[Fixed pls Close] Problems with Overseas/Local Traffic setup

Znuff · Thu Mar 08, 2007 9:09 pm

Hello, I've implemented the Local/Overseas traffic on two of our networks, each network has a MT as a gateway, using this setup:

--- My ISP --->  [ MT - TCT ] --- Network|---> [ MT - NZN ] ---> Customers-NZN
                                         |---> [ MT - IT3 ] ---> Customers-IT3
                                         |---> Customers-TCT

My problem is mainly the way traffic from Customers-NZN to Customers-IT3 gets marked/limited. If one user of Customers-NZN downloads from a Customer-IT3, the traffic gets marked as "Overseas" on MT-NZN's side and on MT-IT3 doesn't get marked/queued at all.
Also UPLOAD traffic from MT-NZN to other IPs in the "Metro" doesn't get marked on MT-NZN's side.
It's really starting to annoy me, as I've been trying to figure this thing out for days already. Could anyone please tell me what am I doing wrong?

These are my configurations:

On MT-NZN:


# mar/08/2007 21:03:37 by RouterOS 2.9.40
# software id = TUST-D0T
#
/ ip firewall mangle 
add chain=prerouting src-address=89.35.79.64/26 action=mark-connection new-connection-mark=Complete passthrough=yes comment="" disabled=no 
add chain=prerouting src-address=89.35.79.128/25 action=mark-connection new-connection-mark=Complete passthrough=yes comment="" disabled=no 
add chain=prerouting src-address=89.35.79.64/26 connection-mark=Complete dst-address-list=!Metro action=mark-connection \
    new-connection-mark=Extern passthrough=no comment="" disabled=yes 
add chain=prerouting src-address=89.35.79.128/25 connection-mark=Complete dst-address-list=!Metro action=mark-connection \
    new-connection-mark=Extern passthrough=no comment="" disabled=yes 
add chain=prerouting connection-mark=Extern action=mark-packet new-packet-mark=extern_trafic passthrough=no comment="" disabled=yes 
add chain=prerouting action=mark-packet new-packet-mark=metro_trafic passthrough=no comment="" disabled=yes 
add chain=prerouting src-address=89.35.79.64/26 connection-mark=Complete dst-address-list=Metro action=mark-connection \
    new-connection-mark=Metro passthrough=no comment="" disabled=no 
add chain=prerouting src-address=89.35.79.128/25 connection-mark=Complete dst-address-list=Metro action=mark-connection \
    new-connection-mark=Metro passthrough=no comment="" disabled=no 
add chain=prerouting connection-mark=Metro action=mark-packet new-packet-mark=metro_trafic passthrough=no comment="" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=extern_trafic passthrough=no comment="" disabled=no

Address List:

# mar/08/2007 21:04:40 by RouterOS 2.9.40
# software id = TUST-D0T
#
/ ip firewall address-list 
add list=Metro address=85.120.71.0/24 comment="" disabled=no 
add list=Metro address=85.120.78.0/23 comment="" disabled=no 
add list=Metro address=85.120.187.0/24 comment="" disabled=no 
add list=Metro address=86.107.102.0/24 comment="" disabled=no 
add list=Metro address=86.107.189.0/24 comment="" disabled=no 
add list=Metro address=89.32.206.0/23 comment="" disabled=no 
add list=Metro address=89.33.6.0/23 comment="" disabled=no 
add list=Metro address=89.35.64.0/21 comment="" disabled=no 
add list=Metro address=89.35.78.0/24 comment="" disabled=no 
add list=Metro address=89.35.126.0/24 comment="" disabled=no 
add list=Metro address=89.40.73.0/24 comment="" disabled=no 
add list=Metro address=89.114.75.0/24 comment="" disabled=no 
add list=Metro address=193.227.226.0/23 comment="" disabled=no 
add list=Metro address=10.0.0.0/8 comment="" disabled=no 
add list=Metro address=89.35.79.64/26 comment="" disabled=no 
add list=Metro address=89.35.79.128/25 comment="" disabled=no

Queues:

/ queue simple 
add name="Extern A.69" target-addresses=89.35.79.69/32 dst-address=0.0.0.0/0 interface=all parent=extern-complet packet-marks=extern_trafic \
    direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128000/384000 burst-limit=512000/768000 \
    burst-threshold=100000/350000 burst-time=15s/15s total-queue=default-small disabled=no 
/ queue simple 
add name="Metro A.69" target-addresses=89.35.79.69/32 dst-address=0.0.0.0/0 interface=all parent=metro-complet packet-marks=metro_trafic \
    direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=8000000/8000000 burst-limit=16000000/16000000 \
    burst-threshold=7500000/7500000 burst-time=20s/20s total-queue=default-small disabled=no

-----------------------
On MT-IT3 side:

# mar/08/2007 21:21:46 by RouterOS 2.9.40
# software id = WNAH-SEN
#
/ ip firewall mangle 
add chain=prerouting src-address=89.35.78.0/24 action=mark-connection new-connection-mark=Complete passthrough=yes comment="" disabled=no 
add chain=prerouting src-address=86.107.189.0/24 action=mark-connection new-connection-mark=Complete passthrough=yes comment="" disabled=no 
add chain=prerouting src-address=89.35.78.0/24 connection-mark=Complete dst-address-list=!Metro action=mark-connection \
    new-connection-mark=Extern passthrough=no comment="" disabled=yes 
add chain=prerouting src-address=86.107.189.0/24 connection-mark=Complete dst-address-list=!Metro action=mark-connection \
    new-connection-mark=Extern passthrough=no comment="" disabled=yes 
add chain=prerouting connection-mark=Extern action=mark-packet new-packet-mark=extern_trafic passthrough=no comment="" disabled=yes 
add chain=prerouting action=mark-packet new-packet-mark=metro_trafic passthrough=no comment="" disabled=yes 
add chain=prerouting src-address=89.35.78.0/24 connection-mark=Complete dst-address-list=Metro action=mark-connection \
    new-connection-mark=Metro passthrough=no comment="" disabled=no 
add chain=prerouting src-address=86.107.189.0/24 connection-mark=Complete dst-address-list=Metro action=mark-connection \
    new-connection-mark=Metro passthrough=no comment="" disabled=no 
add chain=prerouting connection-mark=Metro action=mark-packet new-packet-mark=metro_trafic passthrough=no comment="" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=extern_trafic passthrough=no comment="" disabled=no

Address list:

# mar/08/2007 21:22:47 by RouterOS 2.9.40
# software id = WNAH-SEN
#
/ ip firewall address-list 
add list=Metro address=85.120.71.0/24 comment="" disabled=no 
add list=Metro address=85.120.78.0/23 comment="" disabled=no 
add list=Metro address=85.120.187.0/24 comment="" disabled=no 
add list=Metro address=86.107.102.0/24 comment="" disabled=no 
add list=Metro address=86.107.189.0/24 comment="" disabled=no 
add list=Metro address=89.32.206.0/23 comment="" disabled=no 
add list=Metro address=89.33.6.0/23 comment="" disabled=no 
add list=Metro address=89.35.64.0/21 comment="" disabled=no 
add list=Metro address=89.35.126.0/24 comment="" disabled=no 
add list=Metro address=89.40.73.0/24 comment="" disabled=no 
add list=Metro address=89.114.75.0/24 comment="" disabled=no 
add list=Metro address=193.227.226.0/23 comment="" disabled=no 
add list=Metro address=89.35.79.64/26 comment="" disabled=no 
add list=Metro address=89.35.79.128/25 comment="" disabled=no 
add list=Metro address=89.35.79.0/26 comment="" disabled=no 
add list=Metro address=89.35.78.0/24 comment="" disabled=no 
add list=Metro address=10.0.0.0/8 comment="" disabled=no 
add list=Metro address=89.42.192.0/21 comment="" disabled=no

# mar/08/2007 21:23:39 by RouterOS 2.9.40
# software id = WNAH-SEN
#
/ queue simple 
add name="Extern A.2" target-addresses=89.35.78.2/32 dst-address=0.0.0.0/0 interface=all parent=extern-complet packet-marks=extern_trafic \
    direction=both priority=8 queue=default-small/default-small limit-at=131072/393216 max-limit=131072/524288 total-queue=default-small \
    disabled=no 

/ queue simple 
add name="Metro A.2" target-addresses=89.35.78.2/32 dst-address=0.0.0.0/0 interface=all parent=metro-complet packet-marks=metro_trafic \
    direction=both priority=8 queue=default-small/default-small limit-at=2097152/4296704 max-limit=4292608/8388608 total-queue=default-small \
    disabled=no

Please help me with this because I'm going nuts over here trying to figure out what's wrong =/