 2022 7:58 am

Not to help your question but also help anav

I use pref-src with my loopback IP for most things. Consider my sites are as follows

Internet<-->10.0.0.1<-->10.0.1.1<-->10.0.2.1<-->10.0.3.1<-->Customer

In a normal scenario of customer tracerouting to internet, you'd see the IP respond on the interface pointing towards customer on each hop. I set my pref-src for as many routes as I can to be the loopback site IP, so when I traceroute through my network, no matter the interface it comes in/out of, it shows 10.0.x.1 - makes a nice clean traceroute. Its only really applicable for input/output data as forwarded data will already have its own src-address set, and there's some advantage to it if you are load balancing to control which link it comes back in on but other than that in a 'router' that mostly does just forwarding, you wouldn't use it much.

Who is online

Users browsing this forum: anav, Google [Bot] and 32 guests