Community discussions

MikroTik App
  4. RouterOS
  5. General

Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Post Reply
 
jaadu
just joined
Topic Author
Posts: 16
Joined: Mon Sep 30, 2013 6:14 am

Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Sat Apr 16, 2016 10:38 pm

I have an RB2011 with 3 WAN connections (2 DSL via PPPoE, 1 Cable via DHCP)

In the router I can ping from the two PPPoE interfaces to google.com, but not the Cable interface. From the Cable interface I can ping the ISP's gateway and DHCP server, but nothing beyond that.

The masquerade rules for each WAN interface is the same.
Code: Select all
chain=srcnat action=masquerade out-interface=wan2 
chain=srcnat action=masquerade out-interface=pppoe_1 
chain=srcnat action=masquerade out-interface=pppoe_3
Each WAN interface is set to create a default route with a different distance
Code: Select all
 ADS  0.0.0.0/0                          PPPoE1 gateway           1
   DS  0.0.0.0/0                           PPPoE2 gateway           2
   DS  0.0.0.0/0                           Cable gateway               3
I enabled logging of the masquerade rules and created input and ouput log rules in mangle to watch the pings. I can see the masquerade log and the ping packets in and out on the two PPPoE interfaces, but only see masquerade and outbound ping packets in the log for the Cable interface. There isn't anything coming inbound in response to the pings to google.com.

When I plug my laptop in to the cable modem directly, everything works.

Any thoughts or help is GREATLY appreciated.
Al
Top
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Sun Apr 17, 2016 11:58 am

Are you using mangle to add routing marks to packets?

disable the two pppoe added default routes, does ping through cable modem work now?
Top
 
jaadu
just joined
Topic Author
Posts: 16
Joined: Mon Sep 30, 2013 6:14 am

Re: Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Sun Apr 17, 2016 5:59 pm

I am using mangle to mark packets for QoS and routing marks for load balancing. There are 4 different networks that use Queue Tree to prioritize traffic. Things worked fine when I used ECMP to load balance the WAN connections, but I had a lot of complaints about the inability to use websites and various web services (like netflix) consistently due to connections coming from multiple source IPs for the same session. I switched to PCC with source IP and things are a lot more stable. Unfortunately I can't get out on the Cable modem now.

I have tried to use a routing mark to send the traffic from my laptop out the cable modem only, but I get the same behaviour as described above. I am trying to minimize the effect on my client's users.
Top
 
jaadu
just joined
Topic Author
Posts: 16
Joined: Mon Sep 30, 2013 6:14 am

Re: Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Tue Apr 19, 2016 2:55 pm

So ... I removed the entire config and then added it section by section back in from an export.

Turns out it was the way I was creating the route for the cable modem. I needed to refer to it's upstream gateway, not the interface. Which I can do on the PPPoE interfaces. If I have any routes referring to the interface, all working routes over that path stop working.

So my question is ... how do I get it to dynamically update the gateway without using a script?

I have used aacable's DUAL WAN LOAD BALANCING USING PCC WITH FAIL OVER without scripting. He uses recursion (very smart), but it is only for two WANs, not three.

Anyone know how to make this work for three WAN interfaces?
Code: Select all
###   ROUTE SECTION   ###
### Magic begins here
 
/ip route
# Adding static routes for Google/TW which will be used further below to test both WAN link connectivity
add dst-address=8.8.8.8 gateway=192.168.1.1 scope=10
add dst-address=221.132.112.8 gateway=192.168.2.1 scope=10
 
## Now we create route for PCC marked packets routing mark:
add distance=1 gateway=8.8.8.8 routing-mark=to_ISP1 check-gateway=ping
add distance=2 gateway=221.132.112.8 routing-mark=to_ISP2 check-gateway=ping
 
## Create destinations to "virtual" hops to be use in further routes
add dst-address=10.0.0.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.0.0.2 gateway=221.132.112.8 scope=10 target-scope=10 check-gateway=ping
 
## Add default routes for both isp's marked packets by PCC mangle section
add distance=1 gateway=10.0.0.1 routing-mark=to_ISP1
add distance=2 gateway=10.0.0.2 routing-mark=to_ISP2
 
## Add default routes for no routing marks , For router itself
add distance=1 gateway=10.0.0.1
add distance=2 gateway=10.0.0.2
Regards,
Al
Top
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Tue Apr 19, 2016 4:09 pm

Turns out it was the way I was creating the route for the cable modem. I needed to refer to it's upstream gateway, not the interface. Which I can do on the PPPoE interfaces.


You can do it on the PPPoE interfaces because they're point to point interfaces, i.e. the gateway IP is implicit.
He uses recursion (very smart), but it is only for two WANs, not three.
Nothing prevents you from aplying recursion too, no matter how many WANs.
Top
 
jaadu
just joined
Topic Author
Posts: 16
Joined: Mon Sep 30, 2013 6:14 am

Re: Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Tue Apr 19, 2016 6:33 pm

Turns out it was the way I was creating the route for the cable modem. I needed to refer to it's upstream gateway, not the interface. Which I can do on the PPPoE interfaces.


You can do it on the PPPoE interfaces because they're point to point interfaces, i.e. the gateway IP is implicit.
Aaah! THAT explains everything.
He uses recursion (very smart), but it is only for two WANs, not three.
Nothing prevents you from aplying recursion too, no matter how many WANs.
I was taking a closer look at it and I **THINK** I just need to a route for the third WAN (using a different DNS server and the appropriate gateway) to section 1,2,3, and 5. Then add the extra routes to the fourth section that create the failover paths pointing to the gateways in section 5. So, there would be 6 of them, instead of 2. I will play around in my lab with this and post an update when I have it working.

Thank you for your help!!!
Al
Top
 
aade
just joined
Posts: 1
Joined: Sat Aug 26, 2017 7:20 am

Re: Multi-WAN - can't ping/connect beyond ISP's gateway on one WAN connection only

Wed Aug 30, 2017 4:27 pm

Hi,

Did you get the three WAN links working and can you share the configuration? I have attempted to create the three WAN recursive failover link with no success.

Regards,

Ade
Top
Post Reply
  4. RouterOS
  5. General