Community discussions

MikroTik App
 
User avatar
internetolog
just joined
Topic Author
Posts: 20
Joined: Wed Jan 31, 2007 5:40 pm
Location: Wilmington, DE
Contact:

Route clients based on their gateway IP

Wed Aug 03, 2022 3:49 am

Hi there,

Is it possible to route based on the clients gateway IP?
I am merging two routers into one. I have now 2 gateway interfaces.
Some of the IP addresses (actually around 200) was using the second router as gateway. I do not want to update all that clients one by one, but their gateway was the same.
Client group 1 has a gateway of 10.45.0.1 and the client group 2 has 10.45.0.2. When I had 2 routers and 2 separate gateways it was okay. But when I have a single router, I couldn't find a way to route these clients thru second interface. As I know, there is always a way of doing things with MikroTik, I am asking if I am missing something.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19117
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 4:11 am

Requirements are very loosey goosey..........
The answer is yes..................

Do you want WAN1 to be the only available ISP for group 1 (no failover to ISP2)
Do you want WAN2 to the only available ISP for group 2 (no failover to ISP1)

Lets say its two different internet providers and two diff business and never the twain shall meet.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Two Main Config Areas.

1. Routing
2. Firewall Rules.

(1) Lets say you have created two routes manually (not using add default route=yes in dhcp clients). If you have thats fine just pretend they look the same as the manually entered routes on the IP Route Table, which they essentially would. Also assuming using ver7 firmware.

/ip routes
add distance=1 dst-address=0.0.0.0/0 gateway=ISP1_Gateway table=main
add distance=1 dst-address=0.0.0.0/0 gateway=ISP2_Gateway table=main.

Now we need to create two duplicate routes but under a different Table.
First create the tables
/routing tables add name=useWAN1 fib
/routing tables add name=useWAN2 fib

Then the routes
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=ISP1_Gateway table=useWAN1
add distance=1 dst-address=0.0.0.0/0 gateway=ISP2_Gateway table=useWAN2

Finally the associated Route Rules to direct users to the new and appropriate tables.
/routing rule add src-address=10.45.0.0/24 action=lookup-only-in-table table=useWAN1
/routing rule add src-address=10.45.2.0/24 action=lookup-only-in-table table=useWAN2

Now this works and ASSUMES you have two separate subnets needing specific wan connectivity.
However your explanation as alluded to above was weak.
Where it falls apart is what do you mean by group of users ????????????

Clearly if the groups are distinct its easy. If you are trying to pull users from the SAME subnet to different ISPs, thats a dogs breakfast making it difficult.
The only way to do a partial subnet, large parts of a subnet into two different groups is via firewall address lists combined with mangling. (routing rules dont work with firewall address lists).

So you need to make clearer
how many groups are we talking,
What are the groups comprised of (where do they come from)
Besides internet access, what else do these groups need access to on the router, (other subnets for example, or specific servers).
 
User avatar
internetolog
just joined
Topic Author
Posts: 20
Joined: Wed Jan 31, 2007 5:40 pm
Location: Wilmington, DE
Contact:

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 5:06 am

thank you for your detailed explanation.

Actually they were all mixed. no special IP group at all. We wrote gateways in the time being.
There are no groups all mixed
Example
10.45.18.22, 10.45.3.153, 10.45.45.1, 10.45.72.113 etc.. The IP's are static, so the gateways are.
I wish they were grouped somehow but not.
Only concern is internet connection.

If there is no way routing based on their gateway address, the only thing I can think of is making a Address List of these IP addresses.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19117
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 5:29 am

Yes I am afraid so, you will have to make firewall lists of the two groups and use mangling of traffic to capture their traffic.
By putting all users in the same bucket (subnet) you have screwed yourself into a corner.
Witnessed once, by having to adjust every single gateway address and now with another sort of effort.
The smart move would be to create one bridge and two vlans and separate users in a practical way once and for all, into two different subnets.
If you still need them (the two groups) to talk to each other adjust the firewall rules accordingly.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 7:19 pm

You can attach an /interface vrrp to the client-facing interface and attach the other gateway IP address to it. Since VRRP interfaces have their own MAC addresses, the ARP requests sent by the clients for the IP address of the other gateway will be responded with the corresponding MAC address, and Mikrotik will handle packets coming to that MAC address as coming in via the VRRP interface rather than via the underlying physical one. So then you can let mangle rules or routing rules match on the VRRP interface name as the in-interface (in case of mangle rules) or just interface (in case of routing rules).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19117
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 8:51 pm

Genius........... When there is will there is a way.

So basically what you are saying is create a VRR interface ( translation transparent proxyish or vlanish type of way of handling routing outside the normal methods??)

a. create vrr interface aka give it a name
b. attach the current interface gateway to the VRR so this would be the single subnet or vlan that ALL the users are on?
c. attach ONE of the gateways to it ( the other group will go out normal routing to lets say WAN1, the group affiliated with this gateway will go out VRRF routing lets say WAN2)

Then we mangle traffic by vrrf name etc....... OR could we use route rule and interface as VRR for the argument thus avoiding mangling??

I am looking at the VRF entry and their is a table component when choosing VRF and thus one may not even need to route rule if the table referred to is already chosen?
Just create the table..........
May have to set the distance one lower than the main table??

++++++++++++++++++++++++++++++++++++++++++++

Thinking about this stuck again, if we attach an entire subnet to the VRF, we havent accomplished anything.................. except send all users out one gateway and not the two required.?????
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 8:58 pm

a. create vrr interface aka give it a name
Not just give it a name, also tell it to which physical interface to hook to (all the other parameters may be default ones as we will not have any other router in the setup)

b. attach the current interface gateway to the VRR so this would be the single subnet or vlan that ALL the users are on?
c. attach ONE of the gateways to it ( the other group will go out normal routing to lets say WAN1, the group affiliated with this gateway will go out VRRF routing lets say WAN2)
What you mean by "gateway" here... the IP address configured as a gateway for one group of clients (let's say the 10.45.0.1 one) will stay attached to the physical interface, and the IP address configured as a gateway for the other group of clients (10.45.0.2) will be attached to the VRRP interface (better with a /32 mask but in this particular case it doesn't really matter).

Then we mangle traffic by vrrf name etc....... OR could we use route rule and interface as VRR for the argument thus avoiding mangling??
You can use routing rules, mangling is not mandatory, as routing rules can match on interface name.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19117
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 9:00 pm

I am confused when looking at VRF settings.
It has a table choice on vers6 firmware.............
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Route clients based on their gateway IP

Wed Aug 03, 2022 11:32 pm

@anav: VRRP != VRF, see explanation of this here: viewtopic.php?t=138685

Who is online

Users browsing this forum: almdandi, araqiel, ips, mkx, Seko777 and 95 guests