Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as soon as I just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine. Thanks Paul
Hi Paul, You can do it that way, or mark explicitly on other parameters alone - for example, if you want to send traffic destined for a specific remote (e.g SIP server or something) then you may as well skip the connection marking step and just mark route based on destination IP. The only time I use connection marking first is if I want to set a route mark depending on some other test, like for traffic entering some particular interface for replies to be routed back out the same interface. There are probably other reasons to use connection marks, but I can't think of any at the moment ;-) Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 1:37 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Route marking
Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J
When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as soon as I just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Mike, My understanding is that connection marks are used to reduce CPU loading, as if you mark routing on every packet without the connection mark, then the rule is run for every packet that matches the mark. If you use a connection mark, then mark the routing, it only runs the rules on the first packet of every connection, and the connection mark holds the routing mark. Which you can see if you look at the in connection tracking. Steve On Tue, 2016-06-28 at 13:47 +1000, Mike Everest wrote:
Hi Paul,
You can do it that way, or mark explicitly on other parameters alone - for example, if you want to send traffic destined for a specific remote (e.g SIP server or something) then you may as well skip the connection marking step and just mark route based on destination IP.
The only time I use connection marking first is if I want to set a route mark depending on some other test, like for traffic entering some particular interface for replies to be routed back out the same interface.
There are probably other reasons to use connection marks, but I can't think of any at the moment ;-)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 1:37 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Route marking
Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J
When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as
soon as I
just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.c om.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of stephen Sent: Tuesday, 28 June 2016 2:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Route marking
Hi Mike, My understanding is that connection marks are used to reduce CPU loading, as if you mark routing on every packet without the connection mark, then
Hi Steve, That is true for some cases (e.g firewall filters, mangle rules, etc) but in the case of route marking, you need to mark every individual packet for routing anyhow so there is little or no savings on cpu overhead to check a connection mark instead of a destination address since addresses can be compared in a single clock cycle too! :) Cheers! Mike. the
rule is run for every packet that matches the mark. If you use a connection mark, then mark the routing, it only runs the rules on the first packet of every connection, and the connection mark holds the routing mark. Which you can see if you look at the in connection tracking. Steve On Tue, 2016-06-28 at 13:47 +1000, Mike Everest wrote:
Hi Paul,
You can do it that way, or mark explicitly on other parameters alone - for example, if you want to send traffic destined for a specific remote (e.g SIP server or something) then you may as well skip the connection marking step and just mark route based on destination IP.
The only time I use connection marking first is if I want to set a route mark depending on some other test, like for traffic entering some particular interface for replies to be routed back out the same interface.
There are probably other reasons to use connection marks, but I can't think of any at the moment ;-)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 1:37 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Route marking
Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J
When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as
soon as I
just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.c om.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Thanks Mike, so I was doing it wrong then, most packet marking we do is for traffic prioritisation so interface is nearly always an integral part of that and that makes sense as to why we were doing connection marking first, but in this case the problem we have is two ADSL connections from the same provider (us) and with the same gateway address, so to force SIP to use one connection only we want to do route marking and they send the SIP traffic out that connection, so at least you have helped confirm my thoughts :-) Thanks Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Tuesday, 28 June 2016 1:48 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Route marking Hi Paul, You can do it that way, or mark explicitly on other parameters alone - for example, if you want to send traffic destined for a specific remote (e.g SIP server or something) then you may as well skip the connection marking step and just mark route based on destination IP. The only time I use connection marking first is if I want to set a route mark depending on some other test, like for traffic entering some particular interface for replies to be routed back out the same interface. There are probably other reasons to use connection marks, but I can't think of any at the moment ;-) Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 1:37 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Route marking
Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J
When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as soon as I just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 2:07 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Route marking
Thanks Mike, so I was doing it wrong then, most packet marking we do is for traffic prioritisation so interface is nearly always an integral part of
that makes sense as to why we were doing connection marking first, but in this case the problem we have is two ADSL connections from the same provider (us) and with the same gateway address, so to force SIP to use one connection only we want to do route marking and they send the SIP traffic out that connection, so at least you have helped confirm my thoughts :-)
Thanks Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Tuesday, 28 June 2016 1:48 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Route marking
Hi Paul,
You can do it that way, or mark explicitly on other parameters alone - for example, if you want to send traffic destined for a specific remote (e.g SIP server or something) then you may as well skip the connection marking step and just mark route based on destination IP.
The only time I use connection marking first is if I want to set a route mark depending on some other test, like for traffic entering some particular interface for replies to be routed back out the same interface.
There are probably other reasons to use connection marks, but I can't
With ADSL services (so long as you have a ppp address on them) you can use interface name instead of gateway to work around the same gateway address problem ;) But I suppose you knew it already! :-D Cheers! Mike. that and think of
any at the moment ;-)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 1:37 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Route marking
Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J
When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as soon as I just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 2:07 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Route marking
Thanks Mike, so I was doing it wrong then, most packet marking we do is for traffic prioritisation so interface is nearly always an integral part of
that makes sense as to why we were doing connection marking first, but in this case the problem we have is two ADSL connections from the same provider (us) and with the same gateway address, so to force SIP to use one connection only we want to do route marking and they send the SIP traffic out that connection, so at least you have helped confirm my thoughts :-)
Thanks Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Tuesday, 28 June 2016 1:48 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Route marking
Hi Paul,
You can do it that way, or mark explicitly on other parameters alone - for example, if you want to send traffic destined for a specific remote (e.g SIP server or something) then you may as well skip the connection marking step and just mark route based on destination IP.
The only time I use connection marking first is if I want to set a route mark depending on some other test, like for traffic entering some particular interface for replies to be routed back out the same interface.
There are probably other reasons to use connection marks, but I can't
Thanks Mike, yep spot on mate, that's what we do, just for some reason this one was being silly and I thought it was me and I was right LOL Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Tuesday, 28 June 2016 2:18 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Route marking With ADSL services (so long as you have a ppp address on them) you can use interface name instead of gateway to work around the same gateway address problem ;) But I suppose you knew it already! :-D Cheers! Mike. that and think of
any at the moment ;-)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 1:37 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Route marking
Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J
When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as soon as I just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 2:07 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Route marking
Thanks Mike, so I was doing it wrong then, most packet marking we do is for traffic prioritisation so interface is nearly always an integral part of
that makes sense as to why we were doing connection marking first, but in this case the problem we have is two ADSL connections from the same provider (us) and with the same gateway address, so to force SIP to use one connection only we want to do route marking and they send the SIP traffic out that connection, so at least you have helped confirm my thoughts :-)
Thanks Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Tuesday, 28 June 2016 1:48 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Route marking
Hi Paul,
You can do it that way, or mark explicitly on other parameters alone - for example, if you want to send traffic destined for a specific remote (e.g SIP server or something) then you may as well skip the connection marking step and just mark route based on destination IP.
The only time I use connection marking first is if I want to set a route mark depending on some other test, like for traffic entering some particular interface for replies to be routed back out the same interface.
There are probably other reasons to use connection marks, but I can't
Alternatively, if you have the SIP clients on a separate interface (physical or a VLAN or whatever), you could attach it to a VRF and have the second ADSL connection attached to the same VRF. Then there is a logical separation and it should "just work (tm)"... Regards, Philip -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 2:23 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Route marking Thanks Mike, yep spot on mate, that's what we do, just for some reason this one was being silly and I thought it was me and I was right LOL Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Tuesday, 28 June 2016 2:18 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Route marking With ADSL services (so long as you have a ppp address on them) you can use interface name instead of gateway to work around the same gateway address problem ;) But I suppose you knew it already! :-D Cheers! Mike. that and think of
any at the moment ;-)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 28 June 2016 1:37 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Route marking
Hi guys, just wanting to confirm something here due to some strange behaviour which might be admin induced J
When using mangle rules to put a routing mark onto packets, does one approach this the same as typical packet marking by marking the connection and then the packets based on the connection mark ? I setup a routing mark rule in this fashion but it did weird things, as soon as I just identified the packets directly based on a dest address instead of a connection rule first, and then set the route mark it worked fine.
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (4)
-
Mike Everest
-
Paul Julian
-
Philip Loenneker
-
stephen