Community discussions

MikroTik App
 
cyrusd
just joined
Topic Author
Posts: 15
Joined: Fri Jan 22, 2021 11:43 pm

Routing packets based on DSCP tag

Wed Nov 16, 2022 4:11 pm

Hi
Having two Routeros I want to tag all outgoing traffic of RO 1 and use the tag later in the host's gateway (RO 2) for policy-based routing.
more explanation :
RO 1 (192.168.1.10/24) creates a packet and sets a tag on it then send it to its gateway (RO 2) (192.168.1.1)
The gateway (RO 2) receives and opens the packet and reads the tag, based on the tag number the router can decide what routing table the packet belongs to.
I think this can be done with DSCP tagging, am I right?
what is the proper way to achieve this scenario?
bear in mind that I can't use the host (RO 1) source IP address for routing cause it changes regularly.
Thanks in adv.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Routing packets based on DSCP tag

Wed Nov 16, 2022 4:27 pm

You need to be sure that between your two routers, no devices, such as those of the ISP, do not change or delete the DSCP.
# RO1
/ip firewall mangle
add chain=forward in-interface=<LAN1-INTERFACE> out-interface=<WAN-INTERFACE> action=change-dscp new-dscp=11 passthrough=yes
add chain=forward in-interface=<LAN2-INTERFACE> out-interface=<WAN-INTERFACE> action=change-dscp new-dscp=22 passthrough=yes

# RO2
/ip firewall mangle
add chain=prerouting dscp=11 routing-mark=!table11 action=mark-routing new-routing-mark=table11 passthrough=yes
add chain=prerouting dscp=22 routing-mark=!table22 action=mark-routing new-routing-mark=table22 passthrough=yes
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing packets based on DSCP tag

Wed Nov 16, 2022 4:33 pm

Indeed the DSCP/TOS field is the only field among the IP headers of a packet you can use to deliver a flag from one router to another, provided that you don't need the original purpose of that field.

On RO 2, you just "translate" the DSCP value to a routing-mark value using an action=mark-routing rule in mangle->prerouting.

Just for the sake of completeness, there is also a possibility to use the priority field in the 802.1Q VLAN tag - if the VID in the tag is set to 0, the frame is handled as if it was not tagged, but the priority field of the tag is processed.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: Routing packets based on DSCP tag

Wed Nov 16, 2022 5:07 pm

While this is perfectly possible on RouterOS. But Tik hardware is not designed for QoE appliances. This will tax the CPU like hell in a production environment.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Routing packets based on DSCP tag

Wed Nov 16, 2022 5:15 pm

Well, when you have already given up on fast path or fast track there is not much difference... and in cases where you want all kinds of different routing marks, you likely have to turn that off anyway.
Indeed you can use the DSCP tag in this way, but beware that there may already be a DSCP tag (nonzero) on part of your traffic, so you need to be prepared for that.
Also, it is probably not a good idea to just pick 2 random values and use those. It may be safer to study how TOS and DSCP work and then select values that do not have unintended side-effects later in the chain.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Routing packets based on DSCP tag

Wed Nov 16, 2022 5:44 pm

Correct, like check if DSCP is 0 or not:
/ip firewall mangle
add chain=forward in-interface=<LAN1-INTERFACE> out-interface=<WAN-INTERFACE> action=change-dscp new-dscp=11 passthrough=yes dscp=0
And DSCP can be from 0 to 63, other values are reserved (and not accepted) for ECN that use the last two bit of ex TOS field.
Last edited by rextended on Thu Nov 17, 2022 1:54 pm, edited 1 time in total.
 
cyrusd
just joined
Topic Author
Posts: 15
Joined: Fri Jan 22, 2021 11:43 pm

Re: Routing packets based on DSCP tag

Thu Nov 17, 2022 10:18 am

While this is perfectly possible on RouterOS. But Tik hardware is not designed for QoE appliances. This will tax the CPU like hell in a production environment.
So what's the proper way to do it, except using the source IP address?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Routing packets based on DSCP tag

Thu Nov 17, 2022 11:12 am

What model of router do you have, and what speed do you expect to get?

Who is online

Users browsing this forum: ItchyAnkle, menyarito and 82 guests