We have an OSPF network which works for us with a single exit point by distributing the default route. What we want to do is have multiple exit points on the network and route different endpoints accordingly.
These endpoints are PPPoE clients and we’re using Mikrotiks for everything at the moment (Routing, PPPoE Server, PPPoE Clients and User-Man) although we’re happy to swap to DMA Radius if it will help any.
I have the diagram below of what we want to achieve. I’ve looked at VRFs in different VLANs each with their own OSPF, attaching PPP Profiles to bridges in the Mikrotik attached to VLANs, trying to mangle based on source address and therefore mark packets, etc. All of which look like they might work with enough configuration but I could do with some guidance.
OSPF-TwoExits-V1.jpg
Many Thanks
You really can’t do source-based policy routing in traditional OSPF environment because IP forwarding only looks at the destination, and putting policy routes everywhere doesn’t scale with your network. Probably the best thing to do for scalability would be to enable MPLS and at the access routers, set the default GW with static routes to be the loopback IP of the gateway router you want them to use. Then the LSP will take over and forward the packets to that router, without all of the middle routers needing to have the same policy.
I’ve not implemented an MPLS network before so I was hoping OSPF might have been the answer. But OK, I have done a fair bit of reading already about how I’d go about MPLS. Can I set those gateways etc. all through User-Man (or RADIUS) so that the core network is all the same, all edge routers have the same settings etc. and just our RADIUS settings change per user ?
Are there any downsides to using MPLS at this stage and is there anything else I should explore first ?
MPLS has its challenges - I’ve only ever used it in lab scenarios. It’s easy enough to activate it and use it but my fear about putting it into production was that if there was any troubleshooting to be done, then it would take longer to find out something that would be easy to spot for someone with experience.
If you wanted to do it without MPLS then VRFs would work, but that would limit your flexibility.
I suggest getting a lab fired up in GNS3 with CHR routers (I’ve had the most success with CHR running on virtualbox in GNS3) and/or a pile of real routers if you have several laying around. As IPANetEngineer would tell you, the first big “gotcha” with MPLS is making sure that you have sufficient MTU across your network to carry the extra header bytes.
As for the question about putting the different routing policies into the customers’ RADIUS profiles, I think you’d have to split it up based on the access router (i.e. router A goes to GW A, and router B goes to GW B, and router C goes to GW A), unless you wanted to implement policy routing on the access routers and apply the various policies in profiles. I don’t think you could just say “default GW = border router A” on a customer device and have MPLS miraculously get the packets there because the customers’ devices aren’t speaking MPLS.