Community discussions

 
spammyduck
newbie
Topic Author
Posts: 36
Joined: Tue Aug 10, 2010 7:25 am

Can someone explain MIKROTIK_ADDRESS_LIST

Mon Nov 24, 2014 8:09 am

Hello all.

I keep seeing this referenced in various posts I've found on the web while researching PPPoE / Mikrotik solutions. From what little I have found on the subject it does away with the need for IP Address Pools but I can't find enough information on exactly what it does, why I would want to use it instead of just creating an IP address pool or how it is different from using an address pool.

Can someone explain exactly what it does and why you would use it ?

thanks!
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1717
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Can someone explain MIKROTIK_ADDRESS_LIST

Mon Nov 24, 2014 9:09 am

Address list (AL) is just address list :-)
The main difference from address pool is that AL could be changed dynamically, addresses could have timout and address from AL could be in the form of x.x.x.x/mask.

Think abou address list as of some kind of macro hiding ip details from rules.
You can also use it to record firewall activity using dynamically created AL with timeouts.
Real admins use real keyboards.
 
spammyduck
newbie
Topic Author
Posts: 36
Joined: Tue Aug 10, 2010 7:25 am

Re: Can someone explain MIKROTIK_ADDRESS_LIST

Mon Nov 24, 2014 4:23 pm

So all it is is a tag sent via radius telling the miktrotik to use use a specific address list from /ip firewall address-list instead of the usual tag telling it what ip Pool to use ?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1717
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Can someone explain MIKROTIK_ADDRESS_LIST

Mon Nov 24, 2014 4:33 pm

Too smart question for me :-) What Radius is ?....just joking ....but I am not using Radius so I could not answer you with this problem.
Real admins use real keyboards.
 
User avatar
nickshore
Member
Member
Posts: 472
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Can someone explain MIKROTIK_ADDRESS_LIST

Mon Nov 24, 2014 5:40 pm

You can use the Radius attribute Mikrotik address List to add the assigned IP, which the PPPoE user gets, into an address list on the PPPoE server.

This allows you to build queue trees using the address list, or setup firewall rules etc.

The IP address which is assigned and then added into the address list is either from the IP pool, or the Framed address sent in the Radius reply.

Hope that helps
Nick.
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
spammyduck
newbie
Topic Author
Posts: 36
Joined: Tue Aug 10, 2010 7:25 am

Re: Can someone explain MIKROTIK_ADDRESS_LIST

Tue Nov 25, 2014 2:32 am

You can use the Radius attribute Mikrotik address List to add the assigned IP, which the PPPoE user gets, into an address list on the PPPoE server..
So this is only good for assigning static IP addresses or can a radius server maintain/track an address pool from which to draw addresses from and send to the mikrotik server ?
This allows you to build queue trees using the address list, or setup firewall rules etc.
I really apologize for being so dense but I thought you could do that with any IP address ? For example we had 4 /27 IP Address Pools on our Mikrotik PPPoE Server and the radius server would pass a "Framed-Pool =" to the mikrotik telling it which of the 4 pools to pull the address from for that particular customer. Then we had a simple queue configured for each of the 4 /27 pools (1Mbps , 2Mbps, 4Mbps and 10Mbps) for rate limiting. I never created any firewall rules for the 4/27 IP address pools but I'm pretty sure I could have.

So I guess I'm saying I still don't understand how an Address List offers any advantage over an address pool. And even if there is some firewall rule or queue I could create for an address LIST that could not create for an address POOL , couldn't I just make an address LIST that has all the exact same addresses as my address POOL ?
The IP address which is assigned and then added into the address list is either from the IP pool, or the Framed address sent in the Radius reply.
Ok I understand the Framed address being sent by the Radius server, we do that for customers with a static IP's but the IP pool you mention here, is that pool maintained on the Mikrotik PPPoE Server or on the Radius Server ?

Again , I apologize for being so dense.
 
User avatar
NathanA
Forum Veteran
Forum Veteran
Posts: 801
Joined: Tue Aug 03, 2004 9:01 am

Re: Can someone explain MIKROTIK_ADDRESS_LIST

Tue Nov 25, 2014 12:58 pm

IP Pool and Address List are not in any way similar or overlapping concepts, nor are they mutually-exclusive with respect to each other. An IP Pool is a collection of addresses available for assignment by various means (PPP, DHCP, Hotspot, etc.), as you already know. An Address List is simply a list of prefixes that can be referenced by firewall, mangle, or NAT rules.

You don't assign IPs out of an Address List. It's just a means of specifying multiple prefixes to be matched for a given firewall rule. Since rules in the firewall/mangle/NAT chains can only reference a single prefix (i.e., either a single host or a single subnet), if you want a single firewall rule to match multiple, non-contiguous prefixes (rather than creating a slew of similar firewall rules that each match different source or destination IPs), you HAVE to use an Address List. Then instead of matching on src-address or dst-address, you match on src-address-list or dst-address-list.

What people in this thread are trying to explain is that you can have RouterOS dynamically and automatically add a new PPP tunnel's address to the Address List of your choice by having your RADIUS server pass a reply attribute ("Mikrotik-Address-List=") to the router that names the address list in question that you want this tunnel's IP added to. Again, this has NOTHING to do with address ASSIGNMENT...you have already either assigned the IP address that you want the tunnel to have explicitly with the "Framed-IP-Address=" attribute, or you have instructed the router to pick the IP address (either by using "Framed-Pool=" as you already are doing, or just omitting that attribute and having the PPPoE service pick addresses from a single pool).

The trick is that once you have such a list, you can then create a mangle rule to match and label all traffic for all of those addresses in the list, and create a single queue that encompasses all of those IPs. The way that you are doing it, where you are using "Framed-Pool=" with separate pools (say, for the sake of example, a /24 each) and then a queue that is applied to each of those subnets also works, but the advantage to using an Address List instead is that the addresses in a list can be non-contiguous. So you don't have to waste an entire /24 (256 addresses) on a service offering that you might only have 50 customers signed up for. It also means that you can collapse all of those pools into a single one and only be required to grow the pool when your total number of customers grows, not when the number of customers signed up for a specific service offering grows.

-- Nathan
 
spammyduck
newbie
Topic Author
Posts: 36
Joined: Tue Aug 10, 2010 7:25 am

Re: Can someone explain MIKROTIK_ADDRESS_LIST

Wed Nov 26, 2014 4:50 am

the advantage to using an Address List instead is that the addresses in a list can be non-contiguous. So you don't have to waste an entire /24 (256 addresses) on a service offering that you might only have 50 customers signed up for. It also means that you can collapse all of those pools into a single one and only be required to grow the pool when your total number of customers grows, not when the number of customers signed up for a specific service offering grows.
-- Nathan
There it is ! That is the thing I wasn't grasping. It never occurred to me that mangle could use address lists. This really useful info for me because I just changed the way we do all the rate limiting (stopped using simple queues and started doing rate limiting on the customer radios) for the exact reason you give - because I was wasting so many IP's having to assign subnets that were larger than I actually needed. The only reason my pools were subnets instead of just a range of IP's was because simple queues would only work with a single ip or a whole subnet.

This may be very useful for me !

Thank you very much !

Who is online

Users browsing this forum: No registered users and 8 guests