Community discussions

MUM Europe 2020
 
roswitina
newbie
Topic Author
Posts: 26
Joined: Tue Mar 12, 2013 8:12 am

separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Tue Jul 23, 2019 9:18 am

I have a Mikrotik rb3011uias with the current firmware 6.46beta9testing.
I want to manage up to 4 separate internet accesses on this microtic.

ISP1 <-> LAN1; ISP2 <-> LAN2 ....

I don't want bundling and load balancing.

What is the simplest way to achieve this cleanly and transparently on the rb3011? I assume that Mangle - Roules will help me. How would I do that?
Is there another way that might be "easier"?
Internet accesses all have 200/40 MBit. Can I take full advantage of this solution (several separate ISPs on one microtic) for all accesses?

Rosi
 
sindy
Forum Guru
Forum Guru
Posts: 4198
Joined: Mon Dec 04, 2017 9:19 pm

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Tue Jul 23, 2019 9:37 am

Rather than mangling I'd use VRF in this case. With VRF, the routing-mark is assigned based on the in-interface of the packet, without any /ip firewall mangle or /ip route rule rules, and there is also no fallback to routing table main if no route with that routing-mark is found.

/ip route vrf add routing-mark=isp2 interfaces=wan-isp2,lan-isp2 will ensure that whatever comes in via one of these interfaces will get a routing mark isp2, and also that the dynamically added routes to connected subnets attached to those interfaces will be marked with that routing-mark. And by adding a default route through ISP2's gateway with routing-mark=isp2 you're done.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
roswitina
newbie
Topic Author
Posts: 26
Joined: Tue Mar 12, 2013 8:12 am

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Tue Jul 23, 2019 11:15 am

That sounds good. i'll try it and share my experience with you.

Question:
Do I have to set up a source NAT rule (masquerade) for each LAN with the respective routing-mark?

thank you
 
sindy
Forum Guru
Forum Guru
Posts: 4198
Joined: Mon Dec 04, 2017 9:19 pm

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Tue Jul 23, 2019 12:02 pm

If you need src-nat (or masquerade if the WAN address is dynamically changing), it is enough that the rules in chain=srcnat of /ip firewall nat match on out-interface. Unless you specify a routing-mark condition in them, they will act on a packet with any routing-mark. So it's not the same like routes where no routing-mark is equal to routing-mark=main.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
korg
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Tue Apr 26, 2016 4:10 pm

Re: separate internet access on one mikrotik; isp1 <-> lan1, isp2<-> lan2

Tue Jul 23, 2019 3:01 pm

Hi roswitina,

did you see my topic which have the same subject?

korg

Who is online

Users browsing this forum: No registered users and 78 guests