I need to automatize backup of a /29 subnet routed via 2 PPPoE link.
The scenario:
Many PPPoE Server provide PPPoE tunnel to Customers
OSPF active beetwen CISCO (front end) and PPPoE Servers
Customer router have 2 PPPoE link, primary and backup, whit /29 subnet routed
all PPPoE links are always active, but only primary use /29 subnet
PPPoE tunnels can be opened on any of PPPoE servers (not server-locked for failover)
a RADIUS provide same FRAMED_ROUTE attribute for the two tunnels, but whit an higger
administrative distance for backup link (like 200)
when primary link fail, /29 subnet will be routed via backup link (and viceversa)
No problem if the two tunnels are opened on same PPPoE Server, OSPF redistribute to CISCO
only one route for /29 subnet, and PPPoE Server route to primary (lower distance)… al work fine
When the two tunnels are opened on different PPPoE Servers, the OSPF redistibute to CISCO two
entry for /29 subnet, with same distance but two gateway (PPPoE Servers)…
I played whit Routing Filters, matching backup route (like “match all route with distance 200”),
but I cannot change any usefull attribute (like metric) in Actions…
A possible solution can be use “Set Route tag” Actions and configure CISCO (if possible, like ACL/NET MAP?)
to change metric/cost in OSPF input routes… to have onlyone an entry in route table for /29 subnet.
Mikrotik seems to have some strange behavior about ignoring OSPF routes when potentially redistributing the same destination.
If you have dedicated “Backup pppoe servers” - i.e. router3 is ONLY a backup router for anyone connecting to it, then you could have it redistribute routes as type 2, and have the primary redistribute it as type 1 which is ALWAYS preferable to a type 2.
But I agree - if the static route from AAA is distance 200, that static route should stay inactive as long as the OSPF (distance 120) announcement from the primary router is active. I bet this is another broken ROS behavior where it completely ignores OSPF prefixes that match anything it’s currently redistributing into OSPF, where it should listen and if a better route comes in on OSPF, then it should STOP redistributing and START using the OSPF route instead.
I cannot setup “static” backup PPPoE Server. All PPPoE Servers can be master or slave for customer for full ridodancy.
But I agree - if the static route from AAA is distance 200, that static route should stay inactive as long as the OSPF (distance 120) announcement from the primary router is active. I bet this is another broken ROS behavior where it completely ignores OSPF prefixes that match anything it’s currently redistributing into OSPF, where it should listen and if a better route comes in on OSPF, then it should STOP redistributing and START using the OSPF route instead.
If the two PPPoE tunnel are opened on the same PPPoE Server, “secondary” route remain inactive on this router and OSPF redistribute to CISCO only a route.
That’s because the router will create two static routes, and one will have a worse administrative distance, and the Mikrotik will disable the one with the longer distance, and then only the winner gets distributed into OSPF.
I think dividing your pppoe servers into primary and backup roles is going to be the only option for you since you can’t specify an OSPF metric in the routing filters.
You are right, but, at moment, all PPPoE Servers must be primary and backup at same time.
Primary and backup is associated to customer side.
So I need alternative solution, like send some “information” to CISCO (like “route tag”),
so OSPF running on CISCO discard backup route when primary is active.
Another way is iBGP, but I not experience…
Or Mikrotik could fix the behavior of the OSPF redistribution function.
Also - it would be nice if routing filters allowed you to set the cost metric when redistributing routes into OSPF…
I wouldn’t recommend BGP for this - it’s not well-suited as an interior routing protocol.
iBGP will keep the “next hop” intact by default, so you’d want to make sure that the pppoe servers were sending next-hop=self (I forget the exact option in Mikrotik, but you get the idea)
You could make it work, but it’s a pretty hefty length to go to for a workaround.
What about using “service-name” on your PPPoE Clients?
You could setup a new PPPoE Server instance (or add another routerboard) with different service names and then reconfigure your clients with two service names for primary/backup PPPoE link, then change OSPF instance redistribute options on backup PPPoE Servers. This would allow to migrate clients one by one with almost no service interruption.
True, but now any PPPoE server can be primary and secondary at same time because we have different tecnologies and we need to garantee full backup
(suppose two tecnologies like ADSL and WiMax, we can have ADSL to backup WiMax or WiMax to backup ADSL…)
So I need to change NOC topology and make one primary server (no failover ) or.. add more OSPF instance whit different redistribute options for different networks…
Leonset’s suggestion has much merit. If you have servers with a service name BACKUP and put them in the same locations as the primary servers, then any backup pppoe session can be configured to use the service name BACKUP and they will only connect with the BACKUP servers.
You draw four PPPoE Servers, why not use 3 as primaries and 1 as backup? The backup PPPoE server will have increased metrics, so OSPF will only use it when no primary publishes a route. Client availability will be redundant, primary servers are redundant and will share the load in a 1/3 ratio which is good. What if backup fails? Well, it’s just a backup, system must be able to withstand such failure (at first sight seems to me that it will)… but routerboards aren’t that expensive, so at some point you’ll be able to add more backup servers and enjoy some stressless sleeping (if such thing exists! )
At this time, i implemented eBGP to redistribute ONLY Static subnets (on NASs)
Each NAS have a private AS, like AS65001,AS65002,…
The two Cisco 2951 have public AS.
)