Posted: Sun Aug 28, 2022 22:34 Post subject: Static Routing not working Firmware: DD-WRT v3.0-r49467 N66u
Hello, I hope everyone is well along with their loved ones.
I Have to Dd-wrt routers, on the main router (router A [10.1.1.1] n66u, small metered-like connection) i have a static route for googlevideo.com servers to go out on router B which has a gigabit connection
For Example I have rr5---sn-vgqsknz7.googlevideo.com (74.125.159.138) route to go out on 10.1.1.2 (router B), the traceroute route works fine from SSH router A or client PC
but pinging it goes out directly ignoring the static routes
also clients behind router A have the same result, pinging goes out directly ignoring static routes.
ping rr5---sn-vgqsknz7.googlevideo.com #this is ignoring the static route as ping is higher)
PING rr5---sn-vgqsknz7.googlevideo.com (74.125.159.138): 56 data bytes
64 bytes from 74.125.159.138: seq=0 ttl=59 time=65.400 ms
traceroute to rr5---sn-vgqsknz7.googlevideo.com (74.125.159.138), 30 hops max, 38 byte packets
1 10.1.1.2 (10.1.1.2) 0.753 ms 0.447 ms 0.405 ms
...goes out fine
When I watch a the youtube video on the Windows PC using rr5---sn-vgqsknz7.googlevideo.com it ignores the static route in router A, but when i traceroute it, it follows the static route from router A, and when I ping rr5---sn-vgqsknz7.googlevideo.com from the Windows client PC it does not use the static route
From Windows PC behind router A
Code:
Pinging rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138] with 32 bytes of data:
Reply from 74.125.159.138: bytes=32 time=64ms TTL=124
#if it was going out of router B time=would be about 40ms)
From Windows client behind router A
Code:
Tracing route to rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms routerA [10.1.1.1]
2 <1 ms <1 ms <1 ms 10.1.1.2 #router B takes cover
3 18 ms 17 ms 17 ms etc
if i create static route on Windows directly bypassing DD-WRT router A entry routes everything works fine.
Tracing route to rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.1.1.2
2 <1 ms 1 ms <1 ms #and so on
Pinging rr5.sn-vgqsknz7.googlevideo.com [74.125.159.138] with 32 bytes of data:
Reply from 74.125.159.138: bytes=32 time=47ms TTL=60 #ping is lower
OK!
I don't agree that you can accurately assess if the static route is being used based on the timing. That's far too speculative. There may be other factors at play here.
A common mistake in this case is the failure to SNAT the traffic from router A to router B when the redirection takes place. Remember that router A is *still* tracking the connection. By failing to SNAT, the response from router B goes directly back to the client, rather than being routed *first* back to router A, then the client.
The use of SNAT keeps the state of connections "in order". Without it, those connections are just left hanging until they timeout. And this may be causing issues w/ followup packets on those connections. IOW, you just keep pumping packets to router A, which never gets replies back since they get routed back to the client directly via router B.
At the very least, I would add an SNAT to router A and see if it helps.
Granted, there may be some other issue here, but I would correct this one first and see what happens.
That's why having other gateways inside the same LAN, all of which are managing connections and their state, can be problematic. Ideally, only one of them should actually be doing so, specifically the one that routes that traffic outside the local network, NOT the intermediaries.
Given that, I suppose the other solution would be to NOT track those particular connections in the first place.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Tue Aug 30, 2022 7:43 Post subject:
Your browser or Youtube app might have their own DNS resolution so maybe they are using other servers, besides Youtube has a lot of servers and you are dynamically switched to one.
I once did a write up to block Youtube video and you need a lot of domains to block and use IPSET to dynamically get all IP addresses involved