Community discussions

MikroTik App
  4. l雷竞技
  5. General

[Solved] Policy Based Routing - slow performance

帖子Reply
DmitryAVET
Member Candidate
Member Candidate
Topic Author
帖子s: 112
加入: Thu Mar 26, 2015 12:27 am
Location:Ukraine, Mukachevo
Contact:
Contact DmitryAVET

[Solved] Policy Based Routing - slow performance

Sat May 20, 2017 6:35 pm

Hello guys,

as you know, since 15 may in Ukraine forced blocking russian websites, such as:
- social network vk.com
- social network odnoklassniki.ru
- all services Kaspersky Lab
- all services Mail.Ru
- all services Yandex
- and more others

I try to use Policy Based Routing:

Step 1.Created adress-list for blocked sites, example
Code:Select all 
/ip firewall address-list add address=87.240.128.0/18 list=vkcom add address=93.186.224.0/20 list=vkcom add address=95.142.192.0/20 list=vkcom add address=95.213.0.0/17 list=vkcom add address=185.32.248.0/22 list=vkcom add address=95.213.0.0/18 list=vkcom add address=95.142.207.0/24 list=vkcom add address=95.142.206.0/24 list=vkcom add address=95.142.204.0/23 list=vkcom add address=95.142.203.0/24 list=vkcom add address=95.142.202.0/24 list=vkcom add address=95.142.201.0/24 list=vkcom add address=95.142.200.0/21 list=vkcom add address=95.142.192.0/21 list=vkcom add address=93.186.232.0/21 list=vkcom add address=93.186.224.0/21 list=vkcom add address=185.32.251.0/24 list=vkcom add address=185.32.250.0/24 list=vkcom add address=185.32.248.0/23 list=vkcom add address=185.29.130.0/24 list=vkcom
Step 2.Was created Mangle for marking traffic

example
Code:Select all 
/ip firewall mangle add action=mark-routing chain=prerouting comment="Mark vk.com" dst-address-list=vkcom new-routing-mark=Traffic_vkcom passthrough=no src-address=192.168.106.0/24
where 192.168.106.0/24 - my LAN subnet

Step 3.Added new VPN client connection to server outside Ukraine

example
Code:Select all 
/interface pptp-client add comment="VPN Failover" connect-to=uk.superfreevpn.com disabled=no name=pptp-to-freevpn password=1891 user=free
NOTE. Now i'm using L2TP to office / different provider.

Step 4.Activated masquerade for new vpn-interface
Code:Select all 
/ip firewall nat add action=masquerade chain=srcnat out-interface=pptp-to-freevpn
Step 5.Created static route with Routing Mark
Code:Select all 
/ip route add comment="Route VK.COM" distance=1 gateway=pptp-to-freevpn routing-mark=Traffic_vkcom
Troubles

All added resources work, passing throuth VPN-connection, but too slowly. What i do wrong? Direct VPN-connection from PC work fine (all traffic), throubles only when use mikrotik and routing marks.

- Try change magle to passthrough=no/yes - no result, slow opening web-pages.
- As client RB951Ui-2HnD, internet connection symmetrical 80 Mbits, CPU avg. 1-7%;
- As remote VPN L2TP-server RB750Gr3, internet connection 80/5 Mbits, CPU avg. 0-1%

Any ideas?
Last edited byDmitryAVETon Sun May 21, 2017 10:47 am, edited 1 time in total.
Top
DmitryAVET
Member Candidate
Member Candidate
Topic Author
帖子s: 112
加入: Thu Mar 26, 2015 12:27 am
Location:Ukraine, Mukachevo
Contact:
Contact DmitryAVET

Re: Policy Based Routing - slow performance

Sun May 21, 2017 10:46 am

Solved by disabling FastTrack.
Top
帖子Reply

Who is online

Users browsing this forum:Ahrefs [Bot],Bing [Bot],FurfangosFrigyes,去ogle [Bot],Nambelad,netguy13,Semrush [Bot]and 29 guests
  4. l雷竞技
  5. General