I'm facing an issue achieving the following setup:
I have 2 sites - site A and Site B.
Site A is with a single ISP (ISP_A1) connection on ether1 with IP 150.0.0.2/30 (ISP_A1 owned public IP address):
Site B is dual-homed site connected to ISP_B1 on ether1 with IP 110.0.0.2/30 (ISP_B1 owned public IP) and ISP_B2 on ether2 with IP 120.0.0.2/30 (ISP_B2 owned public address)
I want to create 2 redundant (from Site B's perspective) GRE tunnels between Site A and Site B - between 150.0.0.2 <-> 110.0.0.2 (via ISP_B1 - 110.0.0.1) and 150.0.0.2 <-> 120.0.0.2 (via ISP_B2 - 120.0.0.1)
And here is the tricky part - on siteB I need to statically route 150.0.0.2 (siteA IP address) via two different ISPs and I should ensure that traffic originating from Mikrotik router in SiteB with 110.0.0.2 will use ISP_B1 and traffic originating with 120.0.0.2 will route via ISP_B2.
On SiteB I tried to add 2 static routers for 150.0.0.2, both are in the routing table, but only one is shown as active (via ISP_B1), hence one of the tunnel (via ISP_B2) is not working because of the reverse path forwarding checks on ISPs. I tried adding the static routes with PREF-SRC, but nothing changed.
I tried the following on SiteB's router with partial success:
Code: Select all
/ip firewall mangle add action=mark-routing chain=prerouting dst-address=110.0.0.2 in-interface=ether1 new-routing-mark=via-ISP_B1 src-address=150.0.0.2
/ip firewall mangle add action=mark-routing chain=prerouting dst-address=120.0.0.2 in-interface=ether2 new-routing-mark=via-ISP_B2 src-address=150.0.0.2
/ip route add check-gateway=ping distance=1 dst-address=150.0.0.2/32 gateway=110.0.0.1 routing-mark=via-ISP_B1
/ip route add check-gateway=ping distance=1 dst-address=150.0.0.2/32 gateway=120.0.0.1 routing-mark=via-ISP_B2
Obviously I'm missing something fundamental.
Any ideas are highly appreciate!
Thanks,
Plamen