Community discussions

MikroTik App
 
red014
just joined
Topic Author
Posts: 3
Joined: Thu Dec 16, 2021 4:13 pm

OSPF 2 routers with 2 isp

Tue Oct 25, 2022 11:54 am

I have 2 routers and using OSPF. 1st router as CORE/NAT and 2nd router as PPPoE/Hotspot server.
Our CORE router had 2 ISP, 1st ISP as default ISP or with distance of 1 and 2nd ISP as backup ISP or with distance of 2 and it worked perfectly. My problem is how can I route PPPoE clients to 1st ISP and Hotspot client to 2nd ISP? The reason is to use both ISP at the same time and also have failover. Thank you in advance. We are using ROS 6.49.6
 
connectlife
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Sep 01, 2020 10:20 pm

Re: OSPF 2 routers with 2 isp

Tue Oct 25, 2022 5:11 pm

Hi, do you get a FULL Table from your ISPs? Do you do BGP sessions with them?
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: OSPF 2 routers with 2 isp

Tue Oct 25, 2022 6:09 pm

I have 2 routers ...
Make an export of the current configuration. In text format. Remove all private information from there. And post it here.
 
red014
just joined
Topic Author
Posts: 3
Joined: Thu Dec 16, 2021 4:13 pm

Re: OSPF 2 routers with 2 isp

Wed Oct 26, 2022 4:45 am

This is our configutation on 2 routers

1st Router - CORE/NAT
/interface bridge
add name=bridge1-routing
add name=loopback1
/interface ethernet
set [ find default-name=ether1 ] mac-address= name=\
    ether1-ISP1
set [ find default-name=ether2 ] mac-address= name=\
    ether2-ISP2
set [ find default-name=ether3 ] mac-address=
set [ find default-name=ether4 ] mac-address=
set [ find default-name=ether5 ] disabled=yes mac-address=
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
/routing ospf instance
add distribute-default=if-installed-as-type-1 name=ospf1 router-id=\
    10.254.254.254
/routing ospf area
add instance=ospf1 name=area1
/interface bridge port
add bridge=bridge1-routing interface=ether4
add bridge=bridge1-routing interface=ether5
/interface detect-internet
set detect-interface-list=all
/ip address
add address=10.254.254.254 interface=loopback1 network=10.254.254.254
add address=10.254.253.1/28 interface=bridge1-routing network=10.254.253.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether1-ISP1 use-peer-dns=no \
    use-peer-ntp=no
add add-default-route=no disabled=no interface=ether2-ISP2 use-peer-dns=no \
    use-peer-ntp=no
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input comment="accept valid input" connection-state=\
    established,related
add action=accept chain=input comment="allow icmp(ping)" protocol=icmp
add action=drop chain=input comment="drop invalid input" connection-state=\
    invalid log-prefix=invalid
add action=accept chain=forward comment="accept valid forward" \
    connection-state=established,related
add action=drop chain=forward comment=\
    "drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1-ISP1 log=yes log-prefix=!NAT
add action=drop chain=forward comment=\
    "drop incoming from internet which is not public IP" in-interface=\
    ether1-ISP1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
    "drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether3 log=yes log-prefix=!NAT
add action=drop chain=forward comment=\
    "drop incoming from internet which is not public IP" in-interface=ether3 \
    log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=output comment=\
    "[failover rule] allow 1.0.0.1 ping to isp1 only" dst-address=1.0.0.1 \
    out-interface=!ether1-ISP1 protocol=icmp
add action=drop chain=output comment=\
    "[failover rule] allow 8.8.4.4 ping to isp2 only" dst-address=8.8.4.4 \
    out-interface=!ether2-ISP2 protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-ISP1
add action=masquerade chain=srcnat out-interface=ether2-ISP2
/ip route
add comment=ISP1 distance=1 gateway=122.154.193.115
add comment=ISP2 distance=2 gateway=192.168.254.254
add check-gateway=ping comment="netwatch for isp2" distance=1 dst-address=\
    1.0.0.1/32 gateway=122.154.193.115
add check-gateway=ping comment="netwatch for isp1" distance=1 dst-address=\
    8.8.4.4/32 gateway=192.168.254.254
/routing ospf interface
add interface=bridge1-routing network-type=point-to-point
add interface=loopback1 network-type=point-to-point
/routing ospf network
add area=area1 network=10.254.254.254/32
add area=area1 network=10.254.253.0/28
/system ntp client
set enabled=yes primary-ntp=162.159.200.123 secondary-ntp=92.223.73.5 \
    server-dns-names=asia.pool.ntp.org
/tool netwatch
add comment="isp1 checker" down-script="/ip route disable [find where comment=\
    ISP1];\r\
    \n:log warning \"ISP1 link is down!\";" host=1.0.0.1 interval=5s \
    up-script="/ip route enable [find where comment=ISP1];\r\
    \n:log warning \"ISP1 link is up!\";"
add comment="isp2 checker" down-script="/ip route disable [find where comment=\
    ISP2];\r\
    \n:log warning \"ISP2 link is down!\";" host=8.8.4.4 interval=15s \
    up-script="/ip route enable [find where comment=ISP2];\r\
    \n:log warning \"ISP2 link is up!\";"
2nd Router - PPPoE/Hotspot Server
/interface bridge
add name=bridge3-Hotspot vlan-filtering=yes
add name=loopback1
/interface ethernet
set [ find default-name=ether1 ] disabled=yes name=ether1-ISP1
set [ find default-name=ether2 ] name=ether2-Hotspot
set [ find default-name=ether3 ] disabled=yes mac-address=
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] name=ether10-LAN poe-out=off
/interface vlan
/interface ethernet switch port
/interface list
add name=WAN
add name=LAN
add name=LAN2
add name=WAN2
/ip hotspot profile
add dns-name=rc.pisowifi hotspot-address=10.0.0.1 html-directory=public \
    http-cookie-lifetime=1d login-by=cookie,http-chap,http-pap,mac-cookie \
    name=hsprof1
/ip kid-control
add name=kid1
/ip pool
add name=dhcp_pool ranges=10.0.3.1-10.0.10.254
add name=pool-pppoe ranges=192.168.5.10-192.168.5.254
/ip dhcp-server
add address-pool=dhcp_pool disabled=no interface=bridge3-Hotspot lease-time=\
    1d name=dhcp1
/ip hotspot
add address-pool=dhcp_pool addresses-per-mac=1 disabled=no interface=\
    bridge3-Hotspot name=hotspot1 profile=hsprof1
/ppp profile
add bridge-learning=yes dns-server=8.8.8.8,8.8.4.4 local-address=192.168.5.1 \
    name=30MBPS only-one=yes parent-queue=none rate-limit=32M/32M \
    remote-address=pool-pppoe
add bridge-learning=yes dns-server=8.8.8.8,8.8.4.4 local-address=192.168.5.1 \
    name=20MBPS only-one=yes parent-queue=none rate-limit=22M/22M \
    remote-address=pool-pppoe
/queue simple
add name=Hotspot target=bridge3-Hotspot
add name=PPPoE target=192.168.5.0/24
/ppp profile
add bridge-learning=yes dns-server=8.8.8.8,8.8.4.4 idle-timeout=2h \
    local-address=192.168.5.1 name=10MBPS only-one=yes parent-queue=PPPoE \
    rate-limit=12M/12M remote-address=pool-pppoe
add bridge-learning=yes dns-server=8.8.8.8,8.8.4.4 local-address=192.168.5.1 \
    name=50MBPS only-one=yes parent-queue=PPPoE rate-limit=52M/52M \
    remote-address=pool-pppoe
/routing ospf instance
add distribute-default=if-installed-as-type-1 name=ospf1 router-id=\
    10.254.254.253
/routing ospf area
add instance=ospf1 name=area1
/system logging action
set 0 memory-lines=2000
set 1 disk-file-count=1
/interface bridge port
add bridge=bridge3-Hotspot interface=ether2-Hotspot
add bridge=bridge3-Hotspot interface=ether7
add bridge=bridge3-Hotspot interface=ether8
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1-ISP1 list=WAN
add interface=ether2-Hotspot list=LAN
add disabled=yes interface=ether3 list=WAN
add interface=bridge3-Hotspot list=LAN
/interface pppoe-server server
add default-profile=10MBPS disabled=no interface=bridge3-Hotspot \
    one-session-per-host=yes service-name=10MBPS
/ip address
add address=10.0.0.1/18 interface=bridge3-Hotspot network=10.0.0.0
add address=10.254.254.253 interface=loopback1 network=10.254.254.253
add address=10.254.253.2/28 interface=ether4 network=10.254.253.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether1-ISP1 use-peer-dns=no \
    use-peer-ntp=no
add disabled=no interface=ether3
/ip dhcp-server network
add address=10.0.0.0/18 gateway=10.0.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.0.0.0/18 list="ip all"
add address=192.168.5.0/24 list=PPPoE
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=input comment="accept valid input" connection-state=\
    established,related
add action=accept chain=input comment="allow icmp(ping)" protocol=icmp
add action=drop chain=input comment="drop invalid input" connection-state=\
    invalid log-prefix=invalid
add action=accept chain=forward comment="accept valid forward" \
    connection-state=established,related
add action=drop chain=forward comment=\
    "drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface=ether1-ISP1 log=yes \
    log-prefix=!NAT
add action=drop chain=forward comment=\
    "drop incoming from internet which is not public IP" disabled=yes \
    in-interface=ether1-ISP1 log=yes log-prefix=!public src-address-list=\
    not_in_internet
add action=drop chain=forward comment=\
    "drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface=ether3 log=yes log-prefix=\
    !NAT
add action=drop chain=forward comment=\
    "drop incoming from internet which is not public IP" disabled=yes \
    in-interface=ether3 log=yes log-prefix=!public src-address-list=\
    not_in_internet
add action=drop chain=output comment=\
    "[failover rule] allow 1.0.0.1 ping to isp1 only" disabled=yes \
    dst-address=1.0.0.1 out-interface=!ether1-ISP1 protocol=icmp
/ip firewall mangle
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="ISP masquerade" disabled=yes \
    out-interface-list=WAN
add action=masquerade chain=srcnat comment="ISP masquerade" disabled=yes \
    out-interface=ether3
add action=masquerade chain=srcnat comment="Hotspot masquerade" src-address=\
    10.0.0.0/18
add action=masquerade chain=srcnat comment="PPPoE masquerade" src-address=\
    192.168.5.0/24
/ip firewall raw
/ip hotspot user
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
/ip hotspot walled-garden ip
/ip route
add comment=ISP1 disabled=yes distance=1 gateway=192.168.254.254
add comment=ISP2 disabled=yes distance=2 gateway=122.154.193.115
add check-gateway=ping comment="netwatch for isp1" disabled=yes distance=1 \
    dst-address=1.0.0.1/32 gateway=192.168.254.254
add check-gateway=ping comment="netwatch for isp2" disabled=yes distance=1 \
    dst-address=8.8.4.4/32 gateway=122.154.193.115
/ppp secret
add name=K profile=10MBPS service=pppoe
add name=D profile=10MBPS service=pppoe
/routing ospf interface
add interface=ether4 network-type=point-to-point
add interface=loopback1 network-type=point-to-point
/routing ospf network
add area=area1 network=10.254.254.253/32
add area=area1 network=10.254.253.0/28
/system ntp client
set enabled=yes primary-ntp=162.159.200.123 secondary-ntp=92.223.73.5 \
    server-dns-names=asia.pool.ntp.org
Last edited by BartoszP on Wed Oct 26, 2022 2:31 pm, edited 1 time in total.
Reason: proper usage of tags for code
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: OSPF 2 routers with 2 isp

Wed Oct 26, 2022 1:41 pm

New User Pathway To Config Success

I think, that if you carefully read what is stated in this topic ... Many questions will disappear.

P.S.
As for me, I would solve your problem through traffic marking.
 
red014
just joined
Topic Author
Posts: 3
Joined: Thu Dec 16, 2021 4:13 pm

Re: OSPF 2 routers with 2 isp

Thu Oct 27, 2022 5:45 pm

Can you give me a hint to solve my problem?
It will highly appreciated.
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: OSPF 2 routers with 2 isp

Sun Oct 30, 2022 1:58 am

It is not difficult for me to write a ready-made configuration for you. However, I suggest you try to figure it out.

An example request for a search server - https://www.google.com/search?q=router+ ... s+mikrotik
Or - https://www.google.com/search?q=router+ ... acket+mark
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: OSPF 2 routers with 2 isp

Sun Oct 30, 2022 4:35 pm

Example for first router (ROS 6.x):
/interface list add name=WAN
/interface list add name=LAN

/interface list member add interface=ether1 list=WAN
/interface list member add interface=ether2 list=WAN

/interface list member add interface=bridge1 list=LAN

### ISP1
/ip address add address=10.10.10.2/24 interface=ether1 network=10.10.10.0
### ISP2
/ip address add address=10.10.20.2/24 interface=ether2 network=10.10.20.0

### LAN
/ip address add address=172.27.0.254/24 interface=bridge1 network=172.27.0.0

/ip firewall address-list add address=172.27.0.0/24 list=LocalNet

/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=WAN1_conn passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=WAN2_conn passthrough=yes

/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=WAN1_traffic passthrough=yes src-address-list=LocalNet
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=WAN2_traffic passthrough=yes src-address-list=LocalNet

/ip firewall mangle add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=WAN1_traffic passthrough=no
/ip firewall mangle add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=WAN2_traffic passthrough=no

/ip firewall nat add action=masquerade chain=srcnat comment="LAN -> Internet" out-interface-list=WAN

/ip route add check-gateway=arp distance=50 gateway=10.10.10.254 pref-src=10.10.10.2 routing-mark=WAN1_traffic
/ip route add check-gateway=arp distance=50 gateway=10.10.20.254 pref-src=10.10.20.2 routing-mark=WAN2_traffic

/ip route add check-gateway=arp comment="cost 71 (ISP1)" distance=71 gateway=10.10.10.254
/ip route add check-gateway=arp comment="cost 72 (ISP2)" distance=72 gateway=10.10.20.254

/ip route add check-gateway=arp distance=80 gateway=10.10.10.254,10.10.20.254

/ip route rule add action=lookup-only-in-table src-address=10.10.10.2/32 table=WAN1_traffic
/ip route rule add action=lookup-only-in-table src-address=10.10.20.2/32 table=WAN2_traffic
/ip route rule add action=lookup-only-in-table dst-address=172.27.0.0/24 table=main
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: OSPF 2 routers with 2 isp

Sun Oct 30, 2022 7:44 pm

Take a look at the official documentation - Load Balancing

Who is online

Users browsing this forum: No registered users and 16 guests