Hello and Welcome Everyone,

I have two routers, and they both have access to the Internet. Both routers are also connected via a /30 PTP IP and can ping one another.

I have different network subnets in my 2nd router and all my network is connected from it. I just want to shift some Network prefixes to my 1st router from my 2nd router and apply NAT and QOS policies on those prefixes on 1st router also these prefixes have access to the internet via this 1st router.

can you please let me know what setting is required on both ends I searched too much about its solution but did not reach any results.

The diagram is attached.

Double posting is considered poor form and both lack device configurations.
viewtopic.php?t=214573

Double posting is considered poor form and both lack device configurations.
viewtopic.php?t=214573

duplicated topic was locked

It seems so easy that I am afraid I have missed some important point. And if there is indeed none, it may be the reason why you cannot find anything online - this is a very basic routing scenario so no one bothers to boast "I have made it".

• assign addresses from the subnets you want to live on the 1st router to interfaces on the 1st router, and assign addresses from subnets you want to live on the 2nd router to interfaces on the 2nd one.
• if not done yet, make default routes on both routers use the remote address in the uplink /30 subnet.
• also on both routers, create a route to 172.16.0.0/20 with the address of the other router within the 10.10.12.0/30 as a gateway.

If multiple routes match the destination, the one with the longest (i.e. most precisely matching) prefix wins, so the routers will only send to each other the traffic for those subnets within 172.16.0.0/20 that they have no own address in.

If someone sends a packet to an address from the 172.23.0.0-172.31.255.255 range, which is not used on any of the two routers, the packet will circulate between the routers until its TTL expires. If you expect this to happen too often, you can add blackhole routes to 172.23.0.0/16 and 172.24.0.0/21 on both routers.

If you want it fancy, you can configure OSPF or another dynamic routing protocol so that you could move the subnets between the router easily in the future, but for just two routers, it seems to me more like an exercise if you want to improve your skills in this direction. If you do that, the OSPF will install only routes to subnets used on the other router into the fib, but you will still need a blackhole route to 172.16.0.0/20 to prevent any eventual traffic towards unused addresses to be sent to the internet (and waste your uplink bandwidth).

Dear Sindy,

Thanks for your reply and explanation. I have tried OSPF, but the issue is that I have my 172.16.0.0/16, 172.17.0.0/16, 172.18.0.0/16, and other prefixes in the Router B routing table with /16 subnet and I want to send prefixes shared in the image with /24 subnet.

for your information I don't have any IP routing in Router A and all prefixes are routed in Router B and just want to send a few prefixes with /24 to Router A and also apply NAT and QoS policy on them in Router A.

I have my 172.16.0.0/16, 172.17.0.0/16, 172.18.0.0/16, and other prefixes in the Router B routing table with /16 subnet and I want to send prefixes shared in the image with /24 subnet.

So after all it is not that simple as you've outlined in your first post, thus my suspicion that I was missing something was correct

But it is nevertheless strange - although the router adds the routes learned via dynamic routing protocols with high distance values by design, the prefix length is taken into account first. So for a destination address 172.21.x.y, a route to 172.21.0.0/24 with distance=110 wil be chosen although a route to 172.21.0.0/16 with distance=1 exists. I.e. my suggestion to add just a route to 172.16.0.0/12 cannot work as you have added those /16 routes that shadow the /12 one, but OSPF should shadow those /16 ones by /24 ones.

So we have two mysteries now - why do you need those /16 routes at all, given that no other destinations within 172.16.0.0/12 than the /24 ones are shown on your diagram, and why OSPF does not shadow them.

I don't have any IP routing in Router A and all prefixes are routed in Router B and just want to send a few prefixes with /24 to Router A and also apply NAT and QoS policy on them in Router A.

Here I am confused. If you add an address from some subnet to a router, a route to that subnet is added dynamically as well. If you add addresses from multiple subnets, the hosts in these subnets can use the router's addresses in their own subnets as gateways to the other subnets.


So if we forget all the above, which stems from my initial understanding of your post - maybe I got it totally wrong and what you actually have in mind is that you want all the hosts in all the subnets (including 172.20.0.0/24 and 172.21.0.0/24) to stay connected to CCR2 and use it as their gateway, but you want the hosts in 172.20.0.0/24 and 172.21.0.0/24 to access the internet via CCR-1, using its internet uplink?

So if we forget all the above, which stems from my initial understanding of your post - maybe I got it totally wrong and what you actually have in mind is that you want all the hosts in all the subnets (including 172.20.0.0/24 and 172.21.0.0/24) to stay connected to CCR2 and use it as their gateway, but you want the hosts in 172.20.0.0/24 and 172.21.0.0/24 to access the internet via CCR-1, using its internet uplink?
[/quote]

I have RIPV2 in my Inter Routing between my Switches and CCR2 Routers. where I am getting my subnets with /16 from different sites switches.

Yes I want that all hosts in all subnets have to be connected to CCR2 and for there Internet access just few subnets have access to internet via CCR-1 uplink.

OK. This is in fact very similar to having two uplinks connected directly to CCR2 and using each of them for access to internet from another set of local subnets. In another words, you can think of CCR1 as of another ISP router providing internet access for CCR2.

The key here is that the routing must take into account some other attribute of a packet than the destination address, and in such cases, you cannot use one routing table for all - you have to deploy "policy routing", which consists in adding one or more additional routing tables and some routing rules or, in more complicated setups, mangle rules that match on the "other attributes" (in your case, the source addresses) and let those rules select the routing table to be used for that packet.

So in your case, the only thing that needs to be done on CCR1 is to add routes to 172.21.0.0/24 and 172.22.0.0/24 via 10.10.12.2 manually, unless you have already added them before or unless it learns them via a dynamic routing protocol.

On CCR2, you need something like this:
/routing/table/add name=via-CCR1 fib
/ip/route/add routing-table=via-CCR1 gateway=10.10.12.1
/routing/rule/add src-address=172.20.0.0/24 action=lookup-only-in-table table=via-CCR1
/routing/rule/add src-address=172.21.0.0/24 action=lookup-only-in-table table=via-CCR1

Depending on your existing configuration, you may or may not have to exempt 172.20.0.0/24 and 172.21.0.0/24 from getting handled by the QoS setup on CCR2, so that only the QoS rules on the CCR1 would affect them. But without seeing the exports of your current configurations of CCR1 and CCR2, I cannot be more precise.

OK. This is in fact very similar to having two uplinks connected directly to CCR2 and using each of them for access to internet from another set of local subnets. In another words, you can think of CCR1 as of another ISP router providing internet access for CCR2.

The key here is that the routing must take into account some other attribute of a packet than the destination address, and in such cases, you cannot use one routing table for all - you have to deploy "policy routing", which consists in adding one or more additional routing tables and some routing rules or, in more complicated setups, mangle rules that match on the "other attributes" (in your case, the source addresses) and let those rules select the routing table to be used for that packet.

So in your case, the only thing that needs to be done on CCR1 is to add routes to 172.21.0.0/24 and 172.22.0.0/24 via 10.10.12.2 manually, unless you have already added them before or unless it learns them via a dynamic routing protocol.

On CCR2, you need something like this:
/routing/table/add name=via-CCR1 fib
/ip/route/add routing-table=via-CCR1 gateway=10.10.12.1
/routing/rule/add src-address=172.20.0.0/24 action=lookup-only-in-table table=via-CCR1
/routing/rule/add src-address=172.21.0.0/24 action=lookup-only-in-table table=via-CCR1

Depending on your existing configuration, you may or may not have to exempt 172.20.0.0/24 and 172.21.0.0/24 from getting handled by the QoS setup on CCR2, so that only the QoS rules on the CCR1 would affect them. But without seeing the exports of your current configurations of CCR1 and CCR2, I cannot be more precise.

Dear Sir,

thanks for your support. I have added the above configuration but no positive result. I will be happy if you please let me know when you have free time that i provide you anydesk access and you can check the config.

please let me know when you have free time that i provide you anydesk access and you can check the config.

Can you follow the instructions in viewtopic.php?p=902082#p902082 ?