Routing local + international + unshaped traffic through 3 separate adsl accounts

From MikroTik Wiki
Revision as of 21:04, 23 July 2008 by Headstrong (talk | contribs) ('''Creating the Unshaped routes''')
Jump to: navigation, search

Introduction

********************************************************************
******************WIKI PAGE UNDER CONSTRUCTION**********************
************************DO NOT USE YET*****************************

In this tutorial I will show you how to use 3 seperate ADSL accounts simultaneuosly:

1) Local-only for National traffic
2) Normal for international traffic
3) Unshaped for games and Voip


In South Africa broadbrand prices are extremely expensive and the average ADSL cap is a small 3 gig while the majority of the country is still on 56 dialup!!!! So most of us make use of "local-only" ADSL accounts. These accounts grant access to content hosted in South Africa only and they are much more affordable ( 6 times cheaper than normal ADSL accounts)

Most ISP's employ some for of shaping to give http traffic priority over p2p and email. This can make playing online games and voip chat very frustrating because of lag and high latencies. As a result our ISP's in South Africa offer a special kind of ADSL account where they do not shape any protocols, we call this an unshaped account. These accounts are quite expensive so they need to be reserved for gaming and Voip protocols.

However it is a hassle for users to connect/disconnect between the three accounts just to save a little cap. So I have written a tutorial which will automatically split the traffic between the local-only, unshaped and normal (international) ADSL accounts

This worked for me in ROS 3.10 but should work for all ROS 3.x

Create the Local + international + unshaped pppoe connections


Steps for International ADSL Account
1) click on "Interfaces:                                                       
2) click on the red cross to add a new interface.                        
3) select pppoe client.                                                  
4) under General, select the interface which is connected to your modem.
5) under dial out, add your normal adsl account's username and password. Make sure that "add default route is off",
"dial on demand" is off and "use peer DNS is ON"
6) click apply

Steps for Local-only ADSL Account
Do steps 1-6 above but make sure that you use your local only adsl username and password and "use peer DNS is OFF"


Steps for unshaped ADSL Account
Do steps 1-6 above but make sure that you use your unshaped adsl username and password and "use peer DNS is OFF"

Notes: All three pppoe client connections can share the same interface
You could use OpenDNS instead of your ISP's DNS server but if you do, 
make sure that "use peer dns is OFF" for the international account
Your modem needs to be in bridge mode so that the mikrotik router can establish the pppoe connections

                 

Creating the international route

Paste this command in the terminal window:

/ip route add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1

Local + gaming/Voip traffic also gets routed over this international account, which we do not want, so we need to create individual routes for local and unshaped protocols

Creating the local routes

Firstly you need to get a list of your country's specific IP ranges (local). I am from south Africa so I use this one http://alm.za.net/ip/localroutes4.txt....You should use your country specific ip addresses

Copy the list into microsoft excel and edit the cells so that they read:

/ip route add dst-address=aaa.aaa.aaa.aaa/aa gateway=yyy.yyy.yyy.yyy distance=2
/ip route add dst-address=bbb.bbb.bbb.bbb/bb gateway=yyy.yyy.yyy.yyy distance=2
/ip route add dst-address=ccc.ccc.ccc.ccc/cc gateway=yyy.yyy.yyy.yyy distance=2


Replace aaa.aaa.aaa.aaa/aa with the local ip ranges. Replace yyy.yyy.yyy.yyy with the gateway ip from the local adsl account.

To get the ip of your ISP specific gateway:

1) Click on "IP" > "Addresses"
2) It is the Network ip address for the pppoe-out2 (local) interface

Example

/ip route add dst-address=17.255.248.0/23 gateway=165.146.180.1 distance=2
/ip route add dst-address=32.106.152.0/24 gateway=165.146.180.1 distance=2
/ip route add dst-address=32.106.153.0/24 gateway=165.146.180.1 distance=2
/ip route add dst-address=32.107.9.0/24 gateway=165.146.180.1 distance=2
/ip route add dst-address=32.238.152.0/24 gateway=165.146.180.1 distance=2
/ip route add dst-address=32.238.153.0/24 gateway=165.146.180.1 distance=2
/ip route add dst-address=32.239.182.0/24 gateway=165.146.180.1 distance=2
/ip route add dst-address=41.0.0.0/16 gateway=165.146.180.1 distance=2
/ip route add dst-address=41.0.16.0/21 gateway=165.146.180.1 distance=2
/ip route add dst-address=41.0.72.0/21 gateway=165.146.180.1 distance=2
/ip route add dst-address=41.0.208.0/22 gateway=165.146.180.1 distance=2
/ip route add dst-address=41.0.248.0/24 gateway=165.146.180.1 distance=2
/ip route add dst-address=41.1.0.0/18 gateway=165.146.180.1 distance=2
/ip route add dst-address=41.1.64.0/18 gateway=165.146.180.1 distance=2
...
...
...

'''NB MAKE SURE THAT THE DISTANCE IS 2!!!'''

We have +-1300 routes for South africa so I obviously didnt put them in the wiki but you get the idea


Once the local list in excel is complete, we can copy/paste them into the terminal First check the syntax by copying the 1st route and pasting it into a new terminal window

/ip route add dst-address=17.255.248.0/23 gateway=165.146.180.1

If that works then copy/paste about 150 at a time into the terminal window...

Your routes should then look something like this

	destination	gateway	      gateway interface	  interface	distance	routing mark	Pref.Source
S       0.0.0.0/24                       pppoe-out1                     1
AS	17.255.248.0/23	165.146.180.1		         pppoe-out2	2		
AS	32.106.152.0/24	165.146.180.1		         pppoe-out2	2		
AS	32.106.153.0/24	165.146.180.1		         pppoe-out2	2		
AS	32.107.9.0/24	165.146.180.1		         pppoe-out2	2		
AS	32.238.152.0/24	165.146.180.1		         pppoe-out2	2	
AS	32.238.153.0/24	165.146.180.1		         pppoe-out2	2		
AS	32.239.182.0/24	165.146.180.1		         pppoe-out2	2	
AS	41.0.0.0/16	165.146.180.1		         pppoe-out2	2		
AS	41.0.16.0/21	165.146.180.1		         pppoe-out2	2		
AS	41.0.72.0/21	165.146.180.1		         pppoe-out2	2
AS	41.0.208.0/22	165.146.180.1		         pppoe-out2	2
AS	41.0.248.0/24	165.146.180.1		         pppoe-out2	2
AS	41.1.0.0/18	165.146.180.1		         pppoe-out2	2
AS	41.1.64.0/18	165.146.180.1		         pppoe-out2	2
AS	41.1.128.0/18	165.146.180.1		         pppoe-out2	2
AS	41.1.192.0/18	165.146.180.1		         pppoe-out2	2
AS	41.1.254.0/24	165.146.180.1		         pppoe-out2	2
AS	41.2.0.0/16	165.146.180.1		         pppoe-out2	2
AS	41.3.0.0/16	165.146.180.1		         pppoe-out2	2
AS	41.4.0.0/16	165.146.180.1		         pppoe-out2	2
AS	41.5.0.0/16	165.146.180.1		         pppoe-out2	2
AS	41.6.0.0/16	165.146.180.1		         pppoe-out2	2
AS	41.7.0.0/16	165.146.180.1		         pppoe-out2	2
AS	41.8.0.0/16	165.146.180.1		         pppoe-out2	2

Local traffic should now be routed over the pppoe-out2 interface.

Creating the Unshaped routes

It is impossible to give all the routes for all games and voip programs but I have included some of the most common

We will be using Layer7 protocols to detect the relavent traffic aswell as direct ip address's for some games

Firstly you will need to copy and paste the following list of layer7 protocols into your terminal window. Thanks to the mikrotik website http://www.mikrotik.com/download/l7-protos.rsc

Now that your router board can detect gaming and Voip traffic, we need to separate this traffic from the rest. We use a firewall rule called mangle. It works by first detecting the traffic according to known layer7 protocols and then gives it a routing mark which will be used to route this traffic over the unshaped account,

Copy and paste the following commands into your terminal window

/ip firewall mangle
add action=mark-routing chain=prerouting comment="Team Speak" disabled=yes layer7-protocol=teamspeak new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment="CSS Source" disabled=yes layer7-protocol=\
    counterstrike-source new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment=BF1942 disabled=yes layer7-protocol=battlefield1942 \
    new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment=BF2 disabled=yes layer7-protocol=battlefield2 \
    new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment="Day of Defeat" disabled=yes layer7-protocol=\
    dayofdefeat-source new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment="Half life deathmatch" disabled=yes layer7-protocol=\
    halflife2-deathmatch new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment="Quake half life" disabled=yes layer7-protocol=\
    quake-halflife new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment=Quake1 disabled=yes layer7-protocol=quake1 \
    new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment="skype out" disabled=yes layer7-protocol=skypeout \
    new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment=SkypetoSKype disabled=yes layer7-protocol=\
    skypetoskype new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment=Teamspeak disabled=yes layer7-protocol=teamspeak \
    new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment="world of warcraft" disabled=yes layer7-protocol=\
    worldofwarcraft new-routing-mark=Unshaped passthrough=yes
add action=mark-routing chain=prerouting comment=xboxlive disabled=yes layer7-protocol=xboxlive \
    new-routing-mark=Unshaped passthrough=yes

Now your router can detect the voip/games and give them the routing mark of "Unshaped"

We still need to tell the router which ADSL account to use for the Unshaped protocols Copy this line into the terminal window

/ip route> add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=Unshaped