Community discussions

MikroTik App
 
Dan5r
just joined
Topic Author
Posts: 18
Joined: Fri Apr 16, 2021 2:56 pm

Recursive routing using LTE

Sat Dec 31, 2022 7:26 pm

Hi All,
I hope someone can help me with the following, I have one static ip address which will be my default route to the internet on ether1, I also have a SXT LTE which is connected to ether2 and providing a dynamic ip, i followed this tutorial: https://www.youtube.com/watch?v=eTmpBAAW_pQ&t=993s.
The issue I am facing is that I know the gateway for ether1 which will remain static but not for ether2, question is how I deal with this, the nature of the LTE connection means the ip/gateway will constantly be changing. I did the following:

add dst-address=1.0.0.1 gateway=192.168.199.1 scope=10
add dst-address=4.2.2.2 gateway=ether2 scope=10
add dst-address=0.0.0.0/0 gateway=1.0.0.1 target scope=11
check-gateway=ping distance=1
add dst-address=0.0.0.0/0 gateway=4.2.2.2 target scope=11
check-gateway=ping distance=2

my config below:
/ip route
add comment="monitor external host via isp2" disabled=no distance=1 \
dst-address=4.2.2.2/32 gateway=ether2 pref-src="" routing-table=main scope=\
10 suppress-hw-offload=no target-scope=10
add comment="monitor external host via isp1" disabled=no distance=1 \
dst-address=1.0.0.1/32 gateway=192.168.199.1 pref-src="" routing-table=main \
scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="default main route via isp1" disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=1.0.0.1 pref-src="" routing-table=\
main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="failover route via isp2" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=4.2.2.2 routing-table=main \
suppress-hw-offload=no target-scope=11
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether2 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10

This the result of the config:
download/file.php?mode=view&id=57299


Any help will be greatly appreciated
You do not have the required permissions to view the files attached to this post.
Last edited by Dan5r on Sat Dec 31, 2022 7:48 pm, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Recursive routing using LTE

Sat Dec 31, 2022 7:46 pm

Unless there is some traffic that has to prefer the LTE uplink even when the wired one is available, the easiest way is to simply not monitor the LTE. If it fails, there is nothing you could do anyway.

If you indeed need to monitor the transparency of the LTE uplink, you have to use a scheduled script to copy the gateway IP from the default route that is added dynamically (and set the apn profile to add the default route with a high value of distance). Unless your LTE modem is one of those few models for which you have to manually add a DHCP client.
 
Dan5r
just joined
Topic Author
Posts: 18
Joined: Fri Apr 16, 2021 2:56 pm

Re: Recursive routing using LTE

Sat Dec 31, 2022 8:16 pm

thanks for the advice and it makes sense in certain circumstances not to monitor the LTE connection, but If I did want to get the recursive routing working, how would I go around it, perhaps it will help others that come across the same issue
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Recursive routing using LTE

Sat Dec 31, 2022 8:48 pm

If I did want to get the recursive routing working, how would I go around it, perhaps it will help others that come across the same issue
That's the second part of my post... but there are several ways how RouterOS adds the LTE address and default route. What I have seen so far was
1. a DHCP client dynamically attached to the lte interface,
2. a /32 address attached to the lte interface without any DHCP client (in this case, the default route is added with the interface name as the gateway),
3. most rarely, you have to add the DHCP client manually.
But you cannot choose - this is chosen automatically depending on the model of the LTE modem.

From the point of view of recursive routing,
3. is the easiest one - you can set the script parameter of the DHCP client row to update the gateway of the manually added /32 route.
1. can be only handled using a scheduled script, as there is no event you could link it to and the apn profile doesn't have a script item.
2. is the most complicated one in ROS 6 where the recursive routing can only work with just IP addresses as gateways; in ROS 7, the lowermost route in the recursive routing hierarchy may have an interface as a gateway. For ROS 6 I have an idea but I have to try it first.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Recursive routing using LTE

Sat Dec 31, 2022 10:38 pm

So for case 2., you have to cheat. The address and route added dynamically look as follows:
[me@myTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
...
 2 D 100.111.95.31/32   100.111.95.31   lte1
 
[me@myTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
...
 3  DS  0.0.0.0/0                          lte1                      5
If a gateway of a route is a point-to-multipoint interface, RouterOS sends ARP requests for the destination IP address and expects the eventual routers connected to that interface to support the ARP proxy functionality, where the router responds with its own MAC address to ARP requests for any IP address it has a route to. Which is what the LTE modem does. But RouterOS doesn't allow to define a static ARP record, stating that the interface doesn't support ARP although it does use it internally.

So to satisfy the requirements of the recursive routing, you have to manually add the same address to the LTE interface again (because for some reason, a masquerade rule prefers the manually assigned address), but with network set to some private address you don't use anywhere in your network, and use that auxiliary address as the gateway for the bottommost server route in the recursive route hierarchy, something like:
/ip address add address=100.111.95.31/32 network=10.10.10.10 interface=lte1
/ip route add dst-address=8.8.8.8 gateway=10.10.10.10 scope=10
/ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 target-scope=11 check-gateway=ping
Of course, addition of these configuration items manually is only sufficient to check that the idea works; to make it practically useful, you also have to use a scheduled script to update the manually added address each time the dynamically assigned one changes. Also, the auxiliary address must be outside the range from which the LTE ISP assigns addresses to clients.
 
Dan5r
just joined
Topic Author
Posts: 18
Joined: Fri Apr 16, 2021 2:56 pm

Re: Recursive routing using LTE

Sat Dec 31, 2022 11:53 pm

thanks again for the info, I found a scrip on github by misterkrittin, which works, here is the script

####################################################################################
## [How To Set-up]
## IP > DHCP Client > Select WAN Interface > Add Default Route: no
## IP > DHCP Client > Select WAN Interface > Advance Tabs > Script: Paste Script
####################################################################################

:if ($bound=1) do={
/ip route add distance=1 gateway=$"gateway-address" dst-address="8.8.8.8" scope=30 target-scope=10 comment="ISP2"
/ip route add distance=2 gateway="8.8.8.8" check-gateway=ping scope=30 target-scope=30 comment="ISP2"
} else={
/ip route remove [/ip route find comment="ISP2"]
}

download/file.php?mode=view&id=57306&si ... 5f087acf2c
You do not have the required permissions to view the files attached to this post.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Recursive routing using LTE

Wed Nov 08, 2023 12:38 pm

Hey @sindy, I couldn't find a better and clearer way on the entire forum of explaining this!!

So to satisfy the requirements of the recursive routing, you have to manually add the same address to the LTE interface again (because for some reason, a masquerade rule prefers the manually assigned address), but with network set to some private address you don't use anywhere in your network, and use that auxiliary address as the gateway for the bottommost server route in the recursive route hierarchy...

Of course, addition of these configuration items manually is only sufficient to check that the idea works; to make it practically useful, you also have to use a scheduled script to update the manually added address each time the dynamically assigned one changes. Also, the auxiliary address must be outside the range from which the LTE ISP assigns addresses to clients.
Of course my luck is that I have a MT device where ROS adds the LTE as a default route using "option 2" -
But you cannot choose - this is chosen automatically depending on the model of the LTE modem.
~~~
a /32 address attached to the lte interface without any DHCP client (in this case, the default route is added with the interface name as the gateway).
~~~
From the point of view of recursive routing,
~~~
is the most complicated one in ROS 6 where the recursive routing can only work with just IP addresses as gateways; in ROS 7, the lowermost route in the recursive routing hierarchy may have an interface as a gateway. For ROS 6 I have an idea but I have to try it first.
[If you ask me, I believe this "(because for some reason, a masquerade rule prefers the manually assigned address)" is maybe something that MT might help with in future releases...]

Anyway, I manually added the current LTE IP address (again) with a "fake network" and the idea works as expected for me!

However:
Of course, addition of these configuration items manually is only sufficient to check that the idea works; to make it practically useful, you also have to use a scheduled script to update the manually added address each time the dynamically assigned one changes.
The challenge is that I cannot find any script examples to achieve this, it could very well be my searching ability and/or the choice of words, but is there any chance anyone can point me in the right direction please?

Many thanks,
B
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Recursive routing using LTE

Wed Nov 08, 2023 1:37 pm

The challenge is that I cannot find any script examples to achieve this, it could very well be my searching ability and/or the choice of words, but is there any chance anyone can point me in the right direction please?
You'll probably need a lot of debugging as I write this without a possibility to test it, but here you go:
/ip address {
  :local dynAddr [get [find where dynamic interface=lte1] address]
  :local manAddrId [find where !dynamic interface=lte1]
  :if ([get $manAddrId address] != $dynAddr) do={
    set $manAddrId address=$dynAddr
  }
}
First change the manually configured address to a wrong one, then run this script manually. If it does what it is supposed to do, i.e. adjusts the manually configured address to the value of the one assigned dynamically, add a scheduler row that will run this script every 15 seconds or so. The script only changes configuration if necessary so no unnecessary flash writes take place.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Recursive routing using LTE

Wed Nov 08, 2023 4:35 pm

Thanks for the prompt reply and the valuable data @sindy, but it doesn't seem to do anything, however I appreciate you compiled this blindly.
It doesn't "correct" the entry with the correct address.

Many thanks,
B
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Recursive routing using LTE

Wed Nov 08, 2023 8:42 pm

It doesn't "correct" the entry with the correct address.
When you run the script manually, does it throw any error or it just silently does nothing?

In general debugging 5 lines of code via a forum with a round-trip time of several hours is a bad idea. So you if you want me to assist, follow the suggestion in this post or you can just post your phone number or e-mail address here and delete it once I send you a message. A hint - "plus four four" is more robot-proof than "+44". Bear in mind that the message may stay here for some hours - the e-mail notifications aren't fast, or even reliable, these days, and also my time zone is not the same as yours.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Recursive routing using LTE

Thu Nov 09, 2023 11:17 am

I've realized that this very script can actually be used with any kind of point-to-point tunnel interface, not necessarily a LTE one. So I ran it on my test CHR and it did what it was expected to do. The only modification I've done was that I have replaced lte1 by <pppoe-test> to match the test environment. So the issue is not the script itself.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Recursive routing using LTE

Thu Nov 09, 2023 2:55 pm

Hey @sindy, thank you once again...
When you run the script manually, does it throw any error or it just silently does nothing?
yeah, silently does nothing... but now I'm doubting I'm running the script in/from the right place...

openssl base64 -e -in phone.enc
HIewtajB17dnNWEvl2zWZDz9Z5ZSAiBWjoS2nhoHUATLtZLTLgNenby4I3U9EbcC
OTrlEF9k/b2MGS8YEKS9ZSsoqB2eNhZcsM14eNgelnR0VkAsQfa4yoMhydSKJlzD
ta/eX2Gmc1dCjCdi44jrU0SI3skvPQo8gpN2q/2MltET5GLM2yOWthyqx2MF1Px1
Q1Dx6O7siC5De4/jT7JJBXrKjqT+rQo/Z166vK8HnHNsaxDYLJ4JWr6bzs/9e9IP
/+3dkynLwsjCqXYoD3NgtqFRyARF8bViMHMXKtVyrRqushClqRztals2BgOVkKS1
kiIzg7haVfOspTR4prVAIrrehRK1LHlEXM7uQfdG3tt+IT3d73ITZL9CUGmsF4LU
yQuliHHK/pLTuxKbg1Dkp4GSvJ5l6dKc5Big06A67icrE9onlx0MtOUn5lxOv/j/
zf32RntLqrQyO2OjdZNVdqIdZdsU9izYLB4Eyl2I8l8cnWBiBfVIueIlLx18z1oW
bklBwAu7rVuxqtMvlwcOFSVvWJnElcJGQH3rdRIIuHEhdswQDuE5DPVegw7X2QT+
hU980uQCvOphYHbGJ5QJ3WuYusoTQh+UoUQ+GhtH7oQCNmBx9asB4ig41ylvYz9i
/FWqNkUzph+t/AfbuUM7tmMutc13VihPnvr9MR2G43U=

FYI - the post you quoted includes a deprecated command:
"The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead"

Who is online

Users browsing this forum: Amazon [Bot] and 32 guests