routing training course
Post on 03-Apr-2018
218 Views
Preview:
TRANSCRIPT
-
7/28/2019 Routing Training Course
1/93
MikroTik RouterOS
Training
Routing
-
7/28/2019 Routing Training Course
2/93
MikroTik 2008 2
Schedule
09:00 10:30 Morning Session I10:30 11:00 Morning Break
11:00 12:30 Morning Session II
12:30 13:30 Lunch Break13:30 15:00 Afternoon Session I
15:00 15:30 Afternoon Break
15:30 17:00 (18.00) Afternoon Session II
-
7/28/2019 Routing Training Course
3/93
MikroTik 2008 3
Instructors
-
7/28/2019 Routing Training Course
4/93
MikroTik 2008 4
Housekeeping
Course materialsRouters, cables
Break times and lunch
Restrooms and smoking area locations
-
7/28/2019 Routing Training Course
5/93
MikroTik 2008 5
Course Objective
Provide thorough knowledge and hands-ontraining for MikroTik RouterOS basic andadvances routing capabilities for small and
medium size networksUpon completion of the course you will be ableto plan, implement, adjust and debug routedMikroTik RouterOS network configurations.
-
7/28/2019 Routing Training Course
6/93
MikroTik 2008 6
Introduce Yourself
Please, introduce yourself to the classYour name
Your Company
Your previous knowledge about RouterOSYour previous knowledge about networking
What do you expect from this course?
Please, remember your class XY number.(X is number of the row, Y is your seat number in the row)
My number is:_________
-
7/28/2019 Routing Training Course
7/93
MikroTik 2008 7
Class Setup Lab
Create an 192.168.XY.0/24 Ethernet networkbetween the laptop (.1) and the router (.254)
Connect routers to the AP SSID ap_rb532
Assign IP address 10.1.1.XY/24 to the wlan1Main GW and DNS address is 10.1.1.254
Gain access to the internet from your laptops
via local routerCreate new user for your router and changeadmin access rights to read
-
7/28/2019 Routing Training Course
8/93
MikroTik 2008 8
Class Setup
-
7/28/2019 Routing Training Course
9/93
MikroTik 2008 9
Class setup Lab (cont.)
Set system identity of the board and wirelessradio name to XY_. Example:00_Janis
Upgrade your router to the latest MikrotikRouterOS version 3.x
Upgrade your Winbox loader version
Set up NTP client use 10.1.1.254 as server
Create a configuration backup and copy it tothe laptop (it will be default configuration)
-
7/28/2019 Routing Training Course
10/93
MikroTik 2008 10
Simple Routing
Distance, Policy Routing, ECMP, Scope,
Dead-End and Recursive Next-HopResolving
-
7/28/2019 Routing Training Course
11/93
MikroTik 2008 11
Simple Static Route
Only one gateway fora single network
More specific routesin the routing tablehave higher prioritythan less specific
Route with destination
network 0.0.0.0/0basically meanseverything else
-
7/28/2019 Routing Training Course
12/93
MikroTik 2008 12
Simple Routing Lab
Ask teacher to join you in a group of 4 andassign specific group number Z
Use any means necessary (cables, wireless) tocreate IP network structure from the next slide
Remove any NAT (masquerade) rules from yourrouters
By using simple static routes only ensure
connectivity between laptops
-
7/28/2019 Routing Training Course
13/93
MikroTik 2008 13
IP Network Structure
192
.168
.Z.192
/26
192.16
8.Z.64
/26
192.168.Z.128/26
192.168.Z.0/26
10.10.Z.0/30
To Main AP
To LaptopTo Laptop
To Laptop
To Laptop
Z your group number
-
7/28/2019 Routing Training Course
14/93
MikroTik 2008 14
Questions!
Is it possible to manually create routes that willensure
load balancing
failover
best path
Is it possible to create routes in this situation?
Lets take a look!
-
7/28/2019 Routing Training Course
15/93
MikroTik 2008 15
ECMP Routes
ECMP (Equal CostMulti Path) routeshave more than onegateway to the same
remote networkGateways will beused in Round Robinper SRC/DSTaddress combination
Same gateway can bewritten several times!!
-
7/28/2019 Routing Training Course
16/93
MikroTik 2008 16
Check-gateway Option
You can set router to check gatewayreachability using ICMP (ping) or ARP protocols
If gateway is unreachable in a simple route the route will become inactive
If one gateway is unreachable in an ECMProute, only the reachable gateways will be usedin the Round Robin algorithm
If Check-gateway option is enabled on oneroute it will affect all routes with that gateway.
-
7/28/2019 Routing Training Course
17/93
MikroTik 2008 17
ECMP Lab
To avoid routing loopsOnly one participant creates ECMP to every192.168.XY.0/24 network with check-gateway
Other participants adjust simple routes to reach
each other without routes though the first participant
Check the redundancy
Use traceroute to examine the setup
Use Undo to get back pre-lab configuration -only then proceed to next participant andstart over
-
7/28/2019 Routing Training Course
18/93
MikroTik 2008 18
Configuration Example
-
7/28/2019 Routing Training Course
19/93
MikroTik 2008 19
Distance Option
To prioritize one route over another, if they bothpoint to the same network, using distanceoption.
When forwarding a packet, the router will usethe route with the lowest distance and reachablegateway
-
7/28/2019 Routing Training Course
20/93
MikroTik 2008 20
Route Distance Lab
Create 2 separate routes for each participantslocal network:
One route clockwise with Distance=1
One route anticlockwise with Distance=2
Check the redundancy by disabling clockwisegateway IP addresses
Use traceroute to examine the setup
-
7/28/2019 Routing Training Course
21/93
MikroTik 2008 21
Route Distance LabTo Main AP
To Laptop
To Laptop
To Laptop
To Laptop
BACKUPLINK
-
7/28/2019 Routing Training Course
22/93
MikroTik 2008 22
Configuration Example
-
7/28/2019 Routing Training Course
23/93
MikroTik 2008 23
Observed Behaviour
Traffic has no problems to pass clockwise
In the case of check-gateway failure onlyaffected router will pass traffic anticlockwise every other router will continue to send itclockwise
Solution:
If traffic starts to go anticlockwise, it should berouted anticlockwise until it reaches destination
-
7/28/2019 Routing Training Course
24/93
MikroTik 2008 24
Routing Mark
To assign specific traffic to the route trafficmust be identified by routing mark
Routing marks can be assigned by IP firewallmangle facility only in chains prerouting and
output
Packets with the routing mark will be ignored bymain routing table, if there is at least one route
for that routing mark (if none main routing tablewill be used)
Each packet can have only one routing mark
-
7/28/2019 Routing Training Course
25/93
MikroTik 2008 25
Routing Policy Lab
Mark all traffic that passes the router (chainprerouting) in anticlockwise direction
Create a route for marked traffic (use routing-mark option) and send it in anticlockwise
direction
Check the redundancy by disabling clockwisegateway IP addresses
Use traceroute to examine the setup
-
7/28/2019 Routing Training Course
26/93
MikroTik 2008 26
Mark Routing Rule Example
-
7/28/2019 Routing Training Course
27/93
MikroTik 2008 27
Configuration Example
-
7/28/2019 Routing Training Course
28/93
MikroTik 2008 28
Time To Live (TTL)
TTL is a limit of Layer3 devices that IP packetcan experience before it should be discarded
TTL default value is 64 and each router reducevalue by one just before forwarding decision
TTL can be adjusted in IP firewall mangefacility
Router will not pass traffic to the next device if itreceives IP packet with TTL=1
Useful application: eliminate possibility forclients to create masqueraded networks
-
7/28/2019 Routing Training Course
29/93
MikroTik 2008 29
Changing TTL
-
7/28/2019 Routing Training Course
30/93
MikroTik 2008 30
Recursive Next-hop Resolving
It is possible to specify gateway to network evenif gateway is not directly reachable by usingrecursive next-hop resolving from any existingroute
Useful for setups where middle section betweenyour router and the gateway is not constant(iBGP for example)
One route must be in scope of other route forrecursive next-hop resolving to work
-
7/28/2019 Routing Training Course
31/93
MikroTik 2008 31
Scope/Target-Scope
Route's scope contains all routes that scopevalue is less or equal to its target-scope value
Example:
0 ADC dst-address=1.1.1.0/24 pref-src=1.1.1.1interface=ether1 scope=10 target-scope=0
1 A S dst-address=2.2.2.0/24 gateway=1.1.1.254interface=ether1 scope=30 target-scope=10
2 A S dst-address=3.3.3.0/24 gateway=2.2.2.254interface=ether1 scope=30 target-scope=30
-
7/28/2019 Routing Training Course
32/93
MikroTik 2008 32
-
7/28/2019 Routing Training Course
33/93
MikroTik 2008 33
Other Options
Type option allows to create dead-end(blackhole/prohibit/unreachable)routes to blocksome networks to be routed further in thenetwork
Preferred Source option points preferredrouter source address for locally originatedpackets
-
7/28/2019 Routing Training Course
34/93
MikroTik 2008 34
Clean-up Lab
Delete all mangle rulesDelete all IP routes
Leave all IP addresses and network structure
intact
-
7/28/2019 Routing Training Course
35/93
MikroTik 2008
O p e n S h o r t e s t P a t h F i r s t
(OSP F)
Areas, Costs, Virtual links,
Route Redistribution and Aggregation
OSPF P t l
-
7/28/2019 Routing Training Course
36/93
MikroTik 2008 36
OSPF Protocol
Open Shortest Path First protocol uses alink-state and Dijkstra algorithm to build andcalculate the shortest path to all knowndestination networks
OSPF routers use IP protocol 89 forcommunication with each other
OSPF distributes routing information betweenthe routers belonging to a single autonomoussystem (AS)
A t S t (AS)
-
7/28/2019 Routing Training Course
37/93
MikroTik 2008 37
Autonomous System (AS)
An autonomous system is a collection of IPnetworks and routers under the control of oneentity (OSPF, iBGP ,RIP) that presents acommon routing policy to rest of the network
AS is identified by 16 bit number (0 - 65535)Range from 1 to 64511 for use in the Internet
Range from 64512 to 65535 for private use
OSPF Areas
-
7/28/2019 Routing Training Course
38/93
MikroTik 2008 38
OSPF Areas
OSPF allows collections of routers to begrouped together (
-
7/28/2019 Routing Training Course
39/93
MikroTik 2008 39
OSPF AS
AreaArea
Area Area
Router Types
-
7/28/2019 Routing Training Course
40/93
MikroTik 2008 40
Router Types
Autonomous System Border Router (ASBR) - arouter that is connected to more than one AS.
An ASBR is used to distribute routes received fromother ASes throughout its own AS
Area Border Router (ABR) - a router that isconnected to more than one OSPF area.
An ABR keeps multiple copies of the link-statedatabase in memory, one for each area
Internal Router (IR) a router that is connectedonly to one area
OSPF AS
-
7/28/2019 Routing Training Course
41/93
MikroTik 2008 41
AreaArea
Area Area
ABR
ASBR
ABR
ASBR
ABR
OSPF AS
Backbone Area
-
7/28/2019 Routing Training Course
42/93
MikroTik 2008 42
Backbone Area
The backbone area (area-id=0.0.0.0) forms thecore of an OSPF network
The backbone is responsible for distributingrouting information between non-backbone
areasEach non-backbone area must be connected tothe backbone area (directly or using virtuallinks)
Virtual Links
-
7/28/2019 Routing Training Course
43/93
MikroTik 2008 43
Virtual Links
Also Used to connect two parts of a partitionedbackbone area through a non-backbone area
Used to connectremote areas tothe backbonearea through anon-backbonearea
OSPF AS
-
7/28/2019 Routing Training Course
44/93
MikroTik 2008 44
Virtual Link
ASBR
area-id=0.0.0.1
area-id=0.0.0.0
area-id=0.0.0.2 area-id=0.0.0.3
OSPF AS
OSPF Areas
-
7/28/2019 Routing Training Course
45/93
MikroTik 2008 45
OSPF Areas
OSPF Networks
-
7/28/2019 Routing Training Course
46/93
MikroTik 2008 46
OSPF Networks
You should use exact networks from routerinterfaces (do not aggregate them)
It is necessaryto specifynetworks andassociatedareas where tolook for otherOSPF routers
OSPF Neighbour States
-
7/28/2019 Routing Training Course
47/93
MikroTik 2008 47
OSPF Neighbour States
Full: link statedatabasescompletelysynchronized
2-Way:bidirectionalcommunicationestablished
Down,Attempt,Init,Loading,ExStart,Exchange:not completely running!
OSPF Area Lab
-
7/28/2019 Routing Training Course
48/93
MikroTik 2008 48
OSPF Area Lab
Create your own area
area name Area
area-id=0.0.0.
Assign networks to the areas
Check your OSPF neighbors and routing tables
Owner of the ABR should also configure
backbone area and networks
Main AP should be in ABR's OSPF neighbor list
OSPF Settings
-
7/28/2019 Routing Training Course
49/93
MikroTik 2008 49
OSPF Settings
Router ID can be left as 0.0.0.0 then largest IPaddress assigned to the router will be used
Router IDmust beuniquewithin theAS
What to Redistribute?
-
7/28/2019 Routing Training Course
50/93
MikroTik 2008 50
What to Redistribute?
1
3
{5
2
}
2
4
Default route is not considered as static route
Redistribution Settings
-
7/28/2019 Routing Training Course
51/93
MikroTik 2008 51
Redistribution Settings
if-installed - send the default route only if it has
been installed (static, DHCP, PPP, etc.)
always - always send the default route
as-type-1 remote routing decision to this
network will be made based on the sum of theexternal and internal metrics
as-type-2 remote routing decision to this
network will be made based only on externalmetrics (internal metrics will become trivial)
External Type 1 Metrics
-
7/28/2019 Routing Training Course
52/93
MikroTik 2008 52
ASBR
Cost=10
Cost=10
Cost=10
Cost=10
Cost=10
Source
Cost=10
Cost=9Destination
Total Cost=40
Total Cost=49
External Type 1 Metrics
External Type 2 Metrics
-
7/28/2019 Routing Training Course
53/93
MikroTik 2008 53
ASBR
Costtrivial
Costtrivial
Costtrivial
Costtrivial
Costtrivial
Source
Cost=10
Cost=9
Destination
Total Cost=10
Total Cost=9
te a ype et cs
Redistribution Lab
-
7/28/2019 Routing Training Course
54/93
MikroTik 2008 54
Enable type 1 redistribution for all connected
routes
Take a look at the routing table
Add one static route to 172.16.XY.0/24 network
Enable type 1 redistribution for all static routes
Take a look at the routing table
Interface Cost
-
7/28/2019 Routing Training Course
55/93
MikroTik 2008 55
Choose correct network type for the interface
All interfaces
have defaultcost of 10
To overridedefault setting
you should addnew entry ininterface menu
Designated Routers
-
7/28/2019 Routing Training Course
56/93
MikroTik 2008 56
g
To reduce OSPF traffic in NBMA and broadcast
networks, a single source for routing updateswas introduced - Designated Router (DR)
DR maintains a complete topology table of the
network and sends the updates to the othersRouter with the highest priority (previous slide)will be elected as DR
Router with next priority will be elected asBackup DR (BDR)
Router with priority 0 will never be DR or BDR
OSPF Interface Lab
-
7/28/2019 Routing Training Course
57/93
MikroTik 2008 57
Choose correct network type for all OSPF
interfaces
Assign costs (next slide) to ensure one waytraffic in the area
Check your routing table for ECMP routes
Assign necessary costs so backup link will beused only when some other link fails
Check OSPF network redundancy!
Ensure ABR to be DR your area, but not inbackbone area
Costs
-
7/28/2019 Routing Training Course
58/93
MikroTik 2008 58
To Main AP
To Laptop
To Laptop
To Laptop
To Laptop
ABR
BACKUPLINK
100
100
100
100
10
10
10
10
??????
NBMA Neighbors
-
7/28/2019 Routing Training Course
59/93
MikroTik 2008 59
For non-broadcast
networks it isnecessary tospecify neighborsmanually
The priority determines the neighbor chance tobe elected as a Designated router
Stub Area
-
7/28/2019 Routing Training Course
60/93
MikroTik 2008 60
A stub area is an areawhich does notreceive AS externalroutes.
Typically all routes toexternal AS networkscan be replaced byone default route. -
this route will becreated automaticallydistributed by ABR
Stub area (2)
-
7/28/2019 Routing Training Course
61/93
MikroTik 2008 61
Inject Summary LSA option allows to collect
separate backbone or other area router LinkState Advertisements (LSA) and inject it to thestub area
Enable Inject Summary LSA option only onABR
Inject Summary LSA is not a routeaggregation
Inject Summary LSA cost is specifiedbyDefault area cost option
Not-So-Stubby Area (NSSA)
-
7/28/2019 Routing Training Course
62/93
MikroTik 2008 62
NSSA is a type ofstub
area that is able totransparently inject ASexternal routes to thebackbone.
Translator role optionallow to control whichABR of the NSSA area
will act as a relay fromASBR to backbonearea
OSPF AS
-
7/28/2019 Routing Training Course
63/93
MikroTik 2008 63
Virtual Link
ASBR
area-id=0.0.0.1
area-id=0.0.0.0
area-id=0.0.0.2 area-id=0.0.0.3
NSSA Stub
defaultdefault
Area Type Lab
-
7/28/2019 Routing Training Course
64/93
MikroTik 2008 64
Set your area type to stub
Check your routing table for changes!
Make sure that default route redistribution on
the ABR is set to never
Set Inject Summary LSA option
on the ABR to enableon the IR to disable
Passive interfaceIt i t
-
7/28/2019 Routing Training Course
65/93
MikroTik 2008 65
Passive option allow you to disable OSPFHello protocol on client interfaces
It is necessary toassign clientnetworks to thearea or else stubarea will consider
those networks asexternal.
It is a securityissue!!!
Area Ranges
-
7/28/2019 Routing Training Course
66/93
MikroTik 2008 66
Address ranges are used to aggregate
(replace) network routes from within the areainto one single route or delete them
It is possible toassign specific
cost toaggregate route
Route Aggregation Lab
-
7/28/2019 Routing Training Course
67/93
MikroTik 2008 67
Advertise only one 192.168.Z.0/24 route
instead of four /26 (192.168.Z.0/26, 192.168.Z.64/26,192.168.Z.128/26, 192.168.Z.192/26) into the backbone
Stop advertising backup network to the
backboneCheck the Main AP's routing table
Summary
-
7/28/2019 Routing Training Course
68/93
MikroTik 2008 68
For securing your OSPF network
Use authentication keys (for interfaces and areas)
Use highest priority (255) to designated router
Use correct network types for the area
To increase performance of OSPF network
Use correct area types
Use route aggregation as much as possible
OSPF and Dynamic VPN Interfaces
-
7/28/2019 Routing Training Course
69/93
MikroTik 2008 69
Each dynamic VPN interface
creates a new /32 Dynamic, Active, Connected(DAC) route in the routing table when appears
removes that route when disappears
Problems:Each of these changes results in OSPF update, ifredistribute-connected is enabled (update flood inlarge VPN networks)
OSPF will create and send LSA to each VPNinterface, if VPN network is assigned to any OSPFarea (slow performance)
Type stub PPPoE area
-
7/28/2019 Routing Training Course
70/93
MikroTik 2008 70
ABR
PPPoE
server
PPPoE
server
Area type = stub
Area1
~250 PPPoE clients
~ 100 PPPoE
clients
Type default PPPoE area
-
7/28/2019 Routing Training Course
71/93
MikroTik 2008 71
ABRPPPoE
server
PPPoEserver
Area type = default
Area1
~250 PPPoE
clients
~ 100 PPPoE
clients
PPPoE area Lab (discussion)
-
7/28/2019 Routing Training Course
72/93
MikroTik 2008 72
Give a solution for each problem mentioned
previously if used area type is stub
Try to find a solution for each problemmentioned previously if used area type isdefault
OSPF Routing Filters
-
7/28/2019 Routing Training Course
73/93
MikroTik 2008 73
The routing filters may be applied to incoming
and outgoing OSPF routing update messagesChain ospf-in for all incoming routing updatemessages
Chain ospf-out for all outgoing routing updatemessages
Routing filters can manage only external OSPFroutes (routes for the networks that are not
assigned to any OSPF area)
Routing Filters
-
7/28/2019 Routing Training Course
74/93
MikroTik 2008 74
Routing Filters and VPN
-
7/28/2019 Routing Training Course
75/93
MikroTik 2008 75
It is possible to create a routing filter rule to
restrict all /32 routes from getting into the OSPF
It is necessary to have one aggregate route tothis VPN network :
By having address from the aggregate VPNnetwork to the any interface of the router
Suggestion: place this address on the interface whereVPN server is running
Suggestion: use network address, the clients will not beable to avoid your VPN service then
By creating static route to the router itself
Routing filters Rule
-
7/28/2019 Routing Training Course
76/93
MikroTik 2008 76
-
7/28/2019 Routing Training Course
77/93
MikroTik 2008
R o u t i n g a n d p o i n t -t o -p o in t
i n t e r f a c eVLA N , IP I P , EO IP ,p o i n t -t o -p o i n t a d d r e s s i n g
Virtual LAN (802.1Q)
-
7/28/2019 Routing Training Course
78/93
MikroTik 2008 78
Virtual LAN (VLAN) allows network devices tobe grouped into independent subgroups even ifthey are located on the same LAN segment
For routers to communicate the VLAN ID must
be the same for VLAN interfacesPorts on the router supports multiple (up to250) Virtual LANs on a single ethernetinterface
VLAN can be configurated over other VLANinterface - Q-in-Q (from 802.1Q)
VLAN Example
-
7/28/2019 Routing Training Course
79/93
MikroTik 2008 79
vlan1: 1.1.1.1/24
Any EthernetNetwork
vlan2: 2.2.2.1/24vlan3: 3.3.3.1/24
1.1.1.0/242.2.2.0/24
3.3.3.0/24
Creating VLAN Interface
-
7/28/2019 Routing Training Course
80/93
MikroTik 2008 80
VLAN on Switch
-
7/28/2019 Routing Training Course
81/93
MikroTik 2008 81
VLAN-compliant switch ports can be assigned
to one or several groups based on VLAN tag
Switch port in each group can be set to
Tagged mode allows to add group's VLAN tag on
transmit and allows to receive frames with this tagUntagged mode allows to remove this groupVLAN tag on transmit, and allows to receive onlyuntagged packets
port have no relation to this group
Trunk port - tagged port for several VLANgroups
VLAN Lab
-
7/28/2019 Routing Training Course
82/93
MikroTik 2008 82
Restore default backup
Create the group of 4
Connect together using wireless - one AP, 3clients
Create VLAN link to each participant
Assign /30 networks to VLAN links and checkthem
IPIP
-
7/28/2019 Routing Training Course
83/93
MikroTik 2008 83
IP protocol 4/IPIP allows to create tunnel by
encapsulating IP packets in IP packets andsending over to another router
IPIP is Layer-3 tunnel it can not be bridged
RouterOS implements IPIP tunnels accordingto RFC 2003 it should be compatible withother vendor IPIP implementations
To create a tunnel you must specify address of
the local and remote router on both sides of thetunnel
Creating IPIP Interface
-
7/28/2019 Routing Training Course
84/93
MikroTik 2008 84
IPIP Lab
-
7/28/2019 Routing Training Course
85/93
MikroTik 2008 85
Replace all VLANs (from previous lab) with IPIP
tunnels
Check that you are able to ping remote addressbefore creating a tunnel to it
Assign /30 IP addresses (from previous lab) toIPIP interfaces and check all tunnels
/30 AddressingP2P int2: 2 2 2 2/30
-
7/28/2019 Routing Training Course
86/93
MikroTik 2008 86
Tunnel1: 1.1.1.1/30
Any IPnetwork
(LAN, WAN, Internet)Tunnel2: 2.2.2.1/30
Tunnel3: 3.3.3.1/30
P2P_int3: 3.3.3.2/30P2P_int2: 2.2.2.2/30
P2P_int1: 1.1.1.2/30
Point-to-point Addressing
P i t t i t dd i tili l t IP
-
7/28/2019 Routing Training Course
87/93
MikroTik 2008 87
Point-to-point addressing utilizes only two IPs
per link while /30 utilizes four IPs
There is no broadcast address, but networkaddress must be set manually to the opposite IP
address. Example:Router1: address=1.1.1.1/32, network=2.2.2.2
Router2: address=2.2.2.2/32, network=1.1.1.1
There can be identical /32 addresses on the
router each address will have differentconnected route
Point-to-point Addressing
P2P int3: 4 4 4 4/32P2P int2: 3 3 3 3/32
-
7/28/2019 Routing Training Course
88/93
MikroTik 2008 88
P2P_int1: 1.1.1.1/32Any IP network(LAN, WAN, Internet)P2P_int2: 1.1.1.1/32
P2P_int3: 1.1.1.1/32
P2P_int3: 4.4.4.4/32P2P_int2: 3.3.3.3/32
P2P_int1: 2.2.2.2/32
Network: 1.1.1.1Network: 1.1.1.1
Network: 1.1.1.1
Network: 2.2.2.2
Network: 3.3.3.3
Network: 4.4.4.4
Addressing Lab
R l ll /30 dd IPIP i t f
-
7/28/2019 Routing Training Course
89/93
MikroTik 2008 89
Replace all /30 addresses on IPIP interfaces
(from previous lab) with /32 point-to-pointaddresses.
Ensure that every other participant will be able
to ping you by IP address XY.XY.XY.XY via allIPIP tunnels
Analyse how much IP addresses were utilizedon IPIP tunnels for whole group setup!
Ethernet Over IP (EOIP) Tunnel
IP protocol 47/GRE allo s to create t nnel b
-
7/28/2019 Routing Training Course
90/93
MikroTik 2008 90
IP protocol 47/GRE allows to create tunnel by
encapsulating Ethernet frames in IP packetsand sending over to another router
MikroTik proprietary protocol
EOIP is Layer-2 tunnel it can be bridged
To create a tunnel you must specify remoterouter's address and choose unique Tunnel ID
Check that your EOIP interface have differentMAC-address than on opposite side.
Creating EoIP Tunnel
-
7/28/2019 Routing Training Course
91/93
MikroTik 2008 91
EOIP and Bridging
-
7/28/2019 Routing Training Course
92/93
MikroTik 2008 92
Any IP network(LAN, WAN, Internet)
Bridge
Local network192.168.0.101/24 - 192.168.0.255/24
Local network192.168.0.1/24 - 192.168.0.100/24
Bridge
EoIP Lab
Replace all IPIP tunnels (from previous lab) with
-
7/28/2019 Routing Training Course
93/93
MikroTik 2008 93
Replace all IPIP tunnels (from previous lab) with
EOIP tunnelsCheck that you are able to ping remote addressbefore creating a tunnel to it
Bridge all EoIP interfaces with local interfaceCheck Winbox Loader neighbour discoveryfeature (... button)
top related