Comments on: Mikrotik policy routing implementation example

By: Políticas de Rotas por Redes - Página 2

Políticas de Rotas por Redes - Página 2 — Tue, 10 Jan 2012 14:25:06 +0000

[...] não é referenciada nas documentações e RFC. Understanding Policy Routing – Cisco Systems Mikrotik policy routing implementation example | Butch Evans Blog http://www.mikrotik.com/testdocs/ros/2.9/ip/route.php O OSPF você utiliza como IGP, para o [...]

By: collins465

collins465 — Fri, 29 Jul 2011 11:49:11 +0000

or what happens if ISP1 goes down? likewise ISP2… will it automatically use the available ISP ? or do i need a script that will redirect traffice automatically to ISP3?

By: collins465

collins465 — Thu, 28 Jul 2011 13:49:33 +0000

My question is how can i add the third ISP3? i want to the third Network to serve as additional support to any of the two Networks based on your setup incase ISP1 or ISP2 goes down for a while?

By: Badboi

Badboi — Fri, 28 Jan 2011 04:15:13 +0000

i have internet connection from two different ISP and now i m using, i like to share this connection to my LAN
i want to configure like this ip 192.168.0.0/24 from iSP1
ip 192.168.0.100/24 from ISP2
and gateway will be 192.168.0.1

plz help me to configure this

By: Hilfe!!!

Hilfe!!! — Tue, 14 Dec 2010 19:23:37 +0000

[...] that is called policy based routing. See the following example, where they just have 2 subnets: Mikrotik policy routing implementation example | Butch Evans Blog i7 940 | Corsair 6GB DDR3 1600 + AX850W | Asus P6T Deluxe v2 + Xonar DX | 2x MSI Cyclone GTX 460 [...]

By: Butch Evans

Butch Evans — Wed, 14 Oct 2009 11:10:01 +0000

This is not really the best place for this discussion. Please send me an email direct and we can arrange support. My contact information is available in the right sidebar near the top.

By: maroon

maroon — Wed, 14 Oct 2009 10:30:48 +0000

Butch, thanks for your quick reply I'm having a slow connection on the primary ISP and sometimes timed out connection! on the other hand, the secondary ISP is working like a charm. Moreover, if I trace route from primary connection I got a clean trace route and 100% successfully passing all the hops with a good latency. my configuration: NAT Conf: chain=srcnat action=src-nat to-addresses=77.42.XX.XX src-address-list=blink_users out-interface=blink chain=srcnat action=src-nat to-addresses=212.98.XX.XX src-address-list=special out-interface=terranet Mangle Conf: chain=prerouting action=mark-routing new-routing-mark=bli passthrough=no src-address-list=blink_users chain=prerouting action=mark-routing new-routing-mark=ter passthrough=no src-address-list=special Route Conf: # DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE 0 A S 0.0.0.0/0 reachable 77.42.XX.XX 1 blink 1 A S 0.0.0.0/0 reachable 212.98.XX.XX 1 terranet 2 A S 0.0.0.0/0 reachable 212.98.XX.XX 1 terranet 3 ADC 77.42.XX.XX/29 77.42.XX.XX 0 blink 4 ADC 192.100.100.0/24 192.100.100.20 0 lan 5 ADC 212.98.XX.XX/28 212.98.XX.XX 0 terranet Route rule conf: 0 dst-address=192.100.100.0/24 action=lookup table=main 1 dst-address=77.42.xx.xx/29 action=lookup table=main 2 dst-address=212.98.xx.xx/28 action=lookup table=main 3 dst-address=212.98.xx.xx/28 action=lookup table=terranet 4 dst-address=77.42.xx.xx/32 action=lookup table=blink 5 dst-address=77.42.xx.xx/32 action=lookup table=blink 6 routing-mark=ter action=lookup table=terranet 7 routing-mark=bli action=lookup table=blink Your help is highly appreciated Regards,

By: Butch Evans

Butch Evans — Wed, 14 Oct 2009 08:13:49 +0000

You can use policy routing to route traffic based on any classification method you want. For example, you can create policies that route traffic based on the lan side IP address (what you asked specifically), the protocol (http goes out isp1, smtp out isp2, etc.) or any other match parameter available in the firewall mangle.

The destination nat question is an interesting one, because you have to use a combination of mangle and nat to make this work. What you’d use is something like:
/ip firewall mangle add chain=forward in-interface=public1 action=mark-connection new-connection-mark=From_public1 add chain=prerouting connection-mark=From_public1 dst-address-type=!local action=mark-routing new-routing-mark=isp1
The above code would cause traffic that was originally dst-nat on the isp1 (public1) interface to be routed back out that same interface. Of course, you’d have to build similar rules for the ISP2 network. Additionally, you’d need to ensure that you have the proper src-nat rules in place so that traffic going out those 2 interfaces would be properly natted to the correct IP address.

By: maroon

maroon — Wed, 14 Oct 2009 07:28:36 +0000

I have a similar situation but with 1 LAN
so, does it work if I match specific computers inside the LAN to route through ISP2? and the rest of computers through ISP1?
Also, what about Dst-nat? I have E-mail server published and I want the users to access it from outside on both Real IP’s, is it doable with you configuration?

By: Butch Evans

Butch Evans — Sun, 19 Apr 2009 03:52:46 +0000

There are some methods that you could use to do this. I am assuming that since you said “one of these gateways are with NAT”, that the other one is not. If that is the case, then you will need to use the connection tracking in Mangle to keep up with connections made to the NAT address. It’s a bit more than I can easily explain here in part because I am simply taking a “stab in the dark” as to what the problem is.