So I have installed a cloud router switch, which is the first Mikrotik device/router I am configuring and on top of that, I am not a network engineer with my only experience coming from homelabbing. Basically, I had the smart idea of colocating some of my equipment in a datacenter which is what I am using the CRS for. My colo provider provided me with a /27 set of ips. In the quick config, I gave the router a IP address which works (I am able to ping and access it, and I am using wireguard). I have a hypervisor that I will be creating VMs in. The hypervisor allows me to enter a pool of IPs to use so it could automatically assign a static IP from that pool to a server (also I need to give the hypervisor an IP as well). I am basically stumped on how to assign (or rather make available) a pool of IPs to the hypervisor that is connected directly to the router. The router seems to have picked up the IP I defined just fine. I tried doing a DHCP server using the pool of static IPs on an older config and when installing ubuntu server on one of my servers, it seemed to have pulled an IP and get internet as it asked to update the installer but I since have cleared that config as I ran into issues, and that I don’t think I want to do DHCP but I want the server to be able to use the addresses for manual assignment. Any ideas on how to accomplish this? Would it be just a question of making sure the configuration on the device side is right?
Also all of my LAN ports are on a bridge (aside from the WAN port).
It’ll depend on how your upstream provider routes IPs from this range to you.
Do they route the subnet to another IP you have configured on your router? → Use regular routing. This is the most elegant solution.
Does your ISP’s router expect all hosts using IPs from the subnet to reply to ARP directly on the network?
NAT (as mentioned above: Destination NAT plus Source NAT in that combination sometimes called 1:1 NAT)
Use a bridge (no routing or firewalling happening in that case, basically relegating the router to be a switch, your hosts will be directly on the same network with your ISP router)
Proxy ARP (may still need SNAT on the return path for packets not to appear to be coming from the router (masquerade). It’s a bit of a hack, might just use NAT there anyway)
2 and 3 allow you to configure the external IP directly on the host if that is important to you, with 2 you would use internal IPs that are NATed.
Using as a bridge was something I was going to do before but I wanted to lock down IPMI stuff behind a VPN, and if possible, want to do firewalling. I made a diagram of what I want to achieve.
If the CRS is already using an IP from the provider does the provider route the /27 to that IP or is the /27 on-link (i.e. not routed to you)? If you do not know how to tell or (test for yourself) the difference it’s easiest to ask your ISP how they set this up.
Depending on how easy your ISP is to work with I would definitely ask them to route the /27 onto your already existing IP. That will make your setup much cleaner as now you’re dealing with simple routing without NAT or Proxy ARP hackery.
They mentioned it’s routed the port we plugged into. They did give us a gateway ip address which is what I entered as the gateway on the quick config. Should I use the provided gateway ip address for the router instead from the IP we used from the pool?
For reference, this is the details they gave us
.64 is the network,
.65 is gateway. I am on my phone so it was hard to block it out sorry
Is .65 an IP that the ISP uses for the gateway or does the ISP expect you to set up a gateway at that IP address to handle any traffic going to the subnet?
Looks like if I bridge my WAN interface to my main bridge with all the LAN ports, I could set a WAN IP on a host with the above network info given from ISP. Only problem is, my wireguard clients can’t get internet some reason
Hello, please kindly assist with my below issue as i am struggling a bit and i am new to using the MikroTik Cloud Core 16Port Gigabit 2SFP+ 4Core Router | CCR2004 16G-2S+
I have manged to login to the mikrotik router to setup static IP using Winbox, so i’d like to know how can i access the router using IPMI to remotely access the router instead of having to go to the data center and connect directly to the router using my laptop?
