tte “TestlAP routing - MilroTICWK
Testwiki/IP routing
Contents
LIP routing
1.1 Static route
1.2 Default route
1.2.1 Simple lozd-balancing - ECMP
1.3 Dynamic routing
1.4 Open Shortest Path First (OSPF)
1.4.1 OSPF concept
1.4.2 OSPF areas and router types
1.4.3 OSPF operation
1.4.4 OSPF multiple area design and operation
1.4.5 Policy routing implementation example
1.4.5.1 Set up routing policy using ip route rule
1.4.5.2 Set up routing policy using ip firewall mangle
IP routing
Routing is the process of moving a packet of data from one network to another network based on the destination IP
address. The Internet uses routing to forward data from one host across several networks, to reach a final destination
host (ike personal PC, web or mail server). The network devices that perform this routing function are referred to as
routers, Routers maintain a list of routes which is often referred to as a routing table." A route may be defined as
Information that is used to make a decision where forward packet next. The route information is used to make decisions about
which will be output interface by forwarding a packet destination.
Routers operate at the network layer OSI model (layer 3) therefore often its refered as layer 3 devices. Routers look up
routes in the routing table to figure out how to move data from one network to another network,
Brief description of routing process happens as follows:
When router receives packet on network interface, it will look at destination address of IP packet and ifthe packet isn't
destined for the particular router it look up for appropriate destination network address in own routing table. Routing
table contains list of destination networks with the appropriate output interfaces. Applying this routing table router finds
an exit interfaces for particular packet and forward it through this interface to next router. This process is repeated at
each router until packet reaches destination. If router can't find route entry for the packet's destination network in the
routing table, router drops the packet,
Routing table on MikroTik router can be viewed using ip route print command:
pdt mbcticcom hi TestwP_routing
anette “TestlAP routing - MilroTICWK
Static route
‘As we previously found a router sending packet to the remote network look at the routing table to find out how to get to
remote network,
There are several ways how to configure the routing table for each router. First you can create It statically (manually) or to
create dynamically by configuring some of the dynamic routing protocols. Process when static routes are used forwarding
packets through the network is known as static routing. Static routing is not really @ protocol, simply the process of
manually entering routes into the routing table these routes don't change after they are configured unless a human
changes them. Static routing are several benefits and also some disadvantage. At the benefits can mention:
» Low Router’s CPU usage, there aren't necessary to maintain any additional routing table process as using
dynamic routing,
> There aren't routing protocol updates therefore no addtional bandwidth usage between routers
Whereas at disadvantages can mention:
» Very complicated to configure large networks, because each route must be manually (by hand) entered on all
routers.
» Network administrator need change network configuration every time when some network goes down or
network topology has changed.
Here’s an example of how to configure static routes on MikroTik routers, network topology for this example Is given below
f ; d
\torsse toa 19216841 10.901 MikroTik_CE2
\ Z. -
/ 192.168.21
‘MikroTik_CE1 fe
Figure 6.1. Example of network topology
Configuration on MikroTik_CE1:
This configuration means that all packets destined to network 192.168.2.0/24 willbe send to the router 10.0.0.2. In this
case gateway means next hop IP address for static route.
Configuration on MikroTik_CE2:
[adminesierotik c22] /ip roure> acd dst-address=19;
hitpihuli mieoticcom hi Testwk_routing anette “TestlAP routing - MilroTICWK
Show routing table of MikroTk_CE1 router:
Static route is marked with letter ~ S, Directly connected routes in routing table are marked with C ~ connected (ADC -
means that route Is active, dynamic, and directly connected to router).
DST-Address" - the destination network that is placed in the routing table
Gateway" - Specifies which host or interface packets should be sent to. Usually value of this property is a single IP address of
2 gateway that can be directly reached through one of router's interfaces
Distance" - Value used in route selection. Distance is an integer form 0 to 255 where O means more trusted and 255 means
that this route is not used for traffic forwarding. Routes with smaller distance value are given preference it means that ifthere
are two possible routes for the same remote network than the routes with the lowest distance will be placed in the routing
table, If there are two routes to the same network with the same distance, then routing metric (such as hop count, bandwidth
of ine) will be used to find the best path to the remote network. If value of distance is not specified, then the default values are
used. Default value of distance depends on route protocol:
connected routes: 0
static routes: 1
eBGP: 20
ospF: 110
RIP: 120
MMe: 130
ipGP: 200
Default route
A default route is also referred to as the “route of last resort”, This is the route a router uses when no ather known route
‘exists for a given IP packet's destination address. Routing process which using default route is called as default routing.
Default works as follows: All the packets received by router with IP destination address that not to conform to any
destination networks in routing table can’t be forwarded and will be discarded. But if there is specified default route
packet will be sent via this default route.
Configuration example of default route:
[admineuierotit] /ip route> add det-addre 0/0 gateway=10.0.0.
Gateway can be also specified by name of interface, for example:
ledaineiixrotin] /ip rou -0.0.0.0/0 gatewayretnest
Route with dst-address 0.0.0.0/0 specifies any destination address. A route lookup that doesn't match anything else in
routing table will naturally fall back onto this route. If routing table contains an active default route, then routing table
lookup in this table will never fail
hitpihuli mieoticcom hi Testwk_routing sette “TestlAP routing - MilroTICWK
For computer on your local network also is needed to specify default route which refered as default gateway. In IP based
networks, a default gateway address is needed to reach all hosts that are not on the same local IP subnet.
Simple load-balancing - ECMP
Equal-Cost Multi-Path (ECMP) is a forwarding mechanism for routing packets along multiple paths of equal cost with the
goal to achieve almost equally traffic load sharing among muttiple links. Static routes and also most of the routing
protocols support ECMP load balancing mechanism.
Consider the following network layout:
roronas 3)
a ~
Ether 10 1079/24
__392.168.11.024 / attests 1sP2
. - snags
wer |
)
Figure 6.2. Example of network layout for ECMP
In this example we have connections on two internet service providers (ISP) and we can to introduce 1:1 load balancing
between both links. This can be done only adding simple static (default) route with two specified gateways:
This is typical ECMP (Equal Cost Multi-Path) gateway with check-gateway. In this case check-gateway send periodic ping
request and as soon as one of the gateways will not be reachable, check-gateway will ermove it from gateway list. ECMP is
“persistent per-connection load balancing” ~ load balancing occur among the individual connections or "per-sre-dst-
address combination load balancing”
Show routing table from router:
There is to remember that not all case ECMP can offer real advantage, for example if your network physical topology of the
system differs from the logical topology (system that use s VLANs), you have multiple logical paths to destination without
real bandwidth improvement,
There also would need such router feature as Network Address Translation (NAT), which translate private IP addresses to
public (ISP given). This feature will be explained later in chapter "Network address translation”.
NAT example for this case may be as follows:
[acm
(en
(see:
hitpihuli mieoiccomihiTestwkP_routng anatte “TestilAP routing - MilroTIK WK
You can also use asymmetric bandwidth links, for example, one link is 2Mbps other 10Mbps. Just use this command to
make load balancing 1:5.
Dynamic routing
Unlike static routing where network administrator manually configures routing table entries (routes) dynamic routing
allows create these entries dynamically by using some of routing protocols.
Major task of routing protocol is to determine the path of packet through network. A routing protocol is used by routers to
dynamically find all the destination networks in the network and ensure that routing table is updated. Routing protocol
provides collaboration among routers where one router communicates with the same protocol running on other (neighbor)
routers. Some examples of routing protocols RIP, RIPV2 and OSPF there may be others protocols also implemented by
different producers. Neighbor router ~ that reachable with one forwarding step, for example two directly connected
routers. If occur some change in network (interface goes down, network topology change and so on), dynamic routing
protocol automatically inform neighbor routers about all changes by sending updates massage. Update massages of
routing protocol are used to help maintain and update entries of routing table on routers. Update process may be
organized differently by each of routing protocols, for example RIP protocol send periodical updates whereas OSPF send
updates when to occur some network changes. One router can maintains more than one routing protocols but each of
routing protocol has it’s own internal table. This is where per-protocol routing decisions are made and best routes (route
what algorithm of routing protocol is calculated as best) far each of destination networks are kept in the main (global)
routing table, in MikroTk main table can be viewed with ip route print command.
More information about routing process organization in MiktroTik router can found here
(http://wvikimikrotik.com/wiki/Manual:IP/Route)
[G))_Note: Remember thet process whic fund the gatemay address where packets routed next called the nexthop lookup
that is part of best route selection process,
Two major types of IGPs (Interior Gateway Protocol) protocols:
> Distance-vector routing protocols
» Link-state routing protocols
The distance-vector protocol calculates the best route to a remote network based only on link cost, The link cost to
reaching destination is calculated using various route metrics. RIP protocol as metric uses the hop count to destination.
(One hop means when packet goes from one router to next and the route with the lowest number of hops to destination
network is determined as the best route, The distance-vector means that routers are advertised as vector of distance and
direction. The distance-vector protocol sends camplete routing table contents to allits neighbors that are configured to
use the same routing protocol. Receiver router combine the received table with own routing table to create the new
updated routing table. RIP uses only hop count to determine the best path to a destination network, it can to perform
round-robin load balancing when there are more than one link with the same hop count to the same remote destination
But there is also one drawback in case when we have more then one link to remote network with the same hop count but
different bandwidths. For example if we have two links, first Mbps and second 10Mbps, then these links by RIP protocol
would be seen as equal and can to perform one to one load balancing. Example of distance-vector protocols is RIPV2 too.
The link-state routing protocol send update massages that contain information about their own links not only to neighbors
routers but to all other routers on the network. This type of routina protocol reauires router to maintain network topoloay
hitpihuli micoiccom ih Testwk_routng 52tte “TestilAP routing MilroTIKWK
map (table) that provide connectivity map, showing which router are connected to which other. Connectivity map is Ike
‘graph with all possible links between routers, maintained independently by each router and used for calculate the best
next hop to every destination (called shortest path tree). The collection of all these best hops is populated to the routing
table on each router.
OSPF and 1S-IS are examples of link-state routing protocols.
Open Shortest Path First (OSPF)
OSPF concept
Open Shortest Path First (OSPF) is an open standard routing protocol defined RFC 2328 and available almost on every
network router today. As other alternative is RIPv2 (Routing Information Protocol version 2), but It isn’t intended for large
network, so really, your option for large network can be OSPF, OSPF also Is one of most used protocols today because it
provides more advantage in comparison with RIPV2 such as:
» Provides large network to divide into areas
> Low bandwidth usage (optimized updates sending)
> Unlimited hop count
» Fast convergence
OSPF support also multiple, equal-cost routes to the same destination and support ECMP (Equal-Cost Multi-Path) load
balancing.
OSPF allow routers to dynamically learn routes from other routers and to advertise routes to other routers. As I mentioned
previously that OSPF is iink-state routing protocol therefore each OSPF router maintain own local routing topology map
(link-state database) that is updated via link-state advertisements (LSAs). Are many types of ink state advertisements.
that contain Iink-state and routing information,
OSPF areas and router types
OSPF uses areas to organize a network (http://www.inetdaemon.com/tutorials/networking/lan/index.shtmi) into a
hierarchical structure that allow to divide one the large network into more smaller called areas. Figure 6.2 shows a typical
OSPF simple design.
BGP
Backbone
routers Other
autonomous
Area system
border
router
Autenomos
system
boundary
router — autonomous
Autonomous system 111 system
233
Figure 6.3. Typical OSPF design
Autonomous system
‘An autonomous system Is a network or group of networks that are under a common administration and that have common
hitpihuli mieoiccom hi TestwkP_roting a2tte “TestlAP routing - MilroTICWK
routing policies. It basicaly means that all routers sharing the same routing information as in the same AS. External
routing protocols (EGP) are used to communicate between AS,
Area
OSPF allows a single autonomous system AS divided into smaller groups called areas. An area Is a set of routers that will
share routing information among themselves therefore all routers within an area have identical topological databases, An
area provides to reduce updates of OSPF protocol into single AS and also reduce the size of the topological database that
each router must maintain. Routers are used by OSPF to maintain routing information within an area by sending Link State
Advertisements (LSA) to other areas. Each area Is identified by 32-bit Area ID. There are several types of routing
information
> intra-area routes - routes generated from within an area (destination belongs to the area).
> inter-area routes - routes originated from other areas, also called Summary Routes.
» external routes - routes originated from other routing protocols and that are injected into OSPF by
redistribution
Backbone area
The backbone is the first (main) area you should always build in any network using OSPF and its area ID is always 0.0.0.0
All areas are connected directly to the OSPF backbone area that distributes routing information between others areas.
ickbone router
The routers that are part of the OSPF backbone, The backbone routers are connected only to others routers in the same
backbone, and is therefore not part of any other area (non-backbone area).
‘Area border router (ABR)
Routers that belong to more than one area are called area border routers or ABR. An ABR is used to connect non-
backbone areas to the backbone. They maintain a separate topological database for each area to which they are
connected. You can create virtual links between any two area border routers that have an interface to a common non-
backbone area. Virtual links are used for connecting the two non-backbone areas.
Autonomous system boundary router (ASBR)
Routers that exchange routing information with routers in other ASS are called autonomous system boundary routers. Any
router from one AS can be an AS boundary router. They advertise externaly learned rout:
OSPF operation
Link State Advertisments are flooded to all other routers in routing domain and each router generates Jink-state
database from received LSAs. The link-state protoco!'s flooding algorithm ensures that each router has identical link-state
database. Each router Is calculating routing table based on this link-state database, Looking at the Iink-state database
each routing domain router knows how many other routers are in the network, how many interfaces routers have, what
networks link between routers connects, cost of each link and so on. There are several steps before OSPF network
becomes fully functional:
> Neighbor discovery
» Database Synchronization
» Best routes calculation
Neighbor discovery
Routers that share the same network segment can become neighbors. There are several types of OSPF packets: Hello
packet, Database Description (DD) packet, Link state request packet, link State Update packet and Link State
Acknowledgment packet. Most of them are used link-state database synchronization except hello packet that is used for
dynamic neighbor discovery. Neighbors are discovered by periodically sending OSPF Hello packets out of configured
hitpihuli mieoticcom wii Testwk_routing mette “TestlAP routing - MilroTICWK
interfaces. Hello packets are sent periodically out of each interface using IP multicast address 224.0.0.5. By default Hello
packets are sent out with 10 second interval. This interval can be configured by hello interval command under RouterOS.
Router learns the existence of a neighboring router when it receives the neighbor's Hello in return.
Therefore there is important time interval how long router can wait for hello response from neighbor this called dead time
interval. If Hello packets are not received within Dead interval (which by default is 40s) router assume that link to neighbor
router is dead (DOWN). OSPF also requires that hello and dead time intervals must be the same between two neighbors.
OSPF protocol allows authentication process between OSPF neighbors before them can to become neighbors. MikroTik
RouterOS provices two authentication methods, simple and MOS:
‘Simple authentication is plain text authentication method. Method is vulnerable to passive attacks, anybody with packet
sniffer can easily get password, Method should be used only to protect OSPF from mis-configurations.,
(MDS is a cryptographic authentication and is more preferred, Authentication-key, key-id and OSPF packet content is used
to generate message digest that is added to the packet. Unlike the simple authentication method, key is not exchanged
over the network.
But keep in mind that routers can to become neighbors, only when they used the same authentication method and
password.
Two routers do not become neighbors unless the following conditions are met:
> Bidirectional communication is needed between two routers
> Interface on both routers are attached to the same area (equal area ID) with IP address from the same
subnet.
> If authentication option are used it must be the same on both routers
> Hello and Dead time interval should be the same
Database Synchronization
The routing database synchronization is next step after the neighbor discovery. There are two types of database
synchronizations:
> initial database synchronization
» reliable flooding,
Initial database synchronization will occur when neighbor discovery process is implemented for first time and OSPF
neighborship is established between routers. Unsynchronized databases may lead to calculation of incorrect routing table.
OSPF is using explicit database download when neighbor connections first come up. Instead of sending the entire
database, OSPF router sends only its LSA headers in a sequence of OSPF Database Description (DD) packets. Router will
send next DD packet only when previous packet is acknowledged. When entire sequence of DD packets has been
received, router knows which LSAs it does not have and which LSAs are more recent, The router then sends Link State
Request (L5R) packets requesting desired LSAs, and the neighbor responds by flooding LSAs in Link State Update (LSU)
packets. After all updates are received neighbors are sald to be fully adjacent.
Reliable flooding is another database synchronization method. It is used when adjacencies are already established and
OSPF router wants to inform other routers about LSA changes. Router that received the new LSA update install it in own,
link-state database and sends an acknowledgement packet back to sender, as soon as sends information about new
update out to all interfaces except the one that received the LSA in the first place.
Databases are not always synchronized between all OSPF neighbors, OSPF decides whether databases needs to be
synchronized depending on network segment, for example, on point-to-point links databases are always synchronized
between routers, but on Ethernet networks databases are synchronized between certain neighbor pairs.
(On broadcast segment there are n*(n-1)/2 neighbor relations, it will be huge amount of Link State Updates and
Acknowledgements sent aver the subnet if OSPF router will try to synchronize with each OSPF router on the subnet.
In order ta minimize the amount of OSPF undate information exchanae on the same subnet OSPF elects Desianated
hitpihali micoticcom whi TestwiP_roting watte “Testi routing MikroTIK WK
Router anc one Backup Designated Router for each broadcast subnet. BOR is as backup DR router in case when BDR
goes down. The purpose of this selection is pointed at a central point of contact for information exchange. Instead of each
router exchanging update with each other on the same subnet (segment) every router exchanges information with DR or
BOR,
DR and BDR election is formed via hello packets, Router with the highest priority becomes the DR, Ifthe all routers have
the same priority then router with highest IP address will become the DR. The router that have priority to set to 0 (zero),
can’t participate in the DR and BOR election process.
Best routes calculation
When router's database is synchronized it can calculate the best route to each destination. OSPF router is using Dijkstra's
Shortest Path First (SPF) algorithm to calculate shortest path. The algorithm places router at the root of a tree and
calculates shortest path to each destination based on the cumulative cost (link metric) required to reach the destination,
Each router calculates own SPF tree to reach all destination In the same area. This calculation process is based on
information that is in the link-state database (topology database). The link-state database contain information about all
available links among routers and associated cost (metric) of link which Is value form 1 - 65535 where 1 mean this best
link and 65535 that this link can't be used for traffic forwarding. All router interfaces in OSPF domain are given a cost. OSPF
selects the best routes (Shortest Path first - SPF) by finding the lowest cost paths to a destination, The full cost to
destination is the sum of the cost of the outgaing interfaces along the path. Example how to calculate best route (SPF) Is
given below:
192.1682.0
10 192.1682.0
21515150
215.15.15.0
Figure 6,5, Calculated SPF tree by Rt.
Figure 6.4, Network example with
router
given cost values
Example of network consists of four routers where cost values are assigned by each of outgoing interface of router. In this
case RI Is root router and calculate the smallest cost to each destination. For example, there is only one path to directly
connected network 192.168.1.0 with cost 0. The cost to 192.168.2.0 destination is sum of two cost (2+3)=5. As you can
see there also are two equal cost paths to 215.15.15.0 network, ane through R2 and R3 and other through R4, allowing
load balancing of the traffic to this destination called Equal Cost Multi-Path. When this calculation is done router can starts,
to build the routing table accordingly
The Cost in RouterOS is set to 10 on all interfaces by default. Value can be changed in ospf interface configuration menu
(http: //wiki mikrotk.comywik/OSPF-reference#Interface) , for example to add ether2 interface with cost of 20:
Each router can advertise a different cost for the router's own link direction, making it possible to have asymmetric inks
(packets to destination travels over one path, but response travels different path), Asymmetric paths are not
recommended, because it makes harder to find routing problems
OSPF multiple area design and operation
hitpihuli mieoticcom hi Testwk_routing atte “TestlAP routing - MilroTICWK
Large single area network can produce serious issues:
> Each router recalculates database every time whenever network topology change occurs, this takes CPU
resources (larger network require more CPU performance).
> Each router holds entire link-state database, which shows the topology of the entire network, it takes
memory resources.
> Updating large databases require more bandwidth.
To divide large OSPF area in smaller areas we achieve:
» Seve CPU resources
» Save router memory resources
» Save bandwidth usage between routers
OSPF use two type of area, backbone area that is also known as area 0 (area-id always is 0.0.0.0), and sub-areas which
are connected to backbone area. The communication between sub-areas occurs over backbone. Each router in the same
area is maintained own topology database and knows full information how all routers within area are interconnected but
doesn't knows detalled information about others topology of areas.
‘Area Border Router (ABR) leak one area’s summary addresses information into another by using Summary-LSA
advertisements.
Policy routing implementation example
Basically when you implement routing you have set of routes (static or ¢ynamic) that tell the router how to reach certain
destination. Policy routing does the sare task, but may be different routes for various types of traffic. All routes by default
are installed into main routing table which content can be displayed with following command:
[acmineuierotsk) /4p ronte> print
Tacinineuixroriky rien
In this case routing-mark denote appropriate routing table:
When we Implement the policy routing there can be used others routing tables that includes routes for speci traffic or
destination network. In this example, are explored the requirements for setting up policy routing and is given simple
implementation example.
Implementation of policy routing consists of 3 steps:
> The first step is to define the routes and which polices (routing table) will use those routes
> The second step to define the routing rules, which will define how the policies apply to certain traffic.
The thied is to define the actual policies. We'll look at each of these individually,
The network below is the one we will use for this example.
LAN
192.168.1.0/24
o2.a6e1.4 /28
1.1 /30
(
‘
f.4.2.2/30
hitpihuli mieoticcom hi Testwk_routing wiette “TestltP routing - MikroTICWK
XN, =
oe ons a 22 ise
PS
oa a681.1/
aaa.
Figure 6.8. Network example for policy routing
Task of this example is to create routing policy that route all traffic from LAN 192.168.1.0/24 over provider "ISP-A” and all traffic
from 192,168.2.0/24 via provider ISP-8.
Set up routing policy using ip route rule
Tassume that IP addresses already have set up on your router. We will add three “default” routes for each of routing
table. These are below
The first two routes will be used by our policies, one for routing table Table_A and one for Table_B. The third route will be
used by any traffic does not have @ policy defined and by traffic from the router itself (It refered to main routing table), to
define routing-mark=main ig not mandatory because itis by default,
Next, we need to define our routing rules (policy). There are several ways to accomplish this, and one of simplest way is.
given below.
The first two rules mean that traffic that comes from LAN 192.168.1.0/24 lookup for next hop IP address in routing table
Table_A and traffic from 192,168,2,0/24 using the routing table Table_8.
)) Notertt routes entries in spect routing table doesn say parte Wai router foks for next hop (gateway) in be
‘main routing table.
Policy basically means “which routing table use for this type of traffic”.
Set up routing policy using ip firewall mangle
Other way how to implement the same policy is by using such RouterOS feature as traffic marking. Packets marking in
RouterOS is available under /ip firewall mangle from command line interface. More information about them will be
later in chapter "Network Security” section "Packet Markin”.
‘The marking process marks incoming packets according to various conditions in this case condition will be source IP
address of packet. How to mark traffic from the LAN 192.168.1.0/24 with routing-mark Table_A and all traffic form
network 192.168.2.0/24 with routing-mark Table_A is given below
Here is example how it is implemented tt:
hitpihuli mieoticcomihiTestwki_routing anatte “TestlAP routing - MilroTICWK
Here Is example how to create routing policy by traffic type.
For example, we could Implement a policy lke the following
Route all HTTP, SMTP, POP3 and ONS traffic over to internet provider ISP-A and all other traffic over the ISP-B network.
This was a brief overview how to implement policy routing here was not complete description of all the possible
Implementations, but it will ive example to in implement it
SD
pdt mbcticcom hi TestwP_routing wna