Community discussions

MikroTik App
 
User avatar
Panbambaryla
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Jun 08, 2019 12:12 pm

Problem with traffic marking

Sun Apr 10, 2022 12:19 am

Hi,
I am struggling with a problem when I am tracing the path from LAN to ISP1 USER IP network where my first hop gives me * * * like this:
root@unifi:~# traceroute -In 5.5.2.45
traceroute to 5.5.2.45 (5.5.2.45), 30 hops max, 60 byte packets
 1  * * *
 2  5.5.2.45  0.443 ms * *
but it is enough if I turn on:
add comment="" distance=1 dst-address=192.168.1.0/24 gateway=bridge-LAN pref-src=192.168.1.254 routing-mark=to_WAN-MM
or disable the line:
add action=mark-routing chain=output comment="mark routing to WAN-MM" connection-mark=WAN-MM_in new-routing-mark=to_WAN-MM passthrough=no
and everything works as expected:
root@unifi:~# traceroute -In 5.5.2.45
traceroute to 5.5.2.45 (5.5.2.45), 30 hops max, 60 byte packets
 1  192.168.1.254  0.225 ms  0.220 ms  0.219 ms
 2  5.5.2.45  0.443 ms * *
Here is the packet sniffer result of this command:
#    TIME INTERFACE             SRC-ADDRESS      DST-ADDRESS     IP-PROTOCOL  SIZE CPU FP 
 5    3.96 sfp-plus-LAN          192.168.1.202    5.5.2.45        icmp           74   2 no 
 6    3.96 bridge-LAN            192.168.1.202    5.5.2.45        icmp           74   2 no 
 7    3.96 ether6-WAN-MM-ISP     192.168.1.254    192.168.1.202   icmp          102   2 no 
 8    3.96 sfp-plus-LAN          192.168.1.202    5.5.2.45        icmp           74   2 no 
 9    3.96 bridge-LAN            192.168.1.202    5.5.2.45        icmp           74   2 no 
10    3.96 ether6-WAN-MM-ISP     192.168.1.254    192.168.1.202   icmp          102   2 no 
11    3.96 sfp-plus-LAN          192.168.1.202    5.5.2.45        icmp           74   2 no 
12    3.96 bridge-LAN            192.168.1.202    5.5.2.45        icmp           74   2 no 
13    3.96 ether6-WAN-MM-ISP     192.168.1.254    192.168.1.202   icmp          102   2 no 
14    3.96 sfp-plus-LAN          192.168.1.202    5.5.2.45        icmp           74   2 no 
15    3.96 bridge-LAN            192.168.1.202    5.5.2.45        icmp           74   2 no 
16    3.96 bridge-WAN-OR         192.168.1.202    5.5.2.45        icmp           74   2 no 
17    3.96 sfp-plus-LAN          192.168.1.202    5.5.2.45        icmp           74   2 no 
18    3.96 bridge-LAN            192.168.1.202    5.5.2.45        icmp           74   2 no 
19    3.96 bridge-WAN-OR         192.168.1.202    5.5.2.45        icmp           74   2 no 

So few packets come back from WAN-MM-ISP interface when the first ping with TTL=1 is sent. But why does router respond from this interface if traffic is sent to the other one? I won't find peace if I won't resolve this riddle... :wink: Everything works but cannot understand this strange behaviour.

Some remarks:
1) I don't want to do connection-tracking on my user public IP scope, as there will be another router; just simple routing saving my CPU cycles
2) VLAN 30 is just prepared - so far the OFFICE traffic is sent untaged on bridge-LAN
3) all pings form inside and outside work fine to ROS interfaces and forwarded ones except this one traceroute

The configuration and a small diagram is attached to this post. Please, let me know your findings.
Thanks in advance.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: herger, konradnh, lkeszt and 42 guests