Community discussions

MikroTik App
  4. RouterOS
  5. General

Intervaln routing - Multiple gateway

Post Reply
 
ricotoh
just joined
Topic Author
Posts: 8
Joined: Sat Oct 15, 2016 4:54 am

Intervaln routing - Multiple gateway

Sat Oct 15, 2016 6:10 am

Hello All,

First post on this forum to have some advice.
We're actually implementing mikrotik as an internal router, managing some vlan on a trunk then 2 pppoe-client.
Each vlan as assigned isp and some vlan must speak between them.
Consedering this setup :

http://wiki.mikrotik.com/wiki/Manual:In ... AN_routing

But in our case
Code: Select all
[admin@RTR] /interface vlan> print 
Flags: X - disabled, R - running, S - slave 
 #    NAME                            MTU ARP        VLAN-ID INTERFACE                  
 0    vlan10-LAN1                    1500 enabled         10 ether5-LAN1                
 3    vlan30-LAN1                    1500 enabled         30 ether5-LAN1
Code: Select all
[admin@RTR] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                           
 0   172.18.21.250/24   172.18.21.0     vlan10-LAN1                                                       
                                                      
3   192.168.112.250/24 192.168.112.0   vlan30-LAN1
For this purpose we actually use only the vlan10 & vlan30 interface
Code: Select all
[admin@RTR] /interface pppoe-client> print
Flags: X - disabled, R - running 
 0    name="pppoe-out1-ML" max-mtu=auto max-mru=auto mrru=disabled interface=ether10-ML 
      user="" password="" profile=default keepalive-timeout=60 service-name="" 
      ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2 

 1    name="pppoe-out2-LAG" max-mtu=auto max-mru=auto mrru=disabled interface=ether9-LAG
      user="" password="" profile=default keepalive-timeout=60 service-name="" 
      ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2
Code: Select all
[admin@RTR] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=prerouting action=mark-routing new-routing-mark=M passthrough=yes 
      src-address-list=VLAN10 log=no log-prefix="" 

 1    chain=prerouting action=mark-routing new-routing-mark=LAGpassthrough=yes 
      src-address-list=VLAN30 log=no log-prefix=""
Code: Select all
[admin@RTR] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - osp
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0   S  0.0.0.0/0                          pppoe-out1-M           10
 1   S  0.0.0.0/0                          pppoe-out2-LAG        10
 4  DC  172.18.21.0/24     172.18.21.250   vlan10-LAN1             255
 12  DC  192.168.112.0/24   192.168.112.250 vlan30-LAN1             255
Also, There are the routing marks on theses routes but not appear in print.
Code: Select all
[admin@RTR-SF2I-02] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
15 I  ;;; pppoe-out1-M
      chain=srcnat action=masquerade routing-mark=M out-interface=pppoe-out1-M log=no 
      log-prefix="" 

16 I  ;;; pppoe-out2-LAG 
      chain=srcnat action=masquerade routing-mark=LAG out-interface=pppoe-out2-LAG 
      log=no log-prefix=""


In this setup (during this redaction all ports were not plugged) each lan can reach internet but can't communicate between them.
If we disable the #0 & #1 routes lan aren't able to reach internet but can communicate with each other.
The issue is not a firewall issue, as we disable all firewall rules it remain the same.
We believe it's routing probelm because the ping by router or client can't go to the destination.
We also tried to do a masquerade rule per lan (with specified address list) with corresponding internet gateway.

After reading of some posts, some clues can be involved like doing a mangle rule to route traffic through their specific isp or specifiying a prefered source for static route w & w/o routing mark.

but the concept that i missunderstand why the default routes (with & without routing mark) seem to override the local routes, same when upping metric.

If somebody can get us in the righ direction.

best regards.
Top
 
magchiel
Member Candidate
Member Candidate
Posts: 133
Joined: Mon Jan 06, 2014 2:13 pm

Re: Intervaln routing - Multiple gateway

Sat Oct 15, 2016 12:19 pm

Currently all your locally originated traffic is getting marked for and hence routed to the internet. This includes traffic that has a local destination.

The solution is exclude traffic with a local destination from your mangle rules:
Code: Select all
/ip firewall mangle
add chain=prerouting src-address-list=VLAN10 dst-address-list=!VLAN30 action=mark-routing new-routing-mark=M
add chain=prerouting src-address-list=VLAN30 dst-address-list=!VLAN10 action=mark-routing new-routing-mark=LAG
Of course when you have multiple VLANs you want to exclude you want a generic local-address list.

Another option is to add a general accept rule for local traffic on top that excludes all local traffic from being mangled:
Code: Select all
/ip firewall mangle
add place-before=0 chain=prerouting src-address-list=local-address dst-address-list=local-address action=accept
EDIT for clarity
Top
 
ricotoh
just joined
Topic Author
Posts: 8
Joined: Sat Oct 15, 2016 4:54 am

Re: Intervaln routing - Multiple gateway

Sun Oct 16, 2016 5:11 am

Hello Thank you for your response, we gonna check this until a new week start :)

Best regards
Top
 
ricotoh
just joined
Topic Author
Posts: 8
Joined: Sat Oct 15, 2016 4:54 am

Re: Intervaln routing - Multiple gateway

Fri Nov 18, 2016 3:22 pm

Hello

Thank you dude that'ok. I'm sorry for the late reply.

If inside a vlan, i want a computer reach internet on the other gateway, what's the way t do this ?

I tried to mark the routing for this host via mangle, masquerade it, or did a dedicated route, but it's always reaching by his "default" gateway.

Best regards.
Top
 
magchiel
Member Candidate
Member Candidate
Posts: 133
Joined: Mon Jan 06, 2014 2:13 pm

Re: Intervaln routing - Multiple gateway

Thu Jan 05, 2017 5:27 pm

If inside a vlan, i want a computer reach internet on the other gateway, what's the way t do this ?
You mean you have a host in VLAN that you would like to connect to the internet through the *other´s* VLAN gateway (e.g. host on vlan10 connecting through 192.168.112.250)? That wouldn't work since they're on a different L2 segment.

I don't know what it is you're trying to achieve, but if it is to have clients on VLAN 10 to connect through PPPoE either a) add a mangle rule above the other mangle rules and make sure passthrough on the new rule is disabled to prevent remarking with the default policy, or b) place it at below the other mangle rules and make sure passthrough is enabled on the default rules above to override the default marking with the new rule.
Top
Post Reply
  4. RouterOS
  5. General