Good day,

I have a question,

I'm busy implementing pppoe servers at all my highsites.

The clients connects to the pppoe server and gets a public ip address from the radius server.

Ospf then redistributes that public address, now my issue is, not really a issue but something that bugs me.

I don't want the edge router to recieve ospf routers that is private addresses, only the /32's that is give to the clients. then I dont wan't the access routers to recieve any routes from the edge because their default routes point the the edge router.

I played around with the route filters but found that if i discard lets say 10.0.0.0/8 on the ospf-in if will only discard that prefix and no other routes under that subnet for example 10.1.1.0/30.

Same for the /32 's it will only accept a /24 prefix but not the /32's that make up that subnet.

Is there any way to work around the problem using route filters or maybe bgp?

Routing Filters works more with BGP. You can separate areas of your OSPF domain by several, for ex. 0.0.0.1, 0.0.0.2, 0.0.0.3 and all these will connects to area 0.0.0.0 and then you can create totally stubby area in order to this area can recieve only default route to 0.0.0.0 area.

/routing ospf area add name=edge1 area-id=0.0.0.1 type=stub inject-summary-lsa=no.

https://wiki.mikrotik.com/wiki/Manual:O ... #Stub_Area

But I recommend to you to redistribute PPPoE global addresses with BGP tools. Manage OSPF only for your core network as a transport protocol to redistribute ptp links and your loopbacks.

But I recommend to you to redistribute PPPoE global addresses with BGP tools. Manage OSPF only for your core network as a transport protocol to redistribute ptp links and your loopbacks.

Thanks Anumrak,

I'm still new to the BGP game and this will be a much needed learning experience.

If i get this correct, i create a BGP peer between the edge and tower router using the loopback address on each end.

I assume i will be using iBGP for the peering between all the sites. Then the route to the client will be recursive to what ever route ospf installed for the loopback?

Thanks again for the feedback

You can choose of:
1) Full mesh topology between BGP peers with using of loopback IP's of OSPF process;
2) Route Reflector(s) which can recieve routes from "BGP Clients" and redistribute them to others with no need of full mesh;
3) Use MPLS for BGP peers connectivity over OSPF network.

Last is more classic design, because you can use various type of BGP attributes and various route filters. In fact, with MPLS help you can use VPLS in order to transport layer 2 PPP frames to PPPoE server over OSPF network without need of routing at all. Routing will need only for LDP peering over OSPF. That would be more wise.

You can read more about MP-BGP and MPLS/VPLS on Tik wiki or use accurate OSPF design.

HI:

But I recommend to you to redistribute PPPoE global addresses with BGP tools. Manage OSPF only for your core network as a transport protocol to redistribute ptp links and your loopbacks

That's absolutely true... the most scalable way of advertising networks is with BGP working as an EGP and OSPF as an IGP. However, if you want to do filtering at OSPF, there is a tricky thing, because there are only two possible scenarios where you can do it, the first one will be in an ABR (Area Border Router) where you can filter routes between areas; and in an ASBR (Autonomous System Border Router) where you can filter routes between protocols.

I assume i will be using iBGP for the peering between all the sites. Then the route to the client will be recursive to what ever route ospf installed for the loopback?

That's correct, the route learned with iBGP will be installed in a recursive way using the ospf route installed for the loopback.

And if you want more flexible BGP routing, you should switch off synchronizaion with IGP routing table.

https://wiki.mikrotik.com/wiki/Manual%3 ... GP#Network

Thanks for all the reply's

I'm busy testing in the lab using eBGP.

Each tower site i assign a different AS and if there are more then one router on a site i will setup iBGP for them.

I then redistribute connected routes so the /32 routes

So far its working good.

It would be nice if it could advertise only the /32 's given by pppoe without the need to check redistribute connected

I might be wrong, but I think redistribute /32 routes from each pppoe address each time it's connected, it's not really good idea.

It really depends on the network design, because if all your customers behind the PPPoE will be whithin the same subnet (/24 with several /32), then you only need to advertise the /24 with an aggregate or network command. If not, then I think that there is no other way than redistribute connected

I played around with some filter rules.

One issue i had with redistributing connected was that some of the connected routes was already in the routing table because of ospf.

So what is did is create a bgp-out filter.

for example.

/routing filter add chain=bgp-out prefix=10.10.0.0/24 prefix-length=24-32 action=discard

This way the bgp will only announce the /32 from the public ip out to the peers and not the connected /30s and /29's from the 10.10.0.0/24 subnet.

But this is only in the lab, real world will most probably give a new set of challenges

I played around with some filter rules.

One issue i had with redistributing connected was that some of the connected routes was already in the routing table because of ospf.

So what is did is create a bgp-out filter.

for example.

/routing filter add chain=bgp-out prefix=10.10.0.0/24 prefix-length=24-32 action=discard

This way the bgp will only announce the /32 from the public ip out to the peers and not the connected /30s and /29's from the 10.10.0.0/24 subnet.

But this is only in the lab, real world will most probably give a new set of challenges

Well, if it is you wanted, then OK

Had an interesting issue where ospf grabbed one of the /32's and redistributed that.

Checked all the routers and ospf does not redistribute connected or bgp routes.

Back to the lab I Guess