Community discussions

MikroTik App
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Marked routes with policy routing slow responses

Mon Mar 13, 2023 8:19 pm

RB 952Ui-xxxxx hAP ac, v 7.8 CPU usage <10%, 60% free memory

I set up policy routing in a dual WAN config and the connection initiation and packets in general via the route that matches policy seem to be slowed down in the router. For instance it can take several seconds or more to establish a ssh session with hosts on the route that matches policy and then once the session is established, it can take a few seconds to get what you entered in the console echoed back. Traffic is routing as desired and the traffic to the non-policy route is performing normally.

/routing/table print
 D   name="main" fib 

    name="ArouteTable" fib 

/ip/firewall/mangle> print detail 

   ;;; Mark A routing
      chain=prerouting action=mark-routing new-routing-mark=ArouteTable passthrough=yes src-address-list="" dst-address-list=Alist
      connection-mark="" in-interface-list=LAN log=no log-prefix="" 

/ip route print detail
As   dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=10.18.18.17 immediate-gw=10.18.18.17%ether5 distance=1 scope=30 
         target-scope=10 suppress-hw-offload=no 

As   dst-address=0.0.0.0/0 routing-table=ArouteTable pref-src="" gateway=192.168.0.1 immediate-gw=192.168.0.1%ether1 distance=1 
         scope=30 target-scope=10 suppress-hw-offload=no 

If I add the following, traffic to 1.2.3.4 performs normally and the rest of the Alist host traffic continues to perform poorly.

/routing/rule print 
 0   dst-address=1.2.3.4 action=lookup-only-in-table table=ArouteTable 

Am I missing something in config? Am I expecting too much our of a tiny single-core processor? I really don't want to add a rule for each entry in the Alist, that kind of obviates policy routing and might as well just add individual routes. I see nothing interesting in the logs. Ideas? Am I missing something or mis-interpreting documentation?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Marked routes with policy routing slow responses

Mon Mar 13, 2023 10:18 pm

Impossible to tell, you didnt provide your config!!
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Re: Marked routes with policy routing slow responses

Tue Mar 14, 2023 7:04 am

I pasted the part of the config to show what I had done in the specific areas, the problem was not that it was not working, it was not performing well. It turns out that the K2 "Destination Based" section found in this informative post is quite useful unlike some of the sparse v7 documentation:

viewtopic.php?t=182373

The problem turned out to be fasttrack. I added fastrack rules as indicated in the above post and the policy routed traffic now behaves nicely.

I hope this post and the post indicated above are helpful and save someone some tedious testing and troubleshooting in the future.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Marked routes with policy routing slow responses

Tue Mar 14, 2023 5:44 pm

There is also another way to deal with mangling in fastrack depending upon the complexity of the scenario. See if you can spot it??

/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-mark=no mark connection-state=established,related hw-offload=yes



PS. I dont think it applies in your scenario but it may be helpful in others.

Who is online

Users browsing this forum: No registered users and 21 guests