Настройка netmap на mikrotik

Одновременное использование двух провайдеров в MikroTik

Будет рассмотрена ситуация, когда нужно использовать одновременно две линии интернета по принципу:

• Группа-1(192.168.0.2-192.168.0.100) – через провайдера-1;
• Группа-2(192.168.0.101-192.168.0.200) – через провайдера-2;

Различные варианты это схемы чаще всего используются для серверов, но также и популярны в сетях с большой нагрузкой.

Для удобства редактирования групп будут созданы Address List, в которые необходимо добавлять или удалять узлы, которые будут назначать или провайдеру-1 или провайдеру-2.

Настройка находится в IP->Firewall-Address Lists

Подготовленные адрес листы, а точнее маршруты в интернет нужно промаркировать с помощью Mangle

Настройка находится в IP->Firewall-Mangle

/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/24 \
new-routing-mark=Group-1-Route passthrough=yes src-address-list=Group-1

Аналогичную маркировку в разделе Mangle нужно создать для Group-2.

Настройка находится в IP->Routes

/ip route
add gateway=10.10.10.10 routing-mark=Groupe-1-Route
add gateway=11.11.11.11 routing-mark=Groupe-2-Route

Стоит обратить внимание на параметр Distance, в этой схеме он не участвует. Но если нужно расширить эту схему автоматическим переключением на резервную линию между провайдерами, достаточно добавить два статических маршрута со значением distance 1 и 2

Sham link

Sub-menu:

Description

A sham-link is required between any two VPN sites that belong to the same OSPF area and share an OSPF backdoor link. If there is no intra-area link between the CE routers, you do not need to configure an OSPF sham link.

Sham link must be configured on both sides.

For a sham link to be active, two conditions must be met:

• src-address is a valid local address with /32 netmask in OSPF instance’s routing table.
• there is a valid route to dst-address in the OSPF instance’s routing table.

When the sham link is active, hello packets are sent on it only until the neighbor reaches full state. After that, hello packet sending on the sham link is suppressed.

RouterOS does not support periodic LSA refresh suppression on sham-links yet.

Properties

External Routing Information

On the edge of an OSPF routing domain, you can find routers called AS boundary routers (ASBRs) that run one of other routing protocols. The job of those routers are to import routing information learned from other routing protocols into the OSPF routing domain.
External routes can be imported at two separate levels depending on metric type.

• type1 — ospf metric is the sum of the internal OSPF cost and the external route cost
• type2 — ospf metric is equal only to the external route cost.

OSPF provides several area types: , , and . All areas are covered later in the article.

Backbone area is the core of all OSPF network, all areas have to be connected to backbone area. Start configuring OSPF from backbone and then expand network configuration to other areas.

Database Synchronization

Link-state Database synchronization between OSPF routers are very important.

initial database synchronization

reliable flooding.

When the connection between two neighbors first come up, initial database synchronization will happen. Unsynchronized databases may lead to calculation of incorrect routing table, resulting in routing loops or black holes.
OSPF is using explicit database download when neighbor connections first come up. This procedure is called Database exchange. Instead of sending the entire database, OSPF router sends only its LSA headers in a sequence of OSPF Database Description (DD) packets. Router will send next DD packet only when previous packet is acknowledged. When entire sequence of DD packets has been received, router knows which LSAs it does not have and which LSAs are more recent. The router then sends Link-State Request (LSR) packets requesting desired LSAs, and the neighbor responds by flooding LSAs in Link-State Update (LSU) packets. After all updates are received neighbors are said to be fully adjacent.

Reliable flooding is another database synchronization method. It is used when adjacencies are already established and OSPF router wants to inform other routers about LSA changes. When OSPF router receives such Link State Update, it installs new LSA in link-state database, sends an acknowledgement packet back to sender, repackages LSA in new LSU and sends it out all interfaces except the one that received the LSA in the first place.

OSPF determines if LSAs are up to date by comparing sequence numbers. Sequence numbers start with 0×80000001, the larger the number, the more recent the LSA is. Sequence number is incremented each time the record is flooded and neighbor receiving update resets Maximum age timer. LSAs are refreshed every 30 minutes, but without a refresh LSA remains in the database for maximum age of 60 minutes.

Databases are not always synchronized between all OSPF neighbors, OSPF decides whether databases needs to be synchronized depending on network segment, for example, on point-to-point links databases are always synchronized between routers, but on ethernet networks databases are synchronized between certain neighbor pairs.

Synchronization on Broadcast Subnets

On broadcast segment there are n*(n-1)/2 neighbor relations, it will be huge amount of Link State Updates and Acknowledgements sent over the subnet if OSPF router will try to synchronize with each OSPF router on the subnet.

This problem is solved by electing one Designated Router and one Backup Designated Router for each broadcast subnet. All other routers are synchronizing and forming adjacencies only with those two elected routers. This approach reduces amount of adjacencies from n*(n-1)/2 to only 2n-3.

Image on the right illustrates adjacency formations on broadcast subnets. Routers R1 and R2 are Designated Router and Backup Designated router respectively. For example, R3 wants to flood Link State Update (LSU) to both R1 and R2, router sends LSU to IP multicast address AllDRouters (224.0.0.6) and only DR and BDR listens to this multicast address. Then Designated Router sends LSU addressed to AllSPFRouters, updating the rest of the routers.

DR election

DR and BDR routers are elected from data received in Hello packet. The first OSPF router on a subnet is always elected as Designated Router, when second router is added it becomes Backup Designated Router. When existing DR or BDR fails new DR or BDR is elected taking into account configured . Router with the highest priority becomes the new DR or BDR.

Being Designated Router or Backup Designated Router consumes additional resources. If Router Priority is set to 0, then router is not participating in the election process. This is very useful if certain slower routers are not capable of being DR or BDR.

Synchronization on NBMA Subnets

Database synchronization on NBMA networks are similar as on broadcast networks. DR and BDR are elected, databases initially are exchanged only with DR and BDR routers and flooding always goes through the DR. The only difference is that Link State Updates must be replicated and sent to each adjacent router separately.

On PTMP subnets OSPF router becomes adjacent to all other routes with which it can communicate directly.

Route Summarization

Route summarization is consolidation of multiple routes into one single advertisement. It is normally done at the area boundaries (Area Border Routers), but summarization can be configured between any two areas.

It is better to summarize in the direction to the backbone. Then way the backbone receives all the aggregate addresses and injects them into other areas already summarized. There are two types of summarization: inter-area and external route summarization.

Inter-Area Route Summarization

Inter-area route summarization is done on ABRs, it does not apply to external routes injected into OSPF via . Summarization configuration is done in menu.