Community discussions

MikroTik App
  4. RouterOS
  5. General

Why is default gateway reachable through two interfaces?

Post Reply
 
perni
newbie
Topic Author
Posts: 30
Joined: Thu May 13, 2010 11:58 pm

Why is default gateway reachable through two interfaces?

Tue May 22, 2012 10:50 pm

I have two interfaces (WAN1 and WAN2) connected to my ISP.
I would like to use WAN1 for normal internet access and WAN2 for incoming tunnels like PPTP and SSTP for example.

I use one dhcp client for each of the interfaces to gain two external IP addresses.
One of the clients are told to add-default-route and it will add the default route to the IP of the ISP provided gateway.
I have NAT and filter settings based on Interface.
Code: Select all
 /ip dhcp-client print
Flags: X - disabled, I - invalid
 #   INTERFACE                         USE ADD STATUS        ADDRESS
 0   WAN1                              yes yes bound         83.233.113.217/25
 1   WAN2                              no  no  bound         83.233.113.156/25

So far everything works fine, but every now and then, I gain IP addresses of the same subnet.
Code: Select all
> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.112.1/24   192.168.112.0   Optional
 1   192.168.110.1/24   192.168.110.0   Trusted
 2 D 83.233.113.217/25  83.233.113.128  WAN1
 3 D 83.233.113.156/25  83.233.113.128  WAN2
This means that my default route tells me that the gateway is reached through both WAN1 and WAN2. This is correct.
But the RouterOS selects WAN2 to use (why does it do that?) and then my firewal rules does not apply anymore as they are defined per interface.
Code: Select all
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 0 ADS  dst-address=0.0.0.0/0 gateway=83.233.113.129 gateway-status=83.233.113.129 reachable via  WAN2 distance=0 scope=30 target-scope=10
        vrf-interface=WAN1
 1 ADC  dst-address=83.233.113.128/25 pref-src=83.233.113.217 gateway=WAN1,WAN2 gateway-status=WAN1 reachable,WAN2 reachable diset-scope=10
 2 ADC  dst-address=192.168.110.0/24 pref-src=192.168.110.1 gateway=Trusted gateway-status=Trusted reachable distance=0 scope=10
 3 ADC  dst-address=192.168.112.0/24 pref-src=192.168.112.1 gateway=Optional gateway-status=Optional reachable distance=0 scope=10
How can I tell my RouterBoard that the default route shall communciate through WAN1 only, even though it can be reached throuch WAN2?
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: Why is default gateway reachable through two interfaces?

Wed May 23, 2012 5:45 pm

Have you considered tagging the traffic normal internet traffic and the incoming traffic with different routing marks. Adding routing filter to modify your dynamic route then editing your other route?
Top
 
changeip
Forum Guru
Forum Guru
Posts: 3833
Joined: Fri May 28, 2004 5:22 pm

Re: Why is default gateway reachable through two interfaces?

Wed May 23, 2012 6:00 pm

can you change the dhcp client on wan2 to have a higher default gateway cost?
Top
 
perni
newbie
Topic Author
Posts: 30
Joined: Thu May 13, 2010 11:58 pm

Re: Why is default gateway reachable through two interfaces?

Wed May 23, 2012 10:27 pm

can you change the dhcp client on wan2 to have a higher default gateway cost?
I don't want to route to WAN2. But if i tell the dhcp client to add a default route but at a high cost then WAN1 is selected.
This works, but I feel that this solution is to "fool" the RouterOS to do what I want.

Thanks for the suggestion anyway.
Top
 
perni
newbie
Topic Author
Posts: 30
Joined: Thu May 13, 2010 11:58 pm

Re: Why is default gateway reachable through two interfaces?

Wed May 23, 2012 10:47 pm

Have you considered tagging the traffic normal internet traffic and the incoming traffic with different routing marks. Adding routing filter to modify your dynamic route then editing your other route?
Yes, I've been thinking about this, but I don't really know how to do.
If I mangle 0.0.0.0/0 with a routing mark, isn't all packages marked then? Or does other routing rules catch the packages before the default route rule? (Do I make myself understood?)

In the routing rule I can slect dst-address 0.0.0.0/0 directly. Can I use this instead of my using a routing mark?

I would appreciate an example.
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: Why is default gateway reachable through two interfaces?

Wed May 23, 2012 11:58 pm

In Mangle mark your source address range with the action to add a routing mark.

In routing filter add filter for dynamic routes to use your routing mark.
Top
 
perni
newbie
Topic Author
Posts: 30
Joined: Thu May 13, 2010 11:58 pm

Re: Why is default gateway reachable through two interfaces?

Wed Jul 18, 2012 1:00 am

Unfortunately these suggestions does not help. Both with mangle and routing rule I can specify different routes (by using different routing marks).
BUT, I have one gateway with one route that is reachable through two interfaces and hence RouterOS treats this as an ECMP route.

It is possible to specify a gateway using x.x.x.x%eth1, but the dhcp-client does not do this when I use it to add the default gateway :(

I guessed for a while that it was possible to specify this through /routing filter on the dynamic-in chain, but I could not find a way to specify a new gateway, or to specify interface for it.

Does anyone have a clue on how to make this work?
Top
 
pacoss
newbie
Posts: 36
Joined: Wed Jul 20, 2011 5:21 pm

Re: Why is default gateway reachable through two interfaces?

Wed Jul 18, 2012 2:16 am

If you are doing NAT, it's easy, using 2 nat rules and selecting the In and Out (WANx) interface for each one.
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7198
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Why is default gateway reachable through two interfaces?

Wed Jul 18, 2012 11:57 am

Both addresses are from the same subnet, that is the problem. Either you use VRFs or two routers, one for each address.
Top
 
perni
newbie
Topic Author
Posts: 30
Joined: Thu May 13, 2010 11:58 pm

Re: Why is default gateway reachable through two interfaces?

Mon Oct 15, 2012 11:24 am

Both addresses are from the same subnet, that is the problem. Either you use VRFs or two routers, one for each address.
My two interfaces WAN1 and WAN2 both reach the gateway as they have addresses on the same subnet. In this case RouterOS selects an arbitrary one of them.
I want my default route communication through WAN1, only, and not through WAN2.

Solution:
I added a VRF on WAN2 for routing-mark "Disabled"
Code: Select all
  /ip route vrf
  add disabled=no interfaces=WAN2 routing-mark=Disabled
I don't use the routing mark "Disabled" anywhere and hence that VRF is never matched and WAN2 is never used.
I don't think that VRF is intended to be used in this way, but at least it is a decent solution for what I want to accomplish.
Top
Post Reply
  4. RouterOS
  5. General