I am working on integrating mikrotik routers into my network. The core router is a Riverstone, to date it has been the only router with the rest of the network being switched. I am installing new access points, and I want to have them running off the mikrotik with PPPoE. Here's what I want:

[provider] - We have three Class-C networks of Public IPs assigned to us

{default gateway}

[riverstone] - Our core router, runs NAT and has directly connected networks of private and public IPs, uses default gateway to our upstream provider. Two of the Class-C public ranges are used on the riverstone's networks

{ospf}

[RB1000 w/ v4.5] - Runs user manager, planning on running PPPoE over vlans to our access points. I want to be able to assign addresses from our third Class-C as needed and run NAT for the bulk of customers.

{PPPoE}

[subscribers] - Using a consumer router (D-Link, Netgear, TrendNet, etc) as PPPoE client.

So the problem I'm having is using that last Class-C of public IPs on the mikrotik. When they are used on the mikrotik, they are advertised over OSPF and have access to our network, but they don't go out to the internet. It seems as if the riverstone is not advertising it's default route over OSPF. If I configure a default route between the RB1000 and the Riverstone, I'm able to get out on the internet. But I'm thinking that's not the best way. Am I missing something in the config to get this riverstone to advertise the route to our upstream provider?

I've read and read, but I'm getting hung up. Any help?

In ospf configuration set distribute-default=if-installed-as-type1 or 2

Late yesterday I found the redistribute command in the Riverstone “RapidOS”, wasn’t under OSPF like I thought it would be:

ip-router policy redistribute from-proto static to-proto ospf network default

I have one-way connectivity now, I can ping TO my IPs from an external network, but not FROM them out to the internet. I’m not sure if that command is what I need, as the static route / default gateway is configured on the Riverstone not the Mikrotik.

The route table in my Mikrotik shows this:

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADo 0.0.0.0/0 10.0.4.1 110

When a request hits the riverstone from the outside, it correctly hands off to the mikrotik it seems.

Outbound traceroute shows a hit on the riverstone, so I'm thinking the config on the mikrotik is ok, but the RS is not sending that traffic out the default route. Why, I don't know.

Ok, this is still driving me nuts.

The routing table in my Mikrotik shows a dst 0.0.0.0/0 with the gateway 10.0.4.1 (the RS). The riverstone seems to be advertising that default route properly.

If I do a traceroute when attached to the mikrotik, I get a timeout at the riverstone:
MacBook-Pro:~ pgerst$ traceroute 4.2.21
traceroute to 4.2.21 (4.2.0.21), 64 hops max, 52 byte packets
1 x.x.x.1 (x.x.x.1) 0.935 ms 0.255 ms 0.256 ms — The Mikrotik, where x.x.x.1/24 as a directly attached network of public IPs.
2 10.0.4.1 (10.0.4.1) 0.616 ms 0.504 ms 0.561 ms — The Riverstone
3 * * *

Yet, I can ping in to x.x.x.1 (and my laptop at .2) from an external network.

I just don’t get why this isn’t bidirectional! I understand that if it’s an issue with the riverstone that you folks won’t be able to help with the syntax, but am I missing something here?

do you advertise connected routes to your gateway?

in ping too you can set src-address for ping to check what happens when you ping with set address to see, what is routed and what is not.

I found the trouble actually. Wasn’t a default gateway issue or anything to do with the Riverstone.

I thought I had removed the default configuration off the router I was using, but apparently there was still a NAT rule that was stopping me. I wiped the configuration on the router and started over and everything works.

I’ve loaded a few customers on the router as test subjects and it seems to be working great. Should be part of our regular production environment soon.