Certified Routing Engineer

(MTCRE)
Yangon, Myanmar
Jun 2 - Jun 4, 2017
 MikroTik Certified Courses
Introduction
MTCNA
Course

MTCRE MTCWE MTCTCE MTCUME MTCIPv6E

MTCINE

For more info see: http://training.mikrotik.com

Sithu Aung 2
 Housekeeping

• Emergency exits

• Bathroom location

• Please set phone to 'silence' and take calls outside the

classroom

Sithu Aung 3
 Class Setup
12.0.0.0/24 56.0.0.0/24
R1 e2 e1 R2 R5 e2 e1 R6
e3 e3 e3 e3
13.0.0.0/24 24.0.0.0/24 57.0.0.0/24 68.0.0.0/24

e1 e2 e1 e2
e3 e3 e3 e3
R3 R4 R7 R8
34.0.0.0/24 78.0.0.0/24

90.0.0.0/24
R9 e2 e1 R10
e3 e3
135
91.0.0.0/24 102.0.0.0/24
e1 e2
e3 e3
R11 R12
112.0.0.0/24

Sithu Aung 4
 Class Setup

12.0.0.0/24 X = Router no.

R1 e2 e1 R2
e3 e3

13.0.0.0/24 24.0.0.0/24

e1 e2
e3 e3
R3 R4
34.0.0.0/24
192.168.X.1/24

192.168.X.2/24
Sithu Aung 5
 Simple Routing
Distance, Policy Routing, ECMP, Scope, Recursive Next-
Hop Resolving

Sithu Aung 6
 Routing Components

• RIB (Routing Information Base) / Routing Table

• FIB (Forwarding Information Base) / Forwarding Table

Sithu Aung 7
Routing Information Base (RIB)

• The Routing Information Base RIB is where all IP Routing

information is stored

• RIB (Routing Information Base) contains complete routing

information, including static routes and policy routing rules
configured by the user, routing information learned from
routing protocols, information about connected networks.

Sithu Aung 8
Routing Information Base (RIB)

Sithu Aung 9
Routing Information Base (RIB)

• Is used to filter routing information

• Calculate best route for each destination prefix

• Build and update Forwarding Information Base and

• To distribute routes between different routing protocols.

Sithu Aung 10
 Forwarding Information Base
(FIB)
• FIB contains information of prefixes related to the network interfaces
that could be used to forward packets.
• Routing tables are generally not used directly for packet forwarding in
modern router architectures
• RIB are used to generate the information for a smaller forwarding table.
• A forwarding table contains only the routes which are chosen by the
routing algorithm as preferred routes for packet forwarding.

Sithu Aung 11
Routing Table & Routing Cache

Routing Table:
Destination Next Hop Interface
192.168.0.0/24 1.1.1.1 eth1

After router have received packets to 192.168.0.10 and 192.168.0.20:

Routing Cache:
Destination Next Hop Interface
192.168.0.10 1.1.1.1 eth1
192.168.0.20 1.1.1.1 eth1

Sithu Aung
 FIB and Routing Cache

• FIB is used to make packet forwarding

decisions.

• FIB (Forwarding Information Base) contains

copy of information that is necessary for
packet forwarding:

• all active routes

• policy routing rules

• By default (when no routing-mark values are

used) all active routes are in the main table,
and there is only one hidden implicit rule
("catch all" rule) that uses the main table for
all destination lookups.

13
 Lookups at the routing table

Drop
Packet Packet

Miss

Miss Local Miss Remote

Cache Lookup Address Lookup Address Lookup

Hit
Hit Hit
Route/deliver
Packet

Sithu Aung 14
Connected Routes

Sithu Aung 15
 Static Routes

• Static routes can point either to the

next hop

• IP address or directly to the interface.

16
 Simple Static Route

• Only one gateway for a single

network
• More specific routes in the
routing table have higher
priority than less specific
• Route with destination
network 0.0.0.0/0 basically
means “everything else”

Sithu Aung 17
 Default Route

• A default route is a route with destination 0.0.0.0/0, that means all IPv4
address space (0.0.0.1–255.255.255.255). If a routing table contains at least
one default route active, then route lookup will never fail.

Sithu Aung 18
 Dynamic Routes

• RIP

• OSPF

• BGP

• MME

Sithu Aung 19
 Multiple Matches in a Routing
Table
In a routing table, if there is only one route toward each destination
address, routing lookups would be trivial. As soon a router finds a route
whose destination subnet includes the destination address, packet will
be forwarded.

However, it is very common to have multiple routes to the same

destinations in
different subnets, like the below one:
DST-ADDRESS GATEWAY
192.168.0.0/24 1.1.1.1
192.168.0.0/25 2.2.2.2

In this case a packet destined to e.g. 192.168.0.1 will find 2 possible

destinations, because it belongs to both subnets.
34

Sithu Aung 20
 Longest Prefix Match

When a packet has multiple matches, longest prefix match (more specific
networks) will be preferred.

E.g. Router has the following routing table:

DST-ADDRESS GATEWAY
192.168.0.0/24 1.1.1.1
192.168.0.0/25 2.2.2.2
192.168.0.0/26 3.3.3.3
0.0.0./0 4.4.4.4

35

Sithu Aung 21
 Routes Processing

• What happens if a router learns from different routing protocols,

more than one path to the same prefix and with the same match
length?

Sithu Aung 22
 Distance
• Distance refers to the reliability of the route. If
there is more than one destination to the same
network prefix, the less distance will be chosen.

• Default RouterOS values are:

• Connected routes: 0

• Static routes: 1

• eBGP: 20

• OSPF: 110

• RIP: 120

• MME:130

• iBGP:200

23
 “Distance” Option

• To prioritize one route over another, if they both point to the same
network, using “distance” option.
• When forwarding a packet, the router will use the route with the
lowest distance and reachable gateway

Sithu Aung 24
 Route Distance Lab

• Create 2 separate routes for each participants local network:

• One route clockwise with Distance=1
• One route anticlockwise with Distance=2
• Check the redundancy by disabling clockwise gateway IP addresses
• Use traceroute to examine the setup

Sithu Aung 25
Configuration Examples

Sithu Aung 26
Configuration Example

Sithu Aung 27
 Questions

• Is it possible to manually create routes that will ensure

• load balancing
• failover
• best path
• Is it possible to create routes in this situation?
• Lets take a look!

Sithu Aung 28
 ECMP Routes

• ECMP (Equal Cost Multi Path)

routes have more than one
gateway to the same remote
network
• Gateways will be used in
Round Robin per SRC/DST
address combination
• Same gateway can be written
several times!!

Sithu Aung 29
 “Check-gateway” Option
• You can set router to check gateway reachability using ICMP (ping)
or ARP protocols
• If gateway is unreachable in a simple route – the route will become
inactive
• If one gateway is unreachable in an ECMP route, only the reachable
gateways will be used in the Round Robin algorithm
• If Check-gateway option is enabled on one route it will affect all
routes with that gateway.

Sithu Aung 30
 Observed Behaviour

• Traffic has no problems to pass clockwise

• In the case of “check-gateway” failure only affected router will pass
traffic anticlockwise – every other router will continue to send it
clockwise
• Solution:
• If traffic starts to go anticlockwise, it should be routed
anticlockwise until it reaches destination

Sithu Aung 31
 Routing Mark

• To assign specific traffic to the route – traffic must be identified by

routing mark
• Routing marks can be assigned by IP firewall mangle facility only in
chains prerouting and output
• Packets with the routing mark will be ignored by main routing
table, if there is at least one route for that routing mark (if none
main routing table will be used)
• Each packet can have only one routing mark

Sithu Aung 32
 Routing Policy Lab

• Mark all traffic that passes the router (chain prerouting) in

anticlockwise direction
• Create a route for marked traffic (use routing-mark option) and
send it in anticlockwise direction
• Check the redundancy by disabling clockwise gateway IP addresses
• Use traceroute to examine the setup

Sithu Aung 33
Mark Routing Rule Example

Sithu Aung 34
Configuration Example

Sithu Aung 35
 Time To Live (TTL)

• TTL is a limit of Layer3 devices that IP packet can experience

before it should be discarded
• TTL default value is 64 and each router reduce value by one just
before forwarding decision
• TTL can be adjusted in IP firewall mange facility
• Router will not pass traffic to the next device if it receives IP
packet with TTL=1
• Useful application: eliminate possibility for clients to create
masqueraded networks

Sithu Aung 36
Changing TTL

Sithu Aung 37
 Scope and Target-Scope

• A router can have several routes in the main table. It is necessary

to restrict the set of routes that can be used to the lookup
process.
• For instance, next-hop values for static routes, are supposed to be
directly reachable and should be looked up only using connected
routes.
• To limit the scope where a router should look up, a route has the
properties scope and target-scope
• Routes with scope greater than the maximum acceptable (target-
scope) will not be used for next-hop lookup.
• Scope and target-scope can be administratively manipulated.

Sithu Aung 38
 Scope/Target-Scope

• Route's scope contains all routes that “scope” value is less or equal
to its “target-scope” value
• Example:
• 0 ADC dst-address=1.1.1.0/24 pref-src=1.1.1.1 interface=ether1
scope=10 target-scope=0
• 1 A S dst-address=2.2.2.0/24 gateway=1.1.1.254 interface=ether1
scope=30 target-scope=10
• 2 A S dst-address=3.3.3.0/24 gateway=2.2.2.254 interface=ether1
scope=30 target-scope=30

Sithu Aung 39
Scope/Target-Scope

Sithu Aung 40
 Scope and Target-Scope
Example

R1 R1 R2

A router has an IP address 1.1.1.1/24 configured in one of its interface and thus, it
has a connected route 1.1.1.0/24 pointing to that interface.

One route to network 2.2.2.0/24 pointing to, e.g. 1.1.1.2 will be installed normally but
another to 3.3.3.0/24 pointing to 2.2.2.2 will become inactive

Sithu Aung 41
 Scope and Target-Scope
Example

R1 R1 R2

Changing Target scope to a value >= 30 will turn the route active (will be installed on
FIB). The route will appear as recursive.

62

Sithu Aung 42
 Recursive Next-hop Resolving

• It is possible to specify gateway to network even if gateway is not

directly reachable – by using recursive next-hop resolving from any
existing route
• Useful for setups where middle section between your router and
the gateway is not constant (iBGP for example)
• One route must be in scope of other route for recursive next-hop
resolving to work

Sithu Aung 43
 Other Options

• “Type” option allows to create dead-end (blackhole/prohibit/unreachable)routes to

block some networks to be routed further in the network
• Blackhole: Silently discard packet forwarded by this route.

• Prohibit: Discard packet forwarded by this route. Notify sender with ICMP
communication administratively prohibited (type 3 code 13) message.

• Unreachable: Discard packet forwarded by this route. Notify sender with ICMP
host unreachable (type 3 code 1) message.

• “Preferred Source” option points preferred router source address for locally
originated packets

Sithu Aung 44
 Distance

Distance Scope Target-Scope

Connected Routes 0 10*
Static Routes 1 30
eBGP 20 40
OSPF 110 20 10
RIP 120 20 10
MME 130 20 10
iBGP 200 40 30

Sithu Aung 45
Open Shortest Path First
(OSPF)
• Areas, Costs,Virtual links,
Route Redistribution and Aggregation

Sithu Aung 46
Introduction
 OSPF Protocol

• Open Shortest Path First protocol uses a link-state and Dijkstra

algorithm to build and calculate the shortest path to all known
destination networks
• OSPF routers use IP protocol 89 for communication with each
other
• OSPF distributes routing information between the routers
belonging to a single autonomous system (AS)
\

Sithu Aung 48
 Autonomous System (AS)

• An autonomous system is a collection of IP networks and routers

under the control of one entity (OSPF, iBGP ,RIP) that presents a
common routing policy to rest of the network
• AS is identified by 16 bit number (0 - 65535)
• Range from 1 to 64511 for use in the Internet
• Range from 64512 to 65535 for private use

Sithu Aung 49
 How OSPF Works
How OSPF Works

Hello Packets discover

neighbors nodes and form Alink state database
Dijkstra algorithm runs
relationships between them. (LSDB) is constructed

Flood LSAmessages

OSPF tree for each node is built FIB is formed

72

Sithu Aung 50
 How OSPF Works

• OSPF works maintaining 3 separate tables:

• Neighbor table: Contains a list of recognized neighbors. Also
called adjacency database
• Topology table: Contains all routers and their attached links.
Referred as LSBD
• Routing table: Contains the list of best paths to destinations.
This is the FIB

Sithu Aung 51
OSPF Area
 OSPF Area

• In large networks the number of potential paths to each

destination can be very large.
• Paths calculations can be complex and time consuming.
• OSPF allows collections of routers to be grouped together in
groups called Areas to minimise the number of LSA’s that food
through the areas.

Sithu Aung 53
 OSPF Area

• By dividing a Network in areas leads to:

• Minimise routing table entries
• Restrict the impact of topology changes to the area
• Detailed LSA flooding stops at the area boundary
• Hierarchical planning of the network is important to divide it
into areas.
• There is no “magic number” for maximum routers inside an
area( Mikrotik suggests <80)

Sithu Aung 54
 OSPF Areas

• OSPF allows collections of routers to be grouped together

• The structure of an area is invisible from the outside of the area.
• Each area runs a separate copy of the basic link-state routing
algorithm
• OSPF areas are identified by 32-bit (4-byte) number (0.0.0.0 –
255.255.255.255)
• Area ID must be unique within the AS
• Backbone Area is contiguous
• All others areas must connect to the backbone

Sithu Aung 55
 OSPF Area

Area 2 Area 3

Area 0
Backbone Area

Area 1
Area 4

Sithu Aung 56
 Backbone Area

• The backbone area (area-id=0.0.0.0) forms the core of an OSPF

network
• The backbone is responsible for distributing routing information
between non-backbone areas
• Each non-backbone area must be connected to the backbone area
(directly or using virtual links)

Sithu Aung 57
OSPF Areas

Sithu Aung 58
Router Types
 Router Classification

Area Area

ABR/
Area

ASB
To another

• Internal Router (IR) router connected to

only one area

• Area Border Router (ABR) A router

that is connected to more than one
area

• Autonomous System Border Router (ASBR) A router that is

connected to more than one AS

Sithu Aung 60
 OSPF Route Types

Area 2 Area 0 Area 3

ABR

Intra-Area Route
ASBR – All routes within an area
To Another AS Inter-Area Route
– Routes announced from area to
another by an ABR

External Route
– Routes imported into OSPF
from another protocol or Static
routes

61
 Inter-Area Route
Summarization
• Prefix or all subnets
• Prefix or all networks
• ‘Area range’ command
R2

FDDI Backbone
Dual Ring Area 0

With Network Next Hop

Summarization R1 (ABR)
1 R1
Area 1
Without Network Next Hop
Summarization 1.A R1
1.A 1.B 1.C
1.B R1
1.C R1

Sithu Aung 62
 External Routes

• Redistributed into OSPF

• Flooded without changes throughout the AS
• OSPF supports two type of external metrics
– Type 1
– Type 2 (Default)

RIP
IGRP
EIGRP
OSPF BGP
etc.
Redistribute

Sithu Aung 63
 Router Types

• Autonomous System Border Router (ASBR) - a router that is

connected to more than one AS.
• An ASBR is used to distribute routes received from other ASes
throughout its own AS
• Area Border Router (ABR) - a router that is to more than one
OSPF area.
• An ABR keeps multiple copies of the link-state database in
memory, one for each area
• Internal Router (IR) – a router that is connected only to one area

Sithu Aung 64
Network Adjacencies
 Establishing Network
Adjacencies

• OSPF routers exchange hello packets using multicast address to

discover neighbouring nodes and form adjacencies.
• Routers check specific parameters and after the exchange is
complete, the neighbor is considered up.
• After adjacency is established, routers exchange LSA’s to
synchronize their LSDB and after this synchronization OSPF
considers the routers in full adjacent state.

Sithu Aung 66
 Neighbourhood Adjacencies

• The fact that routers are neighbors does not guarantee an

exchange of link-state updates. To do it they must form adjacencies
to exchange link-state updates.
• Adjacency is formed by routers that are willing to exchange routing
information. Routers reach a FULLstate of adjacency when they
have synchronized their LSDB.
• Once a router decides to form an adjacency with a neighbor, it
starts by exchanging a full copy of its LSDB and vice-versa.After
passing through several neighbor states, the routers become fully
adjacent.

Sithu Aung 67
 Establishing Network
Adjacencies
• On point-to-point links, neighbors become fully adjacent.

• On Broadcast media (e.g. Ethernet links), there is an election of DR

(Designated Router) and a BDR (Backup Designated Router) and
other routers form adjacencies only between DR and BDR

Sithu Aung 68
 Finding the Best Paths

• Each router inside an area has the same LSDB.

• Each router “sees” the network by its own point of view, placing
itself as the root of the tree that will be built.
• Dijkstra algorithm runs for each router, calculating the best path
with respect to lowest total cost of the links to a specific
destination.
• Best routes are put in the forwarding database (routing table or
FIB)

Sithu Aung 69
 Finding the Best Paths

• Link-state Database (LSDB)

• Each router inside the one area has a copy of this database will
all possible paths
• Forwarding Database
• Router X knows all the best paths to reach to each router inside
the area
• Assuming that all links have the same cost

Sithu Aung 70
 OSPF Packets

• OSPF doesn’t use TCP or UDP as transport protocol.All five OSPF

packets are encapsulated directly into IP payload.
• To ensure reliability of the communication OSPF has its own
scheme – using an acknowledgment packet (type 5 - LSAck)

Link Header IP Header OSPF Packet Link Trailer

Protocol ID 89 (OSPF)

Sithu Aung 71
OSPF Packet Types and Format

Sithu Aung 72
 OSPF Packet Types and Format

0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Version(1byte) Type(1byte) PacketLength(2bytes)
RouterID(4bytes)
AreaID(4bytes)
Checksum(2bytes) AuthenticationType(2bytes)
Authentication(4bytes)
Authentication(4bytes)

Sithu Aung 73
 Establishing Adjacencies Hello
Protocol
On Broadcast networks each interface
engaged in OSPF uses IP multicast
address 224.0.0.5 to send hello packets
periodically.

This allows neighbors to be discovered

dynamically. These Hello Packets contain
the router's view of the Designated
Router's identity, and the list of routers
whose Hello Packets have been seen
recently.

74
 Establishing Communication and
Exchanging LSDB’s
Down State
192.168.1.1/24 192.168.1.2/24 R2
R1
eth2 eth3

Init State
I am router 192.168.1.1 and I see no one Hello
to 224.0.0.5

2-way state
Hello to I am router 192.168.1.2 and I see 192.168.1.1
192.168.1.1

R1 has R2 as neighbor at eth2 and R2 has R1 at eth3

Sithu Aung 75
 Establishing Communication and
Exchanging LSDB’s
Exstart State
I will start exchange. My router ID is 192.168.1.1 DBD to
R1 192.168.1.2

Sorry, my router ID is 192.168.1.2 and I will start

192. 168.1.1 R2

Exchange State
DBD to Here is a summary of my LSDB R2
192. 168.1.1

Here is a summary of my LSDB DBD to

R1
192.168.1.2
90
Sithu Aung 76
 Adding Link State entries

LSAck to Thank you for the information ! LSAck to R2

192. 168.1.1 192. 168.1.2

Loading State
I request information about network 192.168.1.0/24 LSR to
192.168.1.2

LSU to Here is the entry for network 192.168.1.0/24

R2
192. 168.1.1

Thank you for the information !

LSAck to
192.168.1.2
Full State
Sithu Aung 91 77
What Happens when network
changes

à R1 detects a link failure and sends to

DR multicast address 224.0.0.6 notifying all DR
LSU and BDR
à DR acknowledges and flood the LSU to
LSU LSU
others using multicast address 224.0.0.5.
BDR
àAll routers acknowledges to the DR

à Routers updated their LSDB, Dijkstra

algorithm runs again to calculate the SPF.

92
Sithu Aung 78
 Link State Sequence Numbers

• The sequence number field is a signed 32-bit integer, used to detect

old and duplicate LSAs.
• The space of sequence numbers is linearly ordered.
• The larger the sequence number (when compared as signed 32-bit
integers) the more recent the LSA.
• OSPF floods LSA’s every 30 minutes to maintain database
synchronization.
• Each time LSAis flooded, sequence number is incremented by one.

Sithu Aung 79
 Loopback Interfaces

• In dynamic routing it is very common to use loopback interfaces

• Loopback Interfaces eliminate the dependency of physical
Interfaces. If an interface goes down, the loopback remains up.
• If the loopback interface on a router is down, that means that the
router is unavailable as a whole.
• There are some ways to configure a loopback interface on Mikrotik
RouterOS.
• The more simple is to create a bridge without any port associated.
• /interface bridge add name=loopback

Sithu Aung 80
 OSPF - Router ID

• Router ID is a 32 bit number with

the same format of an IP address
(0.0.0.1 to 255.255.255.255)
• It is only an identifier with no
relationship with IP address
• If left 0.0.0.0, RouterOS will assume
as Router ID the smallest IP
address of one of the router’s
interface

81
Network Type
 Network Types in OSPF

• Broadcast Networks
• A multi access broadcast network, like Ethernet
• Non-broadcast Multi Access or NBMA
• Networks supporting many (more than two) routers, but having no
broadcast capability.
• Point-to-Point
• A network that joins a single pair of routers
• Point-to-Multipoint
• Special type of NBMA, consisted of collection of point-to-point links

Sithu Aung 83
Broadcast Multi-access Network

• DR and BDR election is required

• Neighbors form full adjacency with
DR and BDR
• Packets to DR and BDR use
multicast address 224.0.0.6
• Packets from DR to “DRothers”
use multicast address 224.0.0.5
• Suitable for Ethernet and other
multicast capable link layers.

84
 Designated Routers

• To reduce OSPF traffic in NBMA and broadcast networks, a single

source for routing updates was introduced - Designated Router
(DR)
• DR maintains a complete topology table of the network and sends
the updates to the others
• Router with the highest priority (previous slide) will be elected as
DR
• Router with next priority will be elected as Backup DR (BDR)
• Router with priority 0 will never be DR or BDR

Sithu Aung 85
 OSPF Adjacencies for BMA
Networks
• 3 types of routers as show:
• DR
• BDR
• DROther

• A DROther router belongs to the same network as a DR and BDR

other, but don’t represent the network via LSA’s. DROther routers
form only 2 adjacencies on a BMA network, with the DR and BDR

Sithu Aung 86
 BR & BDR Election Process

• In BMA, each OSPF interface has a configurable Router Priority.

• The default 1.

• If you don’t want a router to take part in the election process, set
the priority to 0.

Sithu Aung 87
 BR & BDR Election Process

• If a DR and BDR already exist on a network, any new comers will

accept them regardless of their own Router ID/Priority.

• The first router on the network becomes the DR. The next will
become with BDR. Other routers will accept these 2 routes as DR
and BDR, and form adjacencies with them.

• OSPF doesn’t allow pre-empting of a DR when a new comer has a

better Router ID/Priority. This allows for better network stability
since a router with a higher priority, oscillating from up to down,
will not affect the router already selected as the DR

Sithu Aung 88
 Non Broadcast Multi-Access
(NMBA)
• Neighbors must be manually
configured
• It is necessary to have a DR and
BDR
Frame
• DR and BDR must have full physical Relay
connectivity with all other routers
• Protocol packets are sent to each
neighbors unicast address.
• Requires manual configuration of
neighbors

89
 NBMA Neighbors

• For non-broadcast networks it

is necessary to specify
neighbors manually
• The priority determines the
neighbor chance to be elected
as a Designated router

Sithu Aung 90
 Point-to-Point Interfaces

• Neither DR nor BDR election

• OSPF Packets are sent using the
multicast address 224.0.0.5
• Suitable for networks that consists
only of two nodes.

91
 Point-to-multipoint (PTMP)

• Easier configuration compared to

NBMA because it requires no
manual configuration of neighbour
• Does not elect neither DR nor
BDR
• PTMP is the most robust network
type and suitable for wireless
networks

92
Network Types

Sithu Aung 93
LSA Type
 Different Types of LSAs

• Type 1 : Router LSA

• Type 2 : Network LSA
• Type 3 : Summary LSA
• Type 4 : Summary ASBR LSA
• Type 5 : Autonomous system external LSA
• Type 6 : Group Membership LSA ( Multicast OSPF LSA) ( not in
MikroTik)
• Type 7 : Not-so-stubby area LSA
• Type 8 : External attribute LSA for BGP

Sithu Aung 95
Router LSA(Type 1)

Area 0 Area 1

Area 2

Sithu Aung 96
 Router LSA(Type 1)

• Has information on all router links in the area, including the status
and cost for each link.
• All the router’s links in an area must be described in a single LSA
• Flooded throughout the particular area and not beyond
• Router indicates whether it is an ASBR, ABR, or the end point of a
virtual link
• Does not cross the ABR or ASBR.
• Sent by router to all other routers in an area

Sithu Aung 97
Network LSA(Type 2)

Area 0 Area 1
DR

DR

Area 2
DR

Sithu Aung 98
 Network LSA (Type 2)
• Generated for every transit broadcast or NBMA network
• Describes all the routers attached to the network
• Only the DR originates this type of LSA
• Flooded throughout the area and not beyond
• Generated by the DR
• DR uses this to send information about the state of other
routers that are part of the network.
• Only sent to routers in the area containing the specific network.

Sithu Aung 99
Summary LSA(Type 3)

Area 0 Area 1
Type 3
Type 3

Area 2
Type 3
Type 3

Sithu Aung 100

 Summary LSA(Type 4)

Area 0 Area 1
Type 4
ABR

ASBR
Area 2
Type 4
ABR

Sithu Aung 101

Summary LSA (Type 3 or Type 4)

• Describes a destination outside the area but still within the AS

• Flooded throughout a single area
• Originated by an ABR
• Only intra-area routes are advertised into the backbone (Area 0)
• Type 4 is the information about the ASBR
• Type 3 and 4 LSA’s
• advertise intra-area routes to Area 0.
• Advertise both intra and inter-area routes to non-backbone
areas.
• They only differ between Type 3 and 4:
• Type 3 advertises networks outside an area, into an area.
• Type 4 advertises information about ASBR’s into an area.

Sithu Aung 102

 External LSA(Type 5)

Area 0 Area 1
Type 5
External AS ABR

Type 5
ASBR
Area 2
Type 5
ABR

Sithu Aung 103

 External LSA (Type 5)

• Defines routes to destinations outside the AS

• Default route is also sent as external
• Two Types of external LSA:
• E1: Considers the total cost of to the external destination
• E2: Considers only the cost of the outgoing interface to the
external destination
• Sent by ASBR’s.
• Advertises routes external to the OSPF AS, or the default route to the OSPF
AS is reachable through them.

Sithu Aung 104

 External LSA(Type 7)

Area 0 Area 1
Type 7
Type 5
ABR

ASBR
Area 2

ABR

Sithu Aung 105

 Type 7 LSA

• Type 7 LSA
• Called NSSA (Not-So-Stubby-Area) external LSA.
• Help overcome limitations of an ASBR not being able to belong
to a stub area.
• Only generated by an ASBR in a NSSA.
• The LSA propagates across the area to the ASBR.
• When it gets to the ABR, the ABR converts the Type 7 LSA to a
Type 5 LSA and propagates it to the backbone.
• Advertises routes external to the OSPF AS.

Sithu Aung 106

 LSA

LSA Type 2

LSA Type 1

LSA Type 3

Sithu Aung 107

 OSPF LSA Types

• Not-So-Stubby-Area (NSSA)
• Don’t propagate Type 5 LSA. So an ASBR can’t be a part of a
stub area.
• Sometimes, though, there is limited need to import external
routes into an area, which is where the NSSA’s that allow an
ASBR to take part in an area, are useful.
• Rather than have the ASBR send out a Type 5 LSA, it will send
out a Type 7 NSSA External LSA.
• Type 7 LSA can’t be advertised into another OSPF area. So, the
ABR in the NSSA gets the Type 7 LSA and translates it into a
Type 5 LSA.
• The Type 5 LSA is then allowed to flood the OSPF AS.

Sithu Aung 108

Routing Table Manipulations
Need to add
 Interface Cost

• All interfaces have default cost of 10

• To override default setting you should add new entry in interface
menu

• Choose correct network type for the interface

Sithu Aung 110

 Routes Summarisation
àMinimizes number of entries in
the routing table

à Minimizes LSA’s type 3 and 5

à Saves CPU and memory

resources

111
 Route Cost
àCosts are computed per interface (egress interface)
à Route fromAto B has 2 ways, One with total cost = 30 and
other total cost = 20

112
 Routes Redistribution
à Routes that are not part of
OSPF domain can be
redistributed inside OSPF

à Such routes will be

considered as externalAS
and LSAtype 5 will be used

113
 Routes Redistribution
Dynamic, connected and static routes that are
not part of OSPF domain can be redistributed.

àAs-type-1 computes sum of external and

internal metrics.

àAs-type-2 computes only external metrics.

à Routes redistributed will appear as external-as

routes.

114
 What to Redistribute?

• Default route is not considered as static route

1
2
3
} 5
4 {

Sithu Aung 115

 External Type 1 Metrics

Cost=10

Cost=10
Cost=10
Cost=10
Total Cost=40

Source

Total Cost=49 Cost=10

Cost=10

Destination
Cost=9

ASBR

Sithu Aung 116

 External Type 2 Metrics

Cost
trivial

Cost=10 Cost
Cost trivial
trivial
Total Cost=10

Source
Cost
Total Cost=9 trivial
Cost
trivial
Destination
Cost=9

ASBR

Sithu Aung 117

 Redistribution Settings

• if-installed - send the default route only if it has been installed

(static, DHCP, PPP, etc.)
• always - always send the default route
• as-type-1 – remote routing decision to this network will be made
based on the sum of the external and internal metrics
• as-type-2 – remote routing decision to this network will be made
based only on external metrics (internal metrics will become
trivial)

Sithu Aung 118

 OSPF Metrics

• OSPF uses a metric called “Cost” (E)IGRP = Composite, RIP = Hop

Count e.t.c.

• Cost is associated with each outgoing interface along an SPF Tree.

• The cost of the whole path = the sum of the costs of the outgoing
interfaces along that path.

Sithu Aung 119

 OSPF Metric Cost

• Default OSPF costs:

• 10Mbps (Ethernet) = 10
• 100Mbps (Fast Ethernet) = 1
• 1000Mbps (Gigabit Ethernet) = 1
• T-1 (Serial Interface, 1.544Mbps) = 64
• 56Kbps (Serial Interface, 1.544Mbps default bandwidth) = 64
• HSSI (45Mbps) = 2

• Cost = 10^8/interface bandwidth in bps

• Integer value [1..65535]

Sithu Aung 120

OSPF Area Type
Need to change diagram
 Stub Area

• Stub areas do not accept

information of external routes (LSA
type 5)

• Routers within an Stub area need

default routes to access
externalAS’s

• Stub areas do accept information

from other areas

• In the picture, 1.1.10/24 is an

external network and 2.2.2.0/24 is
an internal one.

122
 Totally Stub Area

• Totally Stub areas do neither

accept information of external
routes (LSAtype 5), nor summary
routes from other areas.
• Routers within a Totally Stub area
need default routes to access
externalAS’s
• Stub and Totally Stub areas do not
accept ASBR inside,except ABR
that can be an ASBR.

123
 Stub and Totally Stub Area

• One area can be Stub or Totally StubArea if::

• All routers in the area must be configured as STUB;
• There is noASBR inside the area;
• Area is not the backbone area;
• There is no virtual link in the area.

Sithu Aung 124

 Stub and Totally Stub Areas

• StubArea
• Do not accept external LSA’s
• Accept summary

• Totally Stub Area

• Do not accept external LSA’s
• Do not accept summary

125
 NSSA Areas

• ASBR’s are allowed in NSSAareas.

• ASBR generates special type 7
LSA’s
• ABR can convert LSAtype 7 to
LSAtype 5 when LSAcrosses the
boundary

126
 NSSA Areas

• ABR can be configured as

translator(LSA7 to LSA5) with the
following roles:
• translate never: LSA’s will not
betranslated and will not cross
theboundary
• translate always: LSA’s will be
converted to type 5
• translate candidate: OSPF will
elect aABR to translate the
LSA’s

127
 NSSA and Stub Areas

• The options
• Inject summary LSA’s can be
checked for Stub and NSSAareas.
• In this case LSAsummaries (LSA’s
3 and 4) will not crossABR’s.

• Default cost also are applicable

only for NSSA and Stub areas.
• Defines the cost for the default
route originated by thisABR stub
or NSSAarea

128
 1
ABR

ABR 2

ABR 3 ASBR 100

4 ASBR 100
ABR

5 ASBR 100
ABR

ASBR
500
Sithu Aung 129
 Stub
1,2,3+Default
(4,5)
ABR

Totally Stub

ABR 1,2,Default (3,4,5)

NSSA

ABR 1,2,3,7 (4,5) ASBR 100

1,2,3,7,Default (4,5) ASBR 100

ABR

1,2,7+Default
(3,4,5) ASBR 100
ABR

ASBR
500
Sithu Aung 130
Security
 Authentication

• Authentication can be:

• Simple: clear text password

• MD5: uses a MD5 hash and

messages will be encrypted.
Authentication Key ID will be
used to calculated message digest
and must be the same in all
routers

132
 Passive interface

• Passive option allow you to disable

OSPF “Hello” protocol on client
interfaces

• When an interface is in passive

mode, router will prevent all OSPF
traffic through that interface.

• Very useful in border interfaces

specially if there are customers
connected to.

133
Virtual Link
 Virtual Links
Virtual Link
Area 0 Area 1 Area 2

Backbone Area Transit Area Area

• OSPF protocol establishes that all areas should be connected to

the backbone area. This connection usually is made by an ABR that
physically connects both areas. That means all areas are contiguous
to the backbone area
• With virtual links it is possible to logically connect a not
contiguous area to the backbone area.
135
 Virtual Links
Virtual Link
Area 0 Area 1 Area 2

R1 R2 R3 R4

Backbone Area Transit Area Area

• Transit Area should be connected to the backbone

• Configuration parameters are neighbor ID and transit area
• Areas Stub or NSSA are not allowed as transit areas

136
 SHAM Links
SHAM Link

• In the above scenario, the path over the backdoor link will always
be selected because OSPF prefers intra-area paths over inter-area
paths
• OSPF cost configured with a SHAM link allows you to decide if
OSPF client site traffic will be routed over a backdoor link or
through the VPN backbone.

137
 OSPF Virtual Links

• When running multi-area OSPF networks, all areas should be

connected to Area 0 (backbone area). But sometimes, one area may
need to cross one or more other areas to get to Area 0.

• This gives rise to virtual links

Sithu Aung 138

 Virtual Links

• Used to connect remote areas

to the backbone area through
a non-backbone area
• Also Used to connect two
parts of a partitioned
backbone area through a non-
backbone area

Sithu Aung 139

 OSPF Interface Lab

• Choose correct network type for all OSPF interfaces

• Assign costs (next slide) to ensure one way traffic in the area
• Check your routing table for ECMP routes
• Assign necessary costs so backup link will be used only when some
other link fails
• Check OSPF network redundancy!
• Ensure ABR to be DR your area, but not in backbone area

Sithu Aung 140

 Area Ranges

• Address ranges are used to

aggregate (replace) network
routes from within the area
into one single route or delete
them
• It is possible to assign specific
cost to aggregate route

Sithu Aung 141

 Route Aggregation Lab

• Advertise only one 192.168.Z.0/24 route instead of four /26

(192.168.Z.0/26, 192.168.Z.64/26, 192.168.Z.128/26, 192.168.Z.
192/26) into the backbone
• Stop advertising backup network to the backbone
• Check the Main AP's routing table

Sithu Aung 142

 OSPF Routing Filters

• The routing filters may be applied to incoming and outgoing OSPF

routing update messages
• Chain “ospf-in” for all incoming routing update messages
• Chain “ospf-out” for all outgoing routing update messages
• Routing filters can manage only external OSPF routes (routes for
the networks that are not assigned to any OSPF area)

Sithu Aung 143

Routing Filters

Sithu Aung 144

Routing filters Rule

Sithu Aung 145

VLAN
 Virtual LAN (802.1Q)

• Virtual LAN (VLAN) allows network devices to be grouped into

independent subgroups even if they are located on the same LAN
segment
• For routers to communicate the VLAN ID must be the same for
VLAN interfaces
• Ports on the router supports multiple (up to 250) Virtual LANs on
a single ethernet interface
• VLAN can be configurated over other VLAN interface - “Q-in-
Q” (from 802.1Q)

Sithu Aung 147

 VLAN Example

2.2.2.0/24 1.1.1.0/24

Any Ethernet
Network
vlan1: 1.1.1.1/24
vlan2: 2.2.2.1/24
vlan3: 3.3.3.1/24

3.3.3.0/24

Sithu Aung 148

Creating VLAN Interface

Sithu Aung 149

 VLAN on Switch

• VLAN-compliant switch ports can be assigned to one or several

groups based on VLAN tag
• Switch port in each group can be set to
• Tagged mode – allows to add group's VLAN tag on transmit and
allows to receive frames with this tag
• Untagged mode – allows to remove this group VLAN tag on
transmit, and allows to receive only untagged packets
• <Undefined> – port have no relation to this group
• Trunk port - tagged port for several VLAN groups

Sithu Aung 150

 VLAN Lab

• Restore default backup

• Create the group of 4
• Connect together using wireless - one AP, 3 clients
• Create VLAN link to each participant
• Assign /30 networks to VLAN links and check them

Sithu Aung 151

Tunnel
 IPIP

• IP protocol 4/IPIP allows to create tunnel by encapsulating IP

packets in IP packets and sending over to another router
• IPIP is Layer-3 tunnel – it can not be bridged
• RouterOS implements IPIP tunnels according to RFC 2003 – it
should be compatible with other vendor IPIP implementations
• To create a tunnel you must specify address of the local and
remote router on both sides of the tunnel

Sithu Aung 153

Creating IPIP Interface

Sithu Aung 154

 IPIP Lab

• Replace all VLANs (from previous lab) with IPIP tunnels

• Check that you are able to ping remote address before creating a
tunnel to it
• Assign /30 IP addresses (from previous lab) to IPIP interfaces and
check all tunnels

Sithu Aung 155

 /30 Addressing

P2P_int2: 2.2.2.2/30
P2P_int3: 3.3.3.2/30

Any IP network
(LAN, WAN, Internet)
Tunnel1: 1.1.1.1/30
Tunnel2: 2.2.2.1/30
P2P_int1: 1.1.1.2/30 Tunnel3: 3.3.3.1/30

Sithu Aung 156

 Point-to-point Addressing

• Point-to-point addressing utilizes only two IPs per link while /30
utilizes four IPs
• There is no broadcast address, but network address must be set
manually to the opposite IP address. Example:
• Router1: address=1.1.1.1/32, network=2.2.2.2
• Router2: address=2.2.2.2/32, network=1.1.1.1
• There can be identical /32 addresses on the router – each address
will have different connected route

Sithu Aung 157

Point-to-point Addressing

P2P_int2: 3.3.3.3/32 P2P_int3: 4.4.4.4/32

Network: 1.1.1.1 Network: 1.1.1.1

Any IP network P2P_int1: 1.1.1.1/32

(LAN, WAN, Internet) Network: 2.2.2.2
P2P_int2: 1.1.1.1/32
Network: 3.3.3.3
P2P_int3: 1.1.1.1/32
Network: 4.4.4.4

Network: 1.1.1.1
P2P_int1: 2.2.2.2/32

Sithu Aung 158

 Addressing Lab

• Replace all /30 addresses on IPIP interfaces (from previous lab)

with /32 point-to-point addresses.
• Ensure that every other participant will be able to ping you by IP
address XY.XY.XY.XY via all IPIP tunnels
• Analyse how much IP addresses were utilized on IPIP tunnels for
whole group setup!

Sithu Aung 159

Ethernet Over IP (EOIP) Tunnel

• IP protocol 47/GRE allows to create tunnel by encapsulating

Ethernet frames in IP packets and sending over to another router
• MikroTik proprietary protocol
• EOIP is Layer-2 tunnel – it can be bridged
• To create a tunnel you must specify remote router's address and
choose unique Tunnel ID
• Check that your EOIP interface have different MAC-address than
on opposite side.

00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF

Sithu Aung 160

 Creating EoIP Tunnel

00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF

Sithu Aung 161

 EOIP and Bridging

Any IP network
(LAN, WAN, Internet)

Bridge Bridge

Local network Local network

192.168.0.1/24 - 192.168.0.100/24 192.168.0.101/24 - 192.168.0.255/24

Sithu Aung 162

 EOIP Lab

• Replace all IPIP tunnels (from previous lab) with EOIP tunnels
• Check that you are able to ping remote address before creating a
tunnel to it
• Bridge all EoIP interfaces with local interface
• Check Winbox Loader neighbour discovery feature (“...” button)

Sithu Aung 163