Community discussions

 
User avatar
theWISP
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Fri Sep 12, 2008 4:13 am
Contact:

2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Mon Apr 16, 2018 11:41 pm

Hey Folks!

Im reaching out here for some brainstorming, here is the synopsis:

We have 2 different upstream providers at 2 different geographic locations, lets name them "Provider A" and "Provider B". Both are used at all times (NOT a failover situation)

Each providers respective edge Mikrotik router is set to redistribute default route via OSPF.

Within our network we have a few hundred mikrotik routers, all with multiple paths to either Provider.

All of these routers have private IPs, as well as the wireless clients these routers are responsible for.

Some of these clients require a public IP address to reside on their equipment. Currently, we assign them a Public IP from "Provider A", and then install an EoIP tunnel from their CPE to the edge router at the Provider A pop. This ensures that the clients traffic will flow out the correct and responsible provider. If the EoIP was not in place the client may have a shorter path to Provider B, in which, traffic would flow to the incorrect Provider and then fail.

Our goal is to eliminate the EoIP solution. And instead, allow the routing protocol to ensure that the clients traffic flows out the responsible provider.

Any thoughts?
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 655
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Tue Apr 17, 2018 12:26 am

Would policy routing do what you want?


Sent from my iPhone using Tapatalk
 
User avatar
theWISP
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Fri Sep 12, 2008 4:13 am
Contact:

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Tue Apr 17, 2018 12:32 am

Thanks for the reply!

Thats the way I was leaning too, could you elaborate on how you see that working?
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 655
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Tue Apr 17, 2018 4:11 am

Way too open-ended a question. Last (and only) time I used PBR was seven years ago, when I was transitioning (hot) from a bridged to a routed network. It worked OK for me because the policy was local to each tower (a very small number) and the CPEs connected to it, what I might term a shallow policy environment. Also, at the time, I was not running OSPF; from my understanding, the alternative routing table is under nothing but manual control and so neither benefits from nor suffers interference from OSPF.

You have a deep policy environment, where traffic runs from a CPE through a number of other links and towers before getting to the edge router. That means that all those intermediate stops must understand your PBR rules and route accordingly. Given that you maintain significant redundant links between that CPE and your edge router, the tables and policies can get really complicated.

Being able to to pass mangle information between routers would make this much easier but it isn't possible. (Well, I think there is ONE bit you can pass, which may be enough for your immediate need, but it's sort of a kludge.)

However, it's my understanding that you can approach the same effect with MPLS/VPLS, with which I unfortunately have zero experience. Hopefully, that would solve the problem of the intermediate towers needing to have intimate knowledge of the policies of other towers. I would pursue an understanding of this option before making any decisions.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Tue Apr 17, 2018 9:01 pm

This is what BGP is designed for. OSPF doesn't manage traffic very well when you're trying to take a path that isn't the "shortest"

While this design may not be exactly what you need, it will give you some ideas on the limitations of OSPF and how you can use BGP communities to set up traffic engineering policies that will scale to a large number of subscribers.

I'd definitely move away from EoIP tunnels to manage traffic out both providers, what you want can be done with routing policy.

https://mum.mikrotik.com/presentations/ ... 062656.pdf
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
User avatar
theWISP
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Fri Sep 12, 2008 4:13 am
Contact:

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Tue Apr 17, 2018 9:23 pm

Thanks for the reply! I have seen that presentation, and in fact one of our senior network admins can be seen in the audience of the mum video :D

We actually called IPA yesterday looking for a quick brainstorm session, but your billing model didn't quite apply to our current needs, and the inbound calling on the pbx resulted in a disconnect. In any case, I VERY much appreciate your time in replying to this thread.

Getting away from EoIP is the whole reason for this post, it was something we NEVER liked doing, and still cringe each time we have to do it.

Where the case for a TF via BGP and OSPF is pretty cool, I am not sure if its an approach best used in this case (which may simply be because of how i've understood it). There is no need at this point to engineer load in a different way than we currently do, nor do we want all traffic to flow in a certain path. Is the suggestion your providing to create a TF from all AP points to provider A, and then routing based on a policy?

Again, we essentially want to modify an IP transactions next hop based on src-ip.
 
User avatar
theWISP
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Fri Sep 12, 2008 4:13 am
Contact:

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Tue Apr 17, 2018 9:32 pm

Could we mark/tag an incoming transaction at the AP if its from a specific src IP with the intended dst, then mangle the dst to be the provider A responsible router. Then at that provider A router, read that tag/mark which contains the intended dst, and mangle the dst back to its original?

Or is this a cpu heavy workaround delaying the inevitable move to iBGP?
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: 2 Upstream Providers/OSPF Internal/How to force a client out a specific provider?

Wed Apr 18, 2018 5:52 pm

No problem...glad you connected with someone. A large part of the IPA sales team has been travelling for the European, US and Mexico MUMs so that could be why you had an issue via phone - although it still shouldn't happen and I'll pass it along to the sales team :-)

There are two issues that plague most designs that rely heavily on policy routing as we've consulted on a number of them

1) They often break during failover
2) They don't scale well

There is a protocol called segment routing which is kind of the next generation of MPLS TE and is really what you're after but MikroTIk doesn't support it yet. I would strongly consider either an eBGP or iBGP design possibly with Communities and MPLS TE depending on your needs. You'll be able to scale far easier and failover will be more predictable.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com

Who is online

Users browsing this forum: No registered users and 7 guests