Send YouTube packets out of one ISP and the rest packets via another ISP

This lab is about how to share packets between two ISP links using a Mikrotik router. I will configure a Mikrotik router to send YouTube packets out of one ISP and the rest packets via another ISP. The need for this demonstration arose from the request made by one of my readers. The task is to ensure that all YouTube packets are sent out through ISP2 while all other traffics go through ISP1.

Why would anyone want to implement a policy such as the one we are about to implement? Well, one of the answers is to make sure that YouTube videos can stream smoothly without buffering. An ISP that has users who watch YouTube videos always can do this as part of quality of service.

Network Topology

Send YouTube packets out of one ISP

Tasks to be performed

To meet the requirements for this lab, the following tasks will be carried out:

  • Create a layer7 protocol for YouTube traffics.
  • Configure a firewall filter rule to capture Youtube IP addresses using the layer7 protocol created above.
  • Configure a mangle routing mark rule to mark YouTube routing for IP addresses in the Youtube address-list
  • Configure a gateway for YouTube traffics using the routing mark created in step three.

Implementation

To successfully implement the policy on a Mikrotik router that will instruct the router to send YouTube packets out of one ISP and the rest packets via another ISP, the following configuration command will be entered on the router.

Creating layer7 protocol for YouTube

/ip firewall layer7-protocol add name=YouTube regexp=^.+(youtube.com).*$

Create a firewall rule to capture YouTube IP addresses and put them in a destination address-list

 

/ip firewall filter add chain=forward action=add-dst-to-address-list layer7-protocol=YouTube src-address=192.168.1.0/24 address-list=youtube_IP_address address-list-timeout=0s

Create a mangle rule to mark routes for destination IP address in the address-list 

/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=YouTube_routing dst-address-list=youtube_traffics

Configure gateways; one for Youtube traffics and another one for other traffics.

/ip route add dst-address=0.0.0.0/0 routing-mark=Youtube_routing gateway=192.168.11.1

add dst-address=0.0.0.0/0 gateway=10.0.0.10

 

You may also like: How users can bypass Mikrotik layer 7 filtering and access blocked websites

 

That is all we need to do to achieve the objective for this lab. However, if we want to have Youtube traffics sent to ISP1 in the event that ISP2 becomes unreachable, we modify the routing table with the following commands.

/ip route add dst-address=0.0.0.0/0 routing-mark=Youtube_route gateway=192.168.11.1 distance=1 check-gateway=ping

add dst-address=0.0.0.0/0 routing-mark=Youtube_routing gateway=10.0.0.10 distance=2

add dst-address=0.0.0.0/0 gateway=10.0.0.10

Verification

Send YouTube packets out of one Send YouTube packets out of one ISP

The images below show the result of tracerts to youtube.com and bbc.com. You can see that while the trace to bbc.com went through 10.0.0.10 (ISP1) that of youtube.com went through 192.168.11.1 (ISP2).

If you have any question, please drop it in the comment box.

If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscibe to my YouTube channel, like my Facebook page and follow me on Twitter.

Spread the love

Timigate

I believe that Africa will advance technologically if knowledge is shared among the living than out of greed, taken to the grave.

Leave a Reply

Your email address will not be published. Required fields are marked *