<

Setup Mikrotik routers with OSPF…

Published on
8,245 Points
5,245 Views
Last Modified:
Dirk Mare
Bio
I have 12+ years of experience in diagnosing and resolving technical/customer inquiries.
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After weeks of having issues on my network with numerous outages I decided to build in some kind of automatic failover using an Open Shortest Path First (OSPF) network. In this article I will be using a lab of virtual Mikrotik routers. Attached is a simple network diagram with basic network configuration.

OSPF: http://wiki.mikrotik.com/wiki/Manual:Routing/OSPF

Full-diagram.PNG
From the above diagram you can see that there are seven sites. On the left we have three sites connected to the Internet and on the right we have two sites connected via a private multiprotocol label switching (MPLS) network. The middle sites are connected to both Internet and the private network. My goal was to have failover (redundancy) between JHB (Router 1) and CPT (Router 2) on both the Internet and the private network and if either side of the link where to drop, OSPF would find the best route and restore connectivity via another link/connection and at the same time distribute the new route to all other connect routers.

Let’s start with JHB = Router1 I will explain the first router in more detail.

Give your router a name this makes it easier to identify as all routers will have default name of “Mikrotik”
 
/system identity set name="Router 1-JHB"

Open in new window


Create the OSPF loopback interface and rename the Ethernet ports; I’m using a loopback interface because it is reliable and will never go down like other interfaces, unless the router is dead. OSPF treats loopback interfaces as stub networks  and advertises them as host routes. In this state, the interface is unavailable for regular data traffic. However, it is still available for testing like ICMP pings. For this reason, IP packets may still be addressed to an interface in loopback state.
 
/interface bridge add name="OSPF Loopback"
/interface ethernet
set 0 name="ether1: Public"
set 1 name="ether2: Private"
set 2 name="ether3: LAN"

Open in new window


Assign the IP address to the routers Ethernet interfaces and OSPF loopback bridge;
 
/ip address
add address=1.1.1.1/27 interface="ether1: Public" network=1.1.1.0
add address=172.16.0.1/24 interface="ether2: Private" network=172.16.0.0
add address=196.168.1.10/24 interface="ether3: LAN" network=196.168.1.0
add address=10.0.0.1/32 interface="OSPF Loopback" network=10.0.0.1

Open in new window


Create an IP pool for VPN IPs; this step is not necessary as all the VPN PPTP profiles will be configured with statics. I always create IP pools to ensure the IPs never get used (Reservation).
 
/ip pool add name=PPTP-VPN ranges=10.0.1.1-10.0.1.30

Open in new window


Enable the PPTP server and add the VPN Profile; The VPN profile will be used by remote internet sites connecting to the router via PPTP, we use the same IP address as the OSPF loopback and router ID. This ensures minimal IP range and subnet usage and ease of management.
 
/interface pptp-server server set enabled=yes
/ppp profile add change-tcp-mss=yes local-address=10.0.0.1 name="VPN PPTP" remote-address=PPTP-VPN use-encryption=yes

Open in new window


Create PPTP secrets for Internet sites. The PPTP profiles below are used by the remote “Internet" sites to connect to both Router 1 JHB and Router 2 CPT. L2TP can also be used and I would recommend it. Please note the PPTPs are set to disabled.
 
/ppp secret
add disabled=yes name="JHB-USA" password=test123 profile="VPN PPTP" remote-address=10.0.1.5
add disabled=yes name="JHB-UK" password=test123 profile="VPN PPTP" remote-address=10.0.1.6
add disabled=yes name="JHB-NZ" password=test123 profile="VPN PPTP" remote-address=10.0.1.7
add disabled=yes name="JHB-CPT" password=test123 profile="VPN PPTP" remote-address=10.0.1.2

Open in new window


Enable OSPF, and create area and networks. Please note that networks are disabled; the OSPF router ID will get the same IP as the loopback we created earlier. You can use the default area id network but I prefer to create a new one. Add all the local IP address ranges to the network OSPF; you have to define the networks on which OSPF will run and associate a area for each of these networks. Note for point-to-point interfaces the address of the remote endpoint must be used.
 
/routing ospf instance set [ find default=yes ] router-id=10.0.0.1
/routing ospf area add area-id=0.0.0.1 name=area1
/routing ospf network
add area=area1 disabled=yes network=196.168.1.0/24
add area=area1 disabled=yes network=172.16.0.0/24
add area=area1 disabled=yes network=10.0.1.0/27

Open in new window


Add a queue to interfaces to simulate real world network bandwidth; because all the interfaces are running at gigabit speeds in the lab I’m limiting the interfaces to the specific connection speeds for a more realistic experience.
 
/queue simple
add max-limit=50M/50M name="Limit Public to 50Mbps" target="ether1: Public"
add max-limit=100M/100M name="Limit Private to 100Mbps" target="ether2: Private"

Open in new window


CPT = Router2;
 
/system identity set name="Router 2-CPT"
/interface bridge add name="OSPF Loopback"
/interface ethernet
set 0 name="ether1: Public"
set 1 name="ether2: Private"
set 2 name="ether3: LAN"
/ip address
add address=1.1.1.2/27 interface="ether1: Public" network=1.1.1.0
add address=172.16.0.2/24 interface="ether2: Private" network=172.16.0.0
add address=196.168.2.10/24 interface="ether3: LAN" network=196.168.2.0
add address=10.0.0.2/32 interface="OSPF Loopback" network=10.0.0.2
/ip pool add name=PPTP-VPN ranges=10.0.2.1-10.0.2.30
/interface pptp-server server set enabled=yes
/ppp profile add change-tcp-mss=yes local-address=10.0.0.2 name="VPN PPTP" remote-address=PPTP-VPN use-encryption=yes
/ppp secret
add disabled=yes name="CPT-USA" password=test123 profile="VPN PPTP" remote-address=10.0.2.5
add disabled=yes name="CPT-UK" password=test123 profile="VPN PPTP" remote-address=10.0.2.6
add disabled=yes name="CPT-NZ" password=test123 profile="VPN PPTP" remote-address=10.0.2.7
/interface pptp-client
add connect-to=1.1.1.1 disabled=no name=CPT-JHB password=test123 user=JHB-CPT
/routing ospf instance set [ find default=yes ] router-id=10.0.0.2
/routing ospf area add area-id=0.0.0.1 name=area1
/routing ospf network
add area=area1 disabled=yes network=196.168.2.0/24
add area=area1 disabled=yes network=172.16.0.0/24
add area=area1 disabled=yes network=10.0.2.0/27
add area=area1 disabled=yes network=10.0.0.0/27
/queue simple
add max-limit=20M/20M name="Limit Public to 20Mbps" target="ether1: Public"
add max-limit=100M/100M name="Limit Private to 100Mbps" target="ether2: Private"

Open in new window


NAM = Router 3;
 
/system identity set name="Router 3-NAM"
/interface bridge add name="OSPF Loopback"
/interface ethernet
set 0 name="ether1: Private"
set 1 name="ether2: LAN"
/ip address
add address=172.16.0.3/24 interface="ether1: Private" network=172.16.0.0
add address=196.168.3.10/24 interface="ether2: LAN" network=196.168.3.0
add address=10.0.0.3/32 interface="OSPF Loopback" network=10.0.0.3
/routing ospf instance set [ find default=yes ] router-id=10.0.0.3
/routing ospf area add area-id=0.0.0.1 name=area1
/routing ospf network
add area=area1 network=196.168.3.0/24
add area=area1 network=172.16.0.0/24
/queue simple
add max-limit=40M/40M name="Limit Private to 40Mbps" target="ether1: Private"

Open in new window


LES = Router 4
 
/system identity set name="Router 4-LES"
/interface bridge add name="OSPF Loopback"
/interface ethernet
set 0 name="ether1: Private"
set 1 name="ether2: LAN"
/ip address
add address=172.16.0.4/24 interface="ether1: Private" network=172.16.0.0
add address=196.168.4.10/24 interface="ether2: LAN" network=196.168.4.0
add address=10.0.0.4/32 interface="OSPF Loopback" network=10.0.0.4
/routing ospf instance set [ find default=yes ] router-id=10.0.0.4
/routing ospf area add area-id=0.0.0.1 name=area1
/routing ospf network
add area=area1 network=196.168.4.0/24
add area=area1 network=172.16.0.0/24
/queue simple
add max-limit=1M/1M name="Limit Private to 1Mbps" target="ether1: Private"

Open in new window


USA = Router 5
 
/system identity set name="Router 5-USA"
/interface bridge add name="OSPF Loopback"
/interface ethernet
set 0 name="ether1: Public"
set 1 name="ether2: LAN"
/ip address
add address=1.1.1.5/27 interface="ether1: Public" network=1.1.1.0
add address=196.168.5.10/24 interface="ether2: LAN" network=196.168.5.0
add address=10.0.0.5/32 interface="OSPF Loopback" network=10.0.0.5
/interface pptp-client
add connect-to=1.1.1.2 disabled=no name=USA-CPT password=test123 user=CPT-USA
add connect-to=1.1.1.1 disabled=no name=USA-JHB password=test123 user=JHB-USA
/routing ospf instance set [ find default=yes ] router-id=10.0.0.5
/routing ospf area add area-id=0.0.0.1 name=area1
/routing ospf network
add area=area1 network=196.168.5.0/24
add area=area1 network=10.0.0.0/27
/queue simple
add max-limit=5M/5M name="Limit Public to 5Mbps" target="ether1: Public"

Open in new window


UK = Router 6
 
/system identity set name="Router 6-UK"
/interface bridge add name="OSPF Loopback"
/interface ethernet
set 0 name="ether1: Public"
set 1 name="ether2: LAN"
/ip address
add address=1.1.1.6/27 interface="ether1: Public" network=1.1.1.0
add address=196.168.6.10/24 interface="ether2: LAN" network=196.168.6.0
add address=10.0.0.6/32 interface="OSPF Loopback" network=10.0.0.6
/interface pptp-client
add connect-to=1.1.1.2 disabled=no name=UK-CPT password=test123 user=CPT-UK
add connect-to=1.1.1.1 disabled=no name=UK-JHB password=test123 user=JHB-UK
/routing ospf instance set [ find default=yes ] router-id=10.0.0.6
/routing ospf area add area-id=0.0.0.1 name=area1
/routing ospf network
add area=area1 network=196.168.6.0/24
add area=area1 network=10.0.0.0/27
/queue simple
add max-limit=1M/1M name="Limit Public to 1Mbps" target="ether1: Public"

Open in new window


 NZ = Router 7
 
/system identity set name="Router 7-NZ"
/interface bridge add name="OSPF Loopback"
/interface ethernet
set 0 name="ether1: Public"
set 1 name="ether2: LAN"
/ip address
add address=1.1.1.7/27 interface="ether1: Public" network=1.1.1.0
add address=196.168.7.10/24 interface="ether2: LAN" network=196.168.7.0
add address=10.0.0.7/32 interface="OSPF Loopback" network=10.0.0.7
/interface pptp-client
add connect-to=1.1.1.2 disabled=no name=NZ-CPT password=test123 user=CPT-NZ
add connect-to=1.1.1.1 disabled=no name=NZ-JHB password=test123 user=JHB-NZ
/routing ospf instance set [ find default=yes ] router-id=10.0.0.7
/routing ospf area add area-id=0.0.0.1 name=area1
/routing ospf network
add area=area1 network=196.168.7.0/24
add area=area1 network=10.0.0.0/27
/queue simple
add max-limit=10M/10M name="Limit Public to 10Mbps" target="ether1: Public"

Open in new window

Example:
Link-failure.PNG
If the private link on JHB (Router 1) were to fail all traffic going to NAM (Router 3) and LES (Router 4) would automatically failover to CPT (Router 2) via the Internet. All the other routers would also get updated routes from OSPF to route traffic via CPT (Router2). This would prevent downtime and manual updating of IP routes and as soon as the primary link is restored the OSPF would failback to the faster more direct (least hops to destination) connection.

Thank you for reading my article, please leave valuable feedback. If you liked this article and would like to see more, please click the “Good Article button?”

I look forward to hearing from you.

Update: Video Micro Tutorials are now available:
http://www.experts-exchange.com/videos/1398/Setup-Mikrotik-routers-with-OSPF-Part-1.html

DirkMare
 
0
Comment
Author:Dirk Mare
0 Comments

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Join & Write a Comment

NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month