I need to automatize backup of a /29 subnet routed via 2 PPPoE link.

The scenario:

1) Many PPPoE Server provide PPPoE tunnel to Customers
2) OSPF active beetwen CISCO (front end) and PPPoE Servers
3) Customer router have 2 PPPoE link, primary and backup, whit /29 subnet routed
4) all PPPoE links are always active, but only primary use /29 subnet
5) PPPoE tunnels can be opened on any of PPPoE servers (not server-locked for failover)
6) a RADIUS provide same FRAMED_ROUTE attribute for the two tunnels, but whit an higger
administrative distance for backup link (like 200)
7) when primary link fail, /29 subnet will be routed via backup link (and viceversa)



No problem if the two tunnels are opened on same PPPoE Server, OSPF redistribute to CISCO
only one route for /29 subnet, and PPPoE Server route to primary (lower distance)... al work fine

When the two tunnels are opened on different PPPoE Servers, the OSPF redistibute to CISCO two
entry for /29 subnet, with same distance but two gateway (PPPoE Servers)...

I played whit Routing Filters, matching backup route (like "match all route with distance 200"),
but I cannot change any usefull attribute (like metric) in Actions...
A possible solution can be use "Set Route tag" Actions and configure CISCO (if possible, like ACL/NET MAP?)
to change metric/cost in OSPF input routes... to have onlyone an entry in route table for /29 subnet.

It's a good way?
Other suggestios?

Best regards.

have you tried the check-gateway feature? it should enable and dissable default routes if its unavalible

Mikrotik seems to have some strange behavior about ignoring OSPF routes when potentially redistributing the same destination.

If you have dedicated "Backup pppoe servers" - i.e. router3 is ONLY a backup router for anyone connecting to it, then you could have it redistribute routes as type 2, and have the primary redistribute it as type 1 which is ALWAYS preferable to a type 2.

But I agree - if the static route from AAA is distance 200, that static route should stay inactive as long as the OSPF (distance 120) announcement from the primary router is active. I bet this is another broken ROS behavior where it completely ignores OSPF prefixes that match anything it's currently redistributing into OSPF, where it should listen and if a better route comes in on OSPF, then it should STOP redistributing and START using the OSPF route instead.

Thanks for your answer.

Mikrotik seems to have some strange behavior about ignoring OSPF routes when potentially redistributing the same destination.

If you have dedicated "Backup pppoe servers" - i.e. router3 is ONLY a backup router for anyone connecting to it, then you could have it redistribute routes as type 2, and have the primary redistribute it as type 1 which is ALWAYS preferable to a type 2..

I cannot setup "static" backup PPPoE Server. All PPPoE Servers can be master or slave for customer for full ridodancy.

But I agree - if the static route from AAA is distance 200, that static route should stay inactive as long as the OSPF (distance 120) announcement from the primary router is active. I bet this is another broken ROS behavior where it completely ignores OSPF prefixes that match anything it's currently redistributing into OSPF, where it should listen and if a better route comes in on OSPF, then it should STOP redistributing and START using the OSPF route instead.

If the two PPPoE tunnel are opened on the same PPPoE Server, "secondary" route remain inactive on this router and OSPF redistribute to CISCO only a route.

have you tried the check-gateway feature? it should enable and dissable default routes if its unavalible

Is not this case...

If the two PPPoE tunnel are opened on the same PPPoE Server, "secondary" route remain inactive on this router and OSPF redistribute to CISCO only a route.

That's because the router will create two static routes, and one will have a worse administrative distance, and the Mikrotik will disable the one with the longer distance, and then only the winner gets distributed into OSPF.

I think dividing your pppoe servers into primary and backup roles is going to be the only option for you since you can't specify an OSPF metric in the routing filters.

I think dividing your pppoe servers into primary and backup roles is going to be the only option for you since you can't specify an OSPF metric in the routing filters.

You are right, but, at moment, all PPPoE Servers must be primary and backup at same time.
Primary and backup is associated to customer side.
So I need alternative solution, like send some "information" to CISCO (like "route tag"),
so OSPF running on CISCO discard backup route when primary is active.
Another way is iBGP, but I not experience...

Or Mikrotik could fix the behavior of the OSPF redistribution function.
Also - it would be nice if routing filters allowed you to set the cost metric when redistributing routes into OSPF...

Or Mikrotik could fix the behavior of the OSPF redistribution function.
Also - it would be nice if routing filters allowed you to set the cost metric when redistributing routes into OSPF...

Sure, but I think that... it's more fast if I learn BGP

I wouldn't recommend BGP for this - it's not well-suited as an interior routing protocol.
iBGP will keep the "next hop" intact by default, so you'd want to make sure that the pppoe servers were sending next-hop=self (I forget the exact option in Mikrotik, but you get the idea)

You could make it work, but it's a pretty hefty length to go to for a workaround.

I wouldn't recommend BGP for this - it's not well-suited as an interior routing protocol.
iBGP will keep the "next hop" intact by default, so you'd want to make sure that the pppoe servers were sending next-hop=self (I forget the exact option in Mikrotik, but you get the idea)

You could make it work, but it's a pretty hefty length to go to for a workaround.

Tnx, I will update

What about using "service-name" on your PPPoE Clients?

You could setup a new PPPoE Server instance (or add another routerboard) with different service names and then reconfigure your clients with two service names for primary/backup PPPoE link, then change OSPF instance redistribute options on backup PPPoE Servers. This would allow to migrate clients one by one with almost no service interruption.

What about using "service-name" on your PPPoE Clients?

You could setup a new PPPoE Server instance (or add another routerboard) with different service names and then reconfigure your clients with two service names for primary/backup PPPoE link, then change OSPF instance redistribute options on backup PPPoE Servers. This would allow to migrate clients one by one with almost no service interruption.

True, but now any PPPoE server can be primary and secondary at same time because we have different tecnologies and we need to garantee full backup
(suppose two tecnologies like ADSL and WiMax, we can have ADSL to backup WiMax or WiMax to backup ADSL...)

So I need to change NOC topology and make one primary server (no failover ) or.. add more OSPF instance whit different redistribute options for different networks...

Leonset's suggestion has much merit. If you have servers with a service name BACKUP and put them in the same locations as the primary servers, then any backup pppoe session can be configured to use the service name BACKUP and they will only connect with the BACKUP servers.

Leonset's suggestion has much merit. If you have servers with a service name BACKUP and put them in the same locations as the primary servers, then any backup pppoe session can be configured to use the service name BACKUP and they will only connect with the BACKUP servers.

Yes, this is best choice.
But, at this time, I cannot or I lose redundacy. i need to change NOC topology adding more RB.

Leonset's suggestion has much merit. If you have servers with a service name BACKUP and put them in the same locations as the primary servers, then any backup pppoe session can be configured to use the service name BACKUP and they will only connect with the BACKUP servers.

Yes, this is best choice.
But, at this time, I cannot or I lose redundacy. i need to change NOC topology adding more RB.

You draw four PPPoE Servers, why not use 3 as primaries and 1 as backup?  The backup PPPoE server will have increased metrics, so OSPF will only use it when no primary publishes a route. Client availability will be redundant, primary servers are redundant and will share the load in a 1/3 ratio which is good. What if backup fails? Well, it's just a backup, system must be able to withstand such failure (at first sight seems to me that it will)... but routerboards aren't that expensive, so at some point you'll be able to add more backup servers and enjoy some stressless sleeping (if such thing exists! )

Leonset's suggestion has much merit. If you have servers with a service name BACKUP and put them in the same locations as the primary servers, then any backup pppoe session can be configured to use the service name BACKUP and they will only connect with the BACKUP servers.

Yes, this is best choice.
But, at this time, I cannot or I lose redundacy. i need to change NOC topology adding more RB.

You draw four PPPoE Servers, why not use 3 as primaries and 1 as backup?  The backup PPPoE server will have increased metrics, so OSPF will only use it when no primary publishes a route. Client availability will be redundant, primary servers are redundant and will share the load in a 1/3 ratio which is good. What if backup fails? Well, it's just a backup, system must be able to withstand such failure (at first sight seems to me that it will)... but routerboards aren't that expensive, so at some point you'll be able to add more backup servers and enjoy some stressless sleeping (if such thing exists! 

I agree with, your solution is the same in my mind, but the draw is a simplyfied scenario of my NOC.

Consider also this:
-  NAS 1 and 2 are configured whit L2 "aggregation", VLAN and PPPoE server,
 - NAS 3 and 4 as L3 "aggregation" and L2TP server (so I need to replicate
   all configurations on all NAS and also all physical connections!)
-  customers need two (or more) connections primary and backup in active/active mode.

This project is a bit complex.
I need that OSPF propagate routes considering metric/adminstrative distance that AAA pass via login.

I will update on my new topology

But if anyone have some suggestions...

which cisco router do you use ?

which cisco router do you use ?

Two CISCO 2951.


At this time, i implemented  eBGP to redistribute ONLY Static subnets (on NASs)
Each NAS have a private AS, like AS65001,AS65002,....
The two Cisco 2951 have public AS.

So, this sistem work, but it's a poor solution...

which cisco router do you use ?

Two CISCO 2951.


At this time, i implemented  eBGP to redistribute ONLY Static subnets (on NASs)
Each NAS have a private AS, like AS65001,AS65002,....
The two Cisco 2951 have public AS.

So, this sistem work, but it's a poor solution...

Is Cisco 2951 able to handle full BGP routes and can handle like 3Gbps ?

Is Cisco 2951 able to handle full BGP routes and can handle like 3Gbps ?

Yes. (with maxed-out RAM, but the table is growing like a weed these days, so that might not remain true)
No.

Is Cisco 2951 able to handle full BGP routes and can handle like 3Gbps ?

This Router have public BGP peers, but NOT receive full table to reduce overload...