Community discussions

MikroTik App
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 12:19 am

Hi everyone,

I have this default rule in IP->Firewall->Filter rules:
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=
In order to get kind of a Load Balancing on two subnets, I also added these two rules in Mangle:
chain=prerouting action=mark-routing new-routing-mark=MainLan src-address=192.168.3.0/24 log=no log-prefix=
chain=prerouting action=mark-routing new-routing-mark=GuestLan src-address=10.10.10.0/24 log=no log-prefix=
I then modified the setup in IP->Routes of the two WANs (A recursive failover is set on them as well):
A S  dst-address=0.0.0.0/0 gateway=1.1.1.1 gateway-status=1.1.1.1 recursive via xxx.xx.x.xx ether5_WAN2 distance=2 scope=30 target-scope=10 routing-mark=MainLan 

 1 A S  dst-address=0.0.0.0/0 gateway=8.8.8.8 gateway-status=8.8.8.8 recursive via xxx.xxx.xx.xx wlan1_WAN1 distance=1 scope=30 target-scope=10 routing-mark=GuestLan 
So that when they are ON, my MAinLAN would use an internet connection and the GuestLAN the second one . Anyway, I read that if fasttrack is enabled prerouting rules don't work since it bypasses them, they say so at least , but my rules above work as expected nonetheless.

How comes? Did I fail to understand something here?
Thanks
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 10:12 am

Two possible explanations:
  • not all packets of fastracked connections actually take the fast path (I never bothered to measure whether it is 1/10 or 1/100 of them), so the connections work but slower as only those packets that take the regular path get the proper routing mark and reach the destination with the correct source address
  • you haven't stated what RouterBoard model you use. On a CHR in particular (and probably on x86 as well), no actual fasttracking happens, so all packets of connections marked as fasttracked do pass through the mangle.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 2:11 pm

Two possible explanations:
  • not all packets of fastracked connections actually take the fast path (I never bothered to measure whether it is 1/10 or 1/100 of them), so the connections work but slower as only those packets that take the regular path get the proper routing mark and reach the destination with the correct source address
I thought pretty much the same.
[*]you haven't stated what RouterBoard model you use. On a CHR in particular (and probably on x86 as well), no actual fasttracking happens, so all packets of connections marked as fasttracked do pass through the mangle.[/list]
hAP ac²
model = RBD52G-5HacD2HnD
RouterOS 6.49.1


Thanks
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 2:36 pm

If you have a real load distribution in mind, read this - depending on your uplink bandwidth, fasttracking half the traffic may still be better than no fasttracking at all.

If you'd be OK with just statically using another uplink for each of your two LANs (or, more generally, of two groups of LAN side addresses), you can assign the routing-mark using /ip route rule instead of mangle rules. Routing rules (and more important, routing cache) are used even for fasttracked packets.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 3:05 pm

If you have a real load distribution in mind, read this - depending on your uplink bandwidth, fasttracking half the traffic may still be better than no fasttracking at all.

Interesting, but it is a bit of an advanced topic for me now. I have just started learning Mangle. Anyway, I saved the page and I am going to read it again when I have a better understanding of Mangle and RouterOS in general. Thanks

If you'd be OK with just statically using another uplink for each of your two LANs (or, more generally, of two groups of LAN side addresses), you can assign the routing-mark using /ip route rule instead of mangle rules. Routing rules (and more important, routing cache) are used even for fasttracked packets.

Basic needs actually. My primary ISP connection speed is rather low, totally ok when I am the only one on the LAN at home, but when I have a few guests and they ask to get access to the internet, we all often find ourselves struggling to watch videos or even open webpages sometimes. My secondary (LTE) connection speed is quite good instead, and it is already set as my second WAN for failover. So, I though to make the most out of it, and also use it as a Load Balancing when I have friends and relatives at home. I (on the Mainlan) would use the LTE connection and they would use my ISP connection, when the rules are ON of course. I disabled them eventually.

So, should I go for "the route rule way" instead of mangle rules in this case? However, I have never used IP route rules before. What should I do in details?

Thanks
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 5:44 pm

Gone.
Last edited by msatter on Thu Sep 22, 2022 9:08 pm, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 6:19 pm

I have never used IP route rules before. What should I do in details?
/ip route rule add src-address=10.10.10.0/24 action=lookup table=GuestLan
will make all traffic from 10.10.10.0/24 be routed using table GuestLan, and all the rest using the default routing table called main, which consists of the routes without any explicit routing-mark. If you add a rule src-address=192.168.3.0/24 action=lookup table=MainLan, it will force traffic from 192.168.3.0/24 via table MainLan.

If action is set to lookup, the router will use routing table main for the packet if it doesn't find a route in the indicated routing table; if it is set to lookup-only-in-table, such a fallback will not take place.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Can Prerouting rules for Load balancing and Fasttrack work together?

Thu Sep 22, 2022 7:04 pm

/ip route rule add src-address=10.10.10.0/24 action=lookup table=GuestLan
In order to set "GuestLan" in the rule above, it means that I don't have to delete the prerouting rules in Mangle in which I marked the connection (new routing mark)?
But I miss the point then. Maybe I need to dive deeper into the Routing to understand this.


Thanks

Who is online

Users browsing this forum: Fl3tch, maigonis, sebus46 and 39 guests