Community discussions

 
nzjimmy
newbie
Topic Author
Posts: 38
Joined: Tue Oct 03, 2017 11:47 pm

Two routers one service

Wed Mar 07, 2018 12:16 am

Hello,

I must configure a second MT router with its own public IP and connect via the first MT router. I do not want to use 1:1 NAT as I need the second router to be UPnP capable, just as the first router is.

The current connection is routed from ISP as a /30 and I can request them to route an additional /30 subnet of public IPs down the same service. The WAN addressing on first router will not change when this new subnet is routed. I have a bunch of vlans and a UM Hotspot running on router#1, router#2 will be exactly the same.

My question is: What is the best way to do this? Will I apply the new routed subnet to router#2 WAN and add static route in router#1? How should I configure the uplink port on router#1? What will the gateway address be for router#2?

Any and all advice appreciated.

Thanks
 
mkx
Forum Guru
Forum Guru
Posts: 2985
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two routers one service

Wed Mar 07, 2018 7:32 am

If you'll get another/30 network from your ISP, then the easiest thing to do woud be to set-up one of RBs with two ports bridged in a "WAN" bridge - in effect create 2-port ethernet switch. Connect WAN cable to one port and second RB to the other port. In this case you wouldn't need any further configuration on either of RBs to make them aware of each other.
BR,
Metod
 
nzjimmy
newbie
Topic Author
Posts: 38
Joined: Tue Oct 03, 2017 11:47 pm

Re: Two routers one service

Wed Mar 07, 2018 9:45 am

Thanks for the suggestion. I do wonder what the second router's config would be though, would its WAN address be one of the routed publics as a /32? and its gateway would be ??

Can't be that simple surely ;)
 
sindy
Forum Guru
Forum Guru
Posts: 3814
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two routers one service

Wed Mar 07, 2018 3:34 pm

It depends on how your ISP will do that:
  • if they put two /30 networks on the same physical connection in parallel, then what @mkx suggests its the only way to do it. I would just recommend to take the effort to configure "hardware accelerated" bridging of the two ports as otherwise the CPU of the existing 'Tik will have to handle every single packet of the new 'Tik.
  • if they configure their network in such a way that the public IP address of your current 'Tik is a gateway to the new /30, then you must put up one address from the new /30 on your existing 'Tik and use the other address from the new /30 on the new 'Tik. The old one will then be routing, not switching, all the traffic to/from the new one, which will give it some additional load. And you have to modify its firewall rules so that it would let anything to/from the new 'Tik pass through without tampering with it
If for the ISP it is simpler to put another /30 subnet in parallel to an existing one to the same connection, I would think they'd do exactly that, as my approach would be to put a single /29 to that connection instead of two /30s. Same number of public addresses spent (8) but five could be used at your side with 1×/29 instead of just two with 2×/30. But if you insist on keeping the existing address and the adjacent /30 has already been assigned to someone else so it is not available to make up a /29 together, they cannot do anything about that.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
mkx
Forum Guru
Forum Guru
Posts: 2985
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two routers one service

Wed Mar 07, 2018 3:36 pm

Depends on how you connect to your ISP and how your devices get assigned public IP addresses.

If you connect to your ISP with "transparent" IP connection, then it is really this simple: your two switched ports on RB1 will effectively split your physical WAN line to two and both RBs will actually talk directly to ISP (RB2 will use L2 switch on RB1, but if this part is done properly, RB1 will not interfere in any way). Probably you get the WAN address via DHCP lease and each RB will get one directly from ISP's servers. If you got truly static address (meaning you need to manually set it for router's WAN interface), then you'll just configure each of RBs with one of configuration sets ISP will provide you instead of running DHCP client.
If you've got static WAN addresses (truly static or unchanging DHCP leases), then you can optionally add additional static route on each of your RBs to point to each other's WAN IP address over their WAN interfaces... so that any traffic, that might flow directly between the two RBs, would not flow through your ISPs routers thus offloading your physical internet connection.

If, on the other hand, you need to establish some kind of tunnelling protocol, such as PPPoE, then it slightly depends. It may be that ISP will allow you to establish more than one such tunnel over your physical line and you, again, configure both RBs in similar manner. If ISP doesn't allow more than one tunnel at the same time, then you need to find out your options. But in any case, you most probably have some ethernet-based protocol and if there's ethernet, you can use RBs ethernet switch to connect the second RB to the internet line.

My personal experience: my ISP requires PPPoE over VDSL and are providing with a xDSL modem/router which can be used in bridge mode. While I used dynamic WAN addresses, I could establish more than one PPPoE connection and each would get different WAN IP address. I did use this possibility by mistake for a while where ISPs router would establish one PPPoE tunnel and my router would establish another one. When I requested static WAN IP address, I could no longer establish more than one PPPoE tunnel at the same time (and that's the moment I realized that VLAN modem/router actually did establish a tunnel). Which is somehow logical: they assigned a static IP address to my profile and the same static IP address can not be assigned to more than one device at the same time.
A side note: I can put as many ethernet switches (dumb or managed) between the xDSL modem and router and that PPPoE tunnel will still get connected. At some time point I connected xDSL ethernet port to a managed switch with that port configured as VLAN access port. Then I forwarded that VLAN through VLAN trunk connection to a RB (trunk port as well), and started PPPoE interface on top of VLAN interface. Worked like a charm.
BR,
Metod
 
mkx
Forum Guru
Forum Guru
Posts: 2985
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two routers one service

Wed Mar 07, 2018 3:48 pm

The second possibility, mentioned by @sindy, is of course possible, but I kinda doubt it'll happen. It would only be logical if that ISP would do point-to-point routing, but in that case they wouldn't need to assign /30 to every customer, they would assign single IP address (/32) just the way it's done over tunnels (such as PPPoE).

If I were an ISP, I wouldn't bother making changes to router configurations to use one address as gateway to the other, it's too much of a work on their side. What I'd do is either instruct user to use the second host address from the same /30 subnet (they can not use it for other users anyway unless they're running some L2 network which is not acceptable due to higher broadcast traffic flowing through subscribers' lines). In this case my suggestion is just fine.

But OP will have to ask his ISP to see what they'll offer. And then we can give him some more concrete advice about what to do finally.
BR,
Metod
 
nzjimmy
newbie
Topic Author
Posts: 38
Joined: Tue Oct 03, 2017 11:47 pm

Re: Two routers one service

Thu Mar 08, 2018 1:01 am

Thanks people, I think I should clarify the existing connection more, and how the new subnet will be available to use.

The existing service is dedicated dark-fibre 400Mbps with static /30 addressing. No PPPoE or DHCP. Its is a routed connection where the gateway address is one of the 3 addresses in the /30. e.g. WAN 1.1.1.29/30 - Gateway 1.1.1.28/30 - Network 1.1.1.30 I set this addressing up manually including route for gw address.

The Public Addresses I will use for the second router is completely different as far as addressing goes, and I can get anything from a /30 to a /24 (e.g. 1.2.3.4/29) routed to me down the same service and I can do with it whatever I choose. The current WAN addressing of router #1 will not change in any way.

As far as topology goes, I need router#2 to be as independent from router#1 as possible. So, if router #1 can pass on the packets without having to process them that would be ideal, but I do not see how this could be the case as the gateway address for router#2 will have to be router#1? Or am I wrong here?

There is no requirement for traffic flow between RB#1 and RB#2

Thank you!
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Two routers one service

Thu Mar 08, 2018 1:58 am

If you want the two routers completely independent of each other (other than arriving via the same fiber), get a small dumb gigabit switch with one port going to the fiber connection, and one connection to the WAN port of each of the router. That way a failure of one router does not effect the other router. That is essentially what I am doing (although the switching is a bit more involved here because of my architecture).
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
nzjimmy
newbie
Topic Author
Posts: 38
Joined: Tue Oct 03, 2017 11:47 pm

Re: Two routers one service

Thu Mar 08, 2018 9:52 am

That is an interesting option. I wonder what RB#2 WAN settings would be though seeing as every address in the subnet will be routed to me ... What would the gateway address be? and would WAN be a /32?

Thanks
 
sindy
Forum Guru
Forum Guru
Posts: 3814
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two routers one service

Thu Mar 08, 2018 10:38 am

That is an interesting option. I wonder what RB#2 WAN settings would be though seeing as every address in the subnet will be routed to me ... What would the gateway address be? and would WAN be a /32?
I cannot see any advantage in replacing one SPOF (the "existing" 'Tik) by another SPOF (the "cheap dump GbE switch") except that you have to buy, physically place and feed another box. I don't know how accessible the location is, but putting two ports on each 'Tik into a WAN bridge and interconnecting them by a cable would essentially do the same service - if the port to which the fibre modem is connected goes down at one 'Tik, or that whole 'Tik goes down, you can ask a trained dog to connect the cable from the modem to the other 'Tik and the service is re-established.

The above applies if the two public subnets (your existing one and the new one) exist in parallel on the physical media as I've assumed before, i.e. if you could configure any of the two subnets on a 'Tik connected directly to the cable modem and it would work. But the following suggests otherwise:
The Public Addresses I will use for the second router is completely different as far as addressing goes, and I can get anything from a /30 to a /24 (e.g. 1.2.3.4/29) routed to me down the same service and I can do with it whatever I choose. The current WAN addressing of router #1 will not change in any way.
English is not my first language so I may understand it wrong, but "routed to me down the same service" suggests that the ISP would use the existing service as a connection subnet for the new subnet, which requires a router functionality at your end too, and in such case, the existing 'Tik would have to route the traffic of the new one. So this point is the one which needs to be unambiguously clarified with the ISP as it determines which of the two configurations has to be used at your end.

To make the picture complete, do you have an optical SFP in the existing 'Tik or a separate optical media converter with copper GbE port on the local side?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Two routers one service

Fri Mar 09, 2018 1:20 am

That is an interesting option. I wonder what RB#2 WAN settings would be though seeing as every address in the subnet will be routed to me ... What would the gateway address be? and would WAN be a /32?
That's going to depend on how your ISP sets things up. In my case, I have eight non-continuous static /24 address that all have the same gateway from my ISP. As I said in my original post, a simple switch is essentially what I am doing to split my ISP connection to the three separate routers. Let me explain that in a little more detail. My DSL connection comes into the family room at my house. However both of the routers that actually do anything are in a data cabinet in my detached garage. In the family room, I have the DSL modem connected to one port of a CSS326-24G-2S on VLAN 200. That then goes over a tagged trunk to a HP 2610-48 in the garage data cabinet. There are three ports on the HP switch on VLAN 200. One goes to router #1 and the second goes to router #2. The third is a test port. Both router #1 and #2 have one port on the WAN side and each has several of my eight public IP addresses .Each router uses the same gateway from my ISP. BTW, I said that have three routers sharing my eight public IPs. Router #3 is fed from the switch in the family room, but the only thing it does is respond to pings from the internet. It's purpose is to confirm that internet is making it to my house. So if that one is live, but routers #1 and #2 are not responding, I know the problem is at my house (power, switch, cable, etc). BTW, there is some ancient history that is the why I'm doing it the way that I am, but it does all make sense.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
nzjimmy
newbie
Topic Author
Posts: 38
Joined: Tue Oct 03, 2017 11:47 pm

Re: Two routers one service

Mon Apr 02, 2018 12:12 pm

Update:

The ISP ended up changing the current /30 to a /29 rather than routing another subnet down the existing /30.

To get the result I wanted I applied one of addresses to eth1, created a bridge and added eth1 and eth2 to the bridge. Then connected the second router to eth2 and applied one of the remaining address from the /29 to WAN interface. Both routers share the same gateway address which is the ISP's router. A static route to this gateway was added for 0.0.0/0 on both routers. The first router does not process packets for the second router, it just switches in bridge.

This was obviously very simple routing but I had not done it before in this manner so, thought I may as well update this post.

I will update again in future if/when I have additional Public subnets routed rather than expanding the subnet.
 
sindy
Forum Guru
Forum Guru
Posts: 3814
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two routers one service

Mon Apr 02, 2018 12:25 pm

I applied one of addresses to eth1, created a bridge and added eth1 and eth2 to the bridge. Then connected the second router to eth2 ... The first router does not process packets for the second router, it just switches in bridge.
And if you could use one of the Mikrotik boxes with Ethernet bypass function (if the router dies, its two ethernet ports get electrically connected to each other) as the first router, you would get an even better redundancy.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
nzjimmy
newbie
Topic Author
Posts: 38
Joined: Tue Oct 03, 2017 11:47 pm

Re: Two routers one service

Sun Apr 08, 2018 11:24 am

Really? Nice tip. Thanks :)

Who is online

Users browsing this forum: Google [Bot] and 85 guests