Reliable realtime address-list synchronize between mikrotiks

omidkosari · September 9, 2009, 8:06am

Is there any reliable protocol to synchronize Address-List between mikrotiks in realtime ?

mrz · September 9, 2009, 8:30am

You can do it with API. Write an application that will log in to routers and sync their address lists.

brotherdust · September 13, 2009, 8:40am

I may be interested in programming something like this, if there is interest in it. Gotta be worth the time, though!

doush · September 13, 2009, 10:00am

Even Better is to do something like this to the IP pools

Chupaka · September 13, 2009, 3:45pm

omidkosari, do you already synchronize? =)

if not, what kind of synchronization do you need?

dssmiktik · September 13, 2009, 7:30pm

you do /ip firewall address-list export file=address-list on source router, then

/tool fetch address= src-path=address-list.rsc dst-path=address-list.rsc
/import address-list.rsc

on the destination router. This seems to work good for static entries, but I haven’t found a way to capture dynamic entries to file (I could make them static, but I need them to time out after specified time).

Chupaka · September 13, 2009, 8:28pm

yeah! MT guys, is it possible to add an ability to create dynamic entries in address lists? or at least (for a start) to determine expiry time of entry…

omidkosari · September 14, 2009, 7:42am

Yes i have tried some kind of syncs like a schedule program but i have dynamic address-list gotten via RADIUS so they should be in realtime . so the problem is that the program should be a service (which may have its own problems) and not a schedule type program like mine . and another problem is that i think if we want to sync address-lists via an external program it will made high load on mikrotik because it should always keep eyes on mikrotiks and assume we have long address-lists .

The expire time does not work in my situation because the Dynamic Address-List create right when user authenticates via radius so if it expires there is not a normal way to recreate it and radius does not advertise it in each packet .

Chupaka · September 14, 2009, 7:50am

not a service, just continually running program

no. you just connect via API, execute ‘/print =follow=’ (or something) command - and RouterOS will send you all changes in lists. almost no load at all

omidkosari · September 14, 2009, 8:09am

But it does not show Address List removes. it just shows when an address added to address list . am i right ? so how we can determine when an address removes from address list ?

janisk · September 14, 2009, 8:12am

to see changes you can run just 1 command:

/ip/firewall/address-list/print
=follow=1
.tag=adr

as result you will have to keep address list with router *ID numbers, and then you will see ID when address is added, and when address expires, it will show up as

!re
=.id=*5
=.dead=true
.tag=adr

happy syncing