OSPF - Mikrotik to a Cisco router - a little help please

RouterOS Forwarding Protocols
1

Sorry if this is clearly documented somewhere - I just can’t find it. So I thought I would ask for some help please.

I use OSPF between my Cisco routers all of the time. I am trying to get a test x86 ROS Mikrotik talking OSPF with my Cisco routers. I am failing :frowning:

Here is an example of what I have on a typical Cisco router:
!
interface Vlan33
ip address 192.168.8.29 255.255.255.240
!
router ospf 10
router-id 192.168.8.29
log-adjacency-changes detail
redistribute connected subnets
redistribute static subnets
network 192.168.8.16 0.0.0.15 area 100
default-information originate
!

My Mikrotik has an ip address of 192.168.8.20 /28 (on my ether1)

Could somebody please tell me/show me what to put into the Mikrotik (via terminal) so that the Mikrotik can learn all of the routes from my Cisco router - thank you.

I figure that after I have the basic OSPF up and running on a Mikrotik, then I can begin to understand it more.

I have been trying for 3 days - and I just don’t get it - yet.


Thank you

North Idaho Tom Jones

2

Set the router id
/routing ospf instance set 0 router-id=x.x.x.x
Then add the network
/routing ospf network add network=192.168.8.16/28

That should be enough to get the adjacency.

One thing to bear in mind with Mikrotik is that it doesn’t (to my knowledge) compute link cost automatically. By default, an interface has cost 10 unless you manually create the interface (/routing ospf interfaces add ?) and set the cost manually. If you’re not setting costs proportional to bandwidth, then you’re basically getting the same type of routing decisions that RIP would make (least hops).

As for the Cisco commands you gave, I have a few things to say about what I’ve come to understand is best practice. It’s your network, and you know what your needs are, etc - so if you disagree, feel free to take the forthcoming information with a grain of salt:

Redistribute connected is probably a bad habit to get into.

It’s better to use passive-interface default and then include your interfaces in OSPF. (external routes don’t aggregate the same way that native routes do, and external routes can lead to routing loops, just to name a couple of reasons). This way, interfaces are “inside” ospf like it expects them to be, but it won’t try to form adjacencies. If you DO need an adjancency to form on an interface, then specify no passive-interface FaX/X.

I’m actually a fan of the newer “ospfv3” style syntax that Cisco now supports in OSPFv2.
Instead of defining network statements to activate ospf interfaces, (e.g. network 192.168.0.0 0.0.255.255 area 0) you can just explicitly activate ospf in the interfaces themselves:
interface fa0/1
ip ospf 101 area 0
!

With “passive-interface default” configured in your global ospf settings, all this will do is create the network as an internal network native to OSPF. It won’t send hello packets or form adjacencies on that interface.

Another good habit to get into - filter your redistributed routes by default.

Create a route map (e.g tagged101) that matches some specific tag, I use the same tag as the ospf process ID, so router ospf 101 would look for tag 101. Then instead of just redistribute static subnets, specify “redistribute static subnets route-map tagged101” This gives you finer-grained control over which routes get injected into ospf.

If you create a static route that you want to be injected into OSPF, then use the form “ip route x.x.x.x m.m.m.m y.y.y.y tag 101” You can just leave off the tag 101 if you want to test some route and not make it “global” in your network while you test, or if there’s some local behavior that you want but not to affect your entire routing table.

So originating interface networks as native to OSPF and giving yourself the ability to specify which static routes get injected into ospf, you have full control of your routing table now, and if you split into areas, you will get a lot fewer LSAs bouncing around whenever there is a topology change. (External LSAs go chugging right on through to the backbone regardless)

This is all coming from a reformed redistributor. :slight_smile:

3

Agree with ZeroByte on redistribution. I have done very complex redistribution scenarios and always limit redistribution where I can. Sometimes you can’t avoid it, but you can filter it and give yourself a safety net.

One thing to check on OSPF to Cisco is the instance id in the interface config - it must match on both sides..i’ve seen this trip a number of people up.

This is different than the process id and is contained in the field below under instance-id=:

[admin@MikroTik] > routing ospf interface print detail 
Flags: X - disabled, I - inactive, D - dynamic, P - passive 
 0    interface=ether1 cost=10 priority=1 authentication=none 
      authentication-key="" authentication-key-id=1 network-type=broadcast 
      instance-id=0 retransmit-interval=5s transmit-delay=1s 
      hello-interval=10s dead-interval=40s use-bfd=no

Other things to check on each side for OSPF adjacency are:

Two way communication between routers is possible. Determined by flooding Hello packets.
Interface should belong to the same area;
Interface should belong to the same subnet and have the same network mask, unless it has network-type configured as point-to-point;
Routers should have the same authentication options, and have to exchange same password (if any);
Hello and Dead intervals should be the same in Hello packets;
External routing and NSSA flags should be the same in Hello packets.

http://wiki.mikrotik.com/wiki/Manual:OSPF_Case_Studies#Communication_between_OSPF_routers

I will also add one thing MikroTik does not list but is often found in Cisco OSPF requirements - the L3 MTU must match on each side.

4

OSPF - Mikrotik to a Cisco router - RESOLVED (at least I think it is resolved)

I managed to get OSPF on my ROS x86 box hosted on an ESXi VMware server running and talking to my Cisco routers.

Here is what I found and how I got it running:

  • My Cisco routers use area 100 (aka 0.0.0.100)
  • It appears the Mikrotik OSPF AREA tab in Winbox can not remove or change the default Area-Name “backbone” or change the default Area-ID of 0.0.0.0

To get OSPF on the x86 talking to my Cisco routers I created a new Area-Name called “area100” then set the Area-ID to 0.0.0.100
It came up and started exchanging routes with my Cisco routers.
Then I disabled the OSPF Area Area-Name “backbone” - and it still talks OSPF with my Cisco routers.

So now, I have what appears to be an x86 ROS routing (using OSPF) on multiple 10-gig E1000E network cards internally hosted on ESXi and externally 10-gig throughput from physical box to physical box.

The only minor question I have is: Although I have it disabled, why can I not delete the OSPF Area Area-Name “backbone” with the Area-ID “0.0.0.0” in the ROS ?

North Idaho Tom Jones

5

OSPF requires that there exist an area 0 in your network. That’s the first rule of Fight Club - all traffic goes through area 0 to get to any other area. I think it can work in a network with no area 0 but technically, if you ever do attach a router with an area 0 interface on it, things could get weird.

If your network is all one flat area, then that area should be area 0.

Having backbone area 0 exist in the Areas configuration doesn’t really hurt anything or influence the behavior of the router. The Areas section is simply a set of definitions about what the properties of your areas are - which ones are NSSA, which ones are stub, etc.

It is the Networks menu which tells OSPF what area an interface is a member of.
(e.g. 10.0.0.0/8 → area 10, 192.168.0.0/16 → area 20, 172.16.0.0/16 → area 0)

6

1st - I am not strong with OSPF
2nd - I do have another OSPF network on some other routers that are using area 0 on my Internet live IP facing routers (in front of firewalls) - thus the reason I was wanting to avoid 0 again. My intent is to use area 100 for some inside natted networks behind firewalls.
3rd - I am trying to have the option of combining two different OSPF networks for inside and outside on some of the same routers in the future.

Thanks - I do appreciate all the help and tips.

North Idaho Tom Jones

7

Fair enough. All the more reason to share as much conceptual information as possible, right?

Just remember that a different area doesn’t filter routes the way eBGP does - areas basically create aggregates and limit the scope of LSA flooding for types 1 and 2. Even with areas, the entirety of the OSPF domain will be considered a single routing table - so if you’re looking to have two relatively independent regions which only leak certain controlled information, this should be done using entirely separate OSPF instances with filtered redistribution between them. That’s actually the way my current employer’s network is built - an internal OSPF routing domain and an external one, and very limited re-distribution between them.