» » » Routing local + international + unshaped traffic through 3 separate adsl accounts
Friday 25 March 2011

22:10

Introduction

In this tutorial I will show you how to use 3 seperate ADSL accounts simultaneuosly: 
1) Local-only for National traffic 2) Normal for international traffic 3) Unshaped for games and Voip

In South Africa broadbrand prices are extremely expensive and the average ADSL cap is a small 3 gig while the majority of the country is still on 56 dialup!!!! So most of us make use of "local-only" ADSL accounts. These accounts grant access to content hosted in South Africa only and they are much more affordable ( 6 times cheaper than normal ADSL accounts) Most ISP's employ some for of shaping to give http traffic priority over p2p and email. This can make playing online games and voip chat very frustrating because of lag and high latencies. As a result our ISP's in South Africa offer a special kind of ADSL account where they do not shape any protocols, we call this an unshaped account. These accounts are quite expensive so they need to be reserved for gaming and Voip protocols.
However it is a hassle for users to connect/disconnect between the three accounts just to save a little cap. So I have written a tutorial which will automatically split the traffic between the local-only, unshaped and normal (international) ADSL accounts
This worked for me in ROS 3.10 but should work for all ROS 3.x

Before we start 

This setup works when the mikrotik router dials the pppoe connections to your ISP If you havn't already got a masquerade firewall rule, copy/past this into your terminal /ip firewall nat add action=masquerade chain=srcnat comment="" disabled=no

Create the pppoe connections

International ADSL Account 
1) click on "Interfaces:                                                        2) click on the red cross to add a new interface.                         3) select pppoe client.                                                   4) under General, select the interface which is connected to your modem. 5) under dial out, add your normal adsl account's username and password. Make sure that "add default route is off", "dial on demand" is off and "use peer DNS is ON" 6) click apply
Local-only ADSL Account 
1) click on "Interfaces:                                                        2) click on the red cross to add a new interface.                         3) select pppoe client.                                                   4) under General, select the interface which is connected to your modem. 5) under dial out, add your normal adsl account's username and password. Make sure that "add default route is off", "dial on demand" is off and "use peer DNS is off" 6) click apply  NB Make sure that you use a local only adsl username and password and "use peer DNS is OFF"
Unshaped ADSL Account 
1) click on "Interfaces:                                                        2) click on the red cross to add a new interface.                         3) select pppoe client.                                                   4) under General, select the interface which is connected to your modem. 5) under dial out, add your normal adsl account's username and password. Make sure that "add default route is off", "dial on demand" is off and "use peer DNS is off" 6) click apply  NB make sure that you use your unshaped adsl username and password and "use peer DNS is OFF"



Routing local + international + unshaped traffic through 3 separate adsl accounts


   



Important Notes: 


All three pppoe client connections can share the same interface You could use OpenDNS instead of your ISP's DNS server but if you do,  make sure that "use peer dns is OFF" for the international account Your modem needs to be in bridge mode so that the mikrotik router can establish the pppoe connections                    

Image:Opendns.JPG 







  Creating the international route 

Paste this command in the terminal window: 


/ip route add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1  

Local + gaming/Voip traffic also gets routed over this international  account, which we do not want, so we need to create individual routes  for local and unshaped protocols 





  Creating the local routes 

Firstly you need to get a list of your country's specific IP ranges (local).  I am from South Africa so I use this one http://developers.locality.co.za/routes.txt You should use your country specific ip addresses. 

Copy the list into microsoft excel and edit the cells so that they read: 


/ip route add dst-address=aaa.aaa.aaa.aaa/aa gateway=yyy.yyy.yyy.yyy distance=2 /ip route add dst-address=bbb.bbb.bbb.bbb/bb gateway=yyy.yyy.yyy.yyy distance=2 /ip route add dst-address=ccc.ccc.ccc.ccc/cc gateway=yyy.yyy.yyy.yyy distance=2 

OR if you are running MikroTik 3.0+ you may choose to avoid routing  to an IP gateway and just route over the interface instead in which case  you will need to edit the cells so they read: 


/ip route add disabled=no distance=2 dst-address=aaa.aaa.aaa.aaa/aa gateway=pppoe-out2 


Replace aaa.aaa.aaa.aaa/aa with the local ip ranges. Replace yyy.yyy.yyy.yyy with the gateway ip from the local adsl account  (In the event that you wish to route via a static remote gateway on  version <>

To get the ip of your ISP specific gateway: 

 
1) Click on "IP" > "Addresses" 2) It is the Network ip address for the pppoe-out2 (local) interface 

Example 

 
/ip route add dst-address=41.0.0.0/11 gateway=165.146.180.1 distance=2 /ip route add dst-address=41.112.0.0/12 gateway=165.146.180.1 distance=2 /ip route add dst-address=41.138.64.0/21 gateway=165.146.180.1 distance=2 /ip route add dst-address=41.144.0.0/13 gateway=165.146.180.1 distance=2 /ip route add dst-address=41.154.0.0/16 gateway=165.146.180.1 distance=2 /ip route add dst-address=41.156.1.0/24 gateway=165.146.180.1 distance=2 ... ... ... /ip route add dst-address=216.5.192.0/21 gateway=165.146.180.1 distance=2 /ip route add dst-address=216.236.176.0/20 gateway=165.146.180.1 distance=2 ...  '''NB MAKE SURE THAT THE DISTANCE IS 2!!!''' 

If you wish to route over the interface instead of a static remote gateway you may consider the following example: 

 
/ip route add dst-address=41.0.0.0/11 gateway=pppoe-out2 distance=2 /ip route add dst-address=41.112.0.0/12 gateway=pppoe-out2 distance=2 /ip route add dst-address=41.138.64.0/21 gateway=pppoe-out2 distance=2 /ip route add dst-address=41.144.0.0/13 gateway=pppoe-out2 distance=2 /ip route add dst-address=41.154.0.0/16 gateway=pppoe-out2 distance=2 /ip route add dst-address=41.156.1.0/24 gateway=pppoe-out2 distance=2 ... ... ... /ip route add dst-address=216.5.192.0/21 gateway=pppoe-out2 distance=2 /ip route add dst-address=216.236.176.0/20 gateway=pppoe-out2 distance=2=2 ...  '''NB MAKE SURE THAT THE DISTANCE IS 2!!!''' 


We have +-700 routes for South africa so I obviously didn't put them in  the wiki but you get the idea. Make sure that you use your country  specific IP address's 



Once the local list in excel is complete, you can copy/paste them into the terminal First check the syntax by copying the 1st route and pasting it into a new terminal window 

 
/ip route add dst-address=41.0.0.0/11 gateway=165.146.180.1 distance=2 

OR 

 
/ip route add dst-address=41.0.0.0/11 gateway=pppoe-out2 distance=2 

If that works then copy/paste about 150 at a time into the terminal window... 

Your routes should then look something like this (Without the  gateway IP if you routed via the interface and not a static remote IP  address) 

 
 destination gateway       gateway interface   interface distance routing mark Pref.Source S       0.0.0.0/0                        pppoe-out1                     1 AS 41.0.0.0/11 165.146.180.1           pppoe-out2 2 AS 41.112.0.0/12 165.146.180.1           pppoe-out2 2 AS 41.138.64.0/21 165.146.180.1           pppoe-out2 2 AS 41.144.0.0/13 165.146.180.1           pppoe-out2 2 AS 41.154.0.0/16 165.146.180.1           pppoe-out2 2 AS 41.156.1.0/24 165.146.180.1           pppoe-out2 2 AS 41.156.2.0/24 165.146.180.1           pppoe-out2 2 AS 41.156.32.0/19 165.146.180.1           pppoe-out2 2 AS 41.156.64.0/18 165.146.180.1           pppoe-out2 2 AS 41.157.0.0/17 165.146.180.1           pppoe-out2 2 AS 41.160.0.0/12 165.146.180.1           pppoe-out2 2 AS 41.177.0.0/16 165.146.180.1           pppoe-out2 2 AS 41.180.0.0/15 165.146.180.1           pppoe-out2 2 AS 41.183.0.0/16 165.146.180.1           pppoe-out2 2 AS 41.185.0.0/16 165.146.180.1           pppoe-out2 2 ... ... ... 

Local traffic should now be routed over the pppoe-out2 interface. 

 

  Creating the Unshaped routes 

It is impossible to give all the routes for all games and voip programs but I have included some of the most common 

We will be using Layer7 protocols to detect the relavent traffic aswell as direct ip address's for some games 

Firstly you will need to copy and paste the following list of  layer7 protocols into your terminal window. From the mikrotik website http://www.mikrotik.com/download/l7-protos.rsc 

Image:Layer7.JPG 

Now that your router board can detect gaming and Voip traffic, we  need to separate this traffic from the rest. We use a firewall rule  called mangle. It works by first detecting the traffic according to  known layer7 protocols and then gives it a routing mark which  will be  used to route this traffic over the unshaped account, 

Copy and paste the following commands into your terminal window 

 
/ip firewall mangle add action=mark-routing chain=prerouting comment="Team Speak" disabled=no layer7-protocol=teamspeak new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment="CSS Source" disabled=no layer7-protocol=\     counterstrike-source new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment=BF1942 disabled=no layer7-protocol=battlefield1942 \     new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment=BF2 disabled=no layer7-protocol=battlefield2 \     new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment="Day of Defeat" disabled=no layer7-protocol=\     dayofdefeat-source new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment="Half life deathmatch" disabled=no layer7-protocol=\     halflife2-deathmatch new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment="Quake half life" disabled=no layer7-protocol=\     quake-halflife new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment=Quake1 disabled=no layer7-protocol=quake1 \     new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment="skype out" disabled=no layer7-protocol=skypeout \     new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment=SkypetoSKype disabled=no layer7-protocol=\     skypetoskype new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment=Teamspeak disabled=no layer7-protocol=teamspeak \     new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment="world of warcraft" disabled=no layer7-protocol=\     worldofwarcraft new-routing-mark=Unshaped passthrough=yes add action=mark-routing chain=prerouting comment=xboxlive disabled=no layer7-protocol=xboxlive \     new-routing-mark=Unshaped passthrough=yes 

Now your router can detect the voip/games and give them the routing mark of "Unshaped" 

We still need to tell the router which ADSL account to use for the Unshaped protocols Copy this line into the terminal window 

 
/ip route> add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=Unshaped 

You can also use the ip address's of your favourite online game if they are not covered in the layer 7 protocols 

Simple copy/paste the below command but edit the ip address 

 
/ip route add comment="" disabled=no distance=1 dst-address=x.x.x.x gateway=pppoe-out3 

A list of South African hosted game servers can be found here:http://games.saix.net/ 

For the South Africa Cod4 servers hosted by SAIX, copy/paste the following commands into your terminal 

 
/ip route add comment="" disabled=no distance=1 dst-address=196.4.79.71 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.75 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.75 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.71 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.71 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.8 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.81 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.81 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.71 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.75 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.81 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.8 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.75 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.8 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.81 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.8 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.79 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.79 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.82 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.78 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.78 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.78 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.78 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.81 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.75 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.79 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.82 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.79 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.82 gateway=pppoe-out3 /ip route add comment="" disabled=no distance=1 dst-address=196.4.79.82 gateway=pppoe-out3  

You will only need to do this for the games that you play so select the games from the list http://games.saix.net/ and only add those routes. 

You might have seen that the distance for the unshaped accounts  is 1. This is because some of the games will be hosted locally and will  therefore be included in the local-only routes. To give the unshaped  account priority the distance needs to be lower as the router will  always choose the shortest path 

 

  Conclusion 

We have successfully routed traffic over 3 types of ADSL accounts 

 

  Thanks 

I would like to thank Doctor_za for his video tutorial which I  watched many years ago. It showed how to split local/international  traffic with 2x adsl accounts. 












Posted by





at
22:10


















Labels:
,
























0
comments:
        
















Post a Comment




















        

      







Subscribe to:
Post Comments (Atom)