modified on 12 April 2013 at 16:17 ••• 45,518 views

Policy Base Routing

From MikroTik Wiki

Jump to: navigation, search

Policy Base Routing

In this article you can know what is PBR ( Policy Base Routing ) and how it work with One Example .

In your network you may need to get a Strategy for Routing and Setup your Routing In Some Varios Reasons Such as Security , Load Balancing , Routing Decision , Monitoring And etc …

With PBR you can get your Policy to route Packet From a Source To a Destination And Select Which of one Path Used for Communications .

In this Example I Want Shown To you how you can use PBR to Route Your Request To Internet And Route Your Request To Facebook Website To VPN Client Connection .

In My Country Some Social Websites Are Filtered By DCI Office ( Data Communication ) And Best And better way to Visit These Website Is Setup VPN Connection To Other Country And Get Internet From Them .

Use VPN Connection To Visit Have Free Internet have Some Problems , Such as Delay , Low Speed And Etc …

For This Reason I Want When Request Was For Facebook And Youtube Website , The Packets Goes through VPN Connection And Other Normal Connection Goes through Country Internet Connection .


Diagram :

Diagram.jpg








For This Scenario We Need Mark All Packets They Want Go To Facebook Or Youtube Servers . Because We Want To Use Policy Base Routing , Our Mark Action Must Be Mark Routing .


Step One – Mark Packet With Mark Routing Action .

In First Step I should Select my Network For Using PBR To Visit Facebook And Youtube Websites . You Can use Content Field ( Facebbok Or Youtube String ) , Or Use Destination Address Of Facebook Of Youtube Website ( Nslookup ) , Or You Route Every Connection Trough This Connection

Pbr1.jpg

Pbr2.jpg

Pbr3.jpg

Mangle Code :

ip firewall Mangle add chain=prerouting src-address=192.168.150.0/24 content=facebook action=mark-routing new-routing-mark=Through_VPN





Step Two – Setup VPN Connection

In This Step I connect my VPN Connection With PPTP Client With Name "My VPN"


Pbr4.jpg


Note : Don’t Check Add Default Route , Because We Don’t Want All Packet Goes Through This Connection .


PPTP Client Code :

interface pptp-client add connect-to=My VPN Connection allow=pap,chap,mschap1,mschap2 name="My VPN" user=Reza Moghadam password=Reza Moghadam add-default-route=no






Step Three – Static Route

In this Step we need add a static route for That Packets They Are Matched and Marked By Mangle And We Want Route Them To VPN Connection .

Pbr5.jpg


Note : Because We Use A PPTP Client Connection To Get Internet , Our PPTP Client Connection Is a Point To Point Connection , For This Reason We Can Use That Connection AS Gateway . In Routing Mark Field , We Choose Packet Marked For PBR .

IP Route Code :

Ip Route Add Dst-Address=0.0.0.0/0 Gateway="My VPN" Routing-Mark=Through_VPN






Step Four – Nat For Our Users

In this step we use nat for our Users , Notice that , if VPN Connection , Connected By Router , Free Internet ( VPN ) Is In Router , For This Reason We Need Nat Our Local Users To That IP We Get By PPTP Client .

Pbr6.jpg

Pbr7.jpg

I Use Nat Rule For That Packets They Want Goes Out Through VPN Client Interface ( Out Interface ) With Masquerade Action .


Nat Code :

ip firewall nat chain=srcnat src-address=192.168.150.0/24 out-interface="My VPN" action=masquerade

Summary Exploration :

I Marked my packets Their Destination Is IP Or name of Facebook Website ( Filtered ) And Marked For Routing Decision , Then I Setup A PPTP-Client Connection To use Free Internet ( Without Filter ) And Then Add a New Route For All Packets They Want Use For Free Internet ( Without Filter ) , Then I Nat All Connections Want Goes To My VPN Connection .

Notice : You Can Setup This Scenario With Many Way , But This Is A Simple Example .

You Can Change Configuration To Advanced Configurations For PBR ! ( Mangle , Nat , Route )
For more example about PBR see the following site.

Policy Base Routing on IPIP tunnel with PTP Addressing By Reza Moghadam & Hasan Asghari.
http://wiki.mikrotik.com/wiki/PBR_PTP_IPIP


Reza Moghadam


--MikroTik Certified Trainer 16:17, 12 April 2013 (UTC)