MikroTik

Hi, can I put more than one dst-address into a single mangle rule ?, I must to configure tagging to more than 20 networks.


Thanks

Another question, I have 5 BGP peers and use mangle to take a control to upstream traffic (balancing 3 international providers), how can I do that with BGP ?

Hi, can I put more than one dst-address into a single mangle rule ?

Yes, but not directly. Use an address-list. Define the list under /ip firewall address-list and then use that list in the mangle rule (use dst-address-list in the mangle rule instead of dst-address).

--Tom

I have 5 BGP peers and use mangle to take a control to upstream traffic (balancing 3 international providers), how can I do that with BGP ?

Traffic management with BGP is not an exact science. Because of the dynamic nature of the worldwide BGP routing table it's more of a moving target and an ongoing process. The results of BGP traffic management are often much less fine-grained then you'd hope for.

That being said you can use AS-PATH prepending and/or local preference to influence BGP routing (and thereby traffic flow). Some people like to announce sub-networks (longer prefixes) of their aggregate differently to different upstreams, or some sub-networks only to one upstream and other sub-networks to another upstream, but that is strongly discouraged as it makes the global BGP routing table larger and increases the opportunities of flapping routes (which, in turn, may get your AS dampened by your upstreams).

--Tom

Ohhh, thanks a lot !.
And then I must to configure 1 line per network in address list, is it correct ?.
Can I make this traffic treatment with BGP directly ?.

Ok Tom, I read your post about BGP.
Look, I need route some networks by src-address:


add chain=prerouting in-interface=red_acceso src-address=200.X.6.0/24 dst-address-list=bloques_nacionales action=accept comment="200.X.6.0/24 Upstream Nacional" disabled=no
add chain=prerouting in-interface=red_acceso src-address=200.X.6.0/24 dst-address=0.0.0.0/0 action=mark-routing new-routing-mark=200.X.6.0 passthrough=yes comment="200.X.6.0/24 Upstream Internacional" disabled=no

add chain=prerouting in-interface=red_acceso src-address=200.X.29.0/24 dst-address-list=bloques_nacionales action=accept comment="200.X.29.0/24 Upstream Nacional" disabled=no
add chain=prerouting in-interface=red_acceso src-address=200.X.29.0/24 dst-address=0.0.0.0/0 action=mark-routing new-routing-mark=200.X.29.0 passthrough=yes comment="200.X.29.0/24 Upstream Internacional" disabled=no


It´s only upstream traffic.
Do you understand me ?.

Thanks Tom !

BGP does not by itself have anything to do with mangeling. From my understanding I thought that you are already using mangeling for traffic shaping and now you want to additionaly implement BGP and use the traffic control features that BGP offers - which, as I already wrote - do not have any relation to mangeling as such.

What do you want to achive and how do you plan to relate the mangeling to BGP?

Maybe you shoud show us your BGP configuration export...


--Tom

No Tom, I´m not talking about mangle with BGP, just need to route some upstream traffic depending on the source addresses.

I mean:

IF my router receive a packet with XXXX source address range and YYYY destination address, I need to route this packet to Peer N (I decide for wich peer send this packet).


Thanks

Sounds like plain policy routing - it does not matter if the route to the destination is learned via BGP or not... so just configure policy routing and force it to use a certain next-hop. If that next hop is a BGP peer or would be irrelevant from what I understand.

--Tom

Oh, ok, yes, in this moment I use mangle to tag the packets and then statics routes to route him. I think that can make this job with BGP too.