On route filter:
Add a route filter in chain ospf-out, prefix = 192.168.88.0/24,
action=discard.
I put a little private ip range with NAT on the last port of every
router I set up so I can always plug in there with my laptop and have
internet access + access to the router. Sort of like the service outlet
next to the electric panel....it is a good idea.
If *I* was a real network operator, I would use OSPF only to exchange
adjacency and use iBGP to distribute the routes. Fast convergence +
scalability. I haven't yet decided how I'm going to make the transition
from all OSPF to that split model...but someday I'm damn well going to
do it.
On 11/12/2015 1:22 PM, That One Guy /sarcasm wrote:
First, I have to give props to mikrotik. These things are versatile as
hell, multiple mechanisms for access, fairly intuitive CLI syntax,
Nice simple clean GUI, tons of visibility, I wish we had gone this
route 6 years ago, we would be further along in our capabilities.
I finally got the biggest sections of the network fully routed
yesterday, there is only one redundant loop for 3 sites, so OSPF is
primarily just present for route propogation
We have two upstreams, currently each statically routing a /23 each of
our ARIN space with an EOIP tunnel between the two to handle a couple
policy routes, the EOIP tunnel is not currently doing OSPF just
sending the /23 across when it needs to.
Both of the edge routers are distributing the default route so the
customer traffic will hit the closest BMU (we are upstream 1 - edge
router - bmu - network - bmu - edge router - upstream 2)
We have butch evans firewall on our interior routers with a couple tweaks
OSPF default instance is:
redistribute default - never (with the exception of the two edge routers)
connected - type 1
static - type 1
rip - no
bgp - no
orther ospf - type 1
metrics are all default
I add an all interface currently with simple authentication, in
broadcast where we are still building out and point to point when its
an isolated hop
when i add the network and the dynamic interface instance comes up I
go to it and click copy to make it static
The rest of the configuration is default
Im still trying to understand filters, im semi retarded. I had thought
it was pretty slick to leave the 192.168.88.1 on ether1 so every
router had an accessible ip, but with redistribution of connected
routes, i found out the hard way this was a bad idea when i dumped a
configuration into the wrong router and took a production network
down, my bad.
Im putting some EOIP tunnels in for some customer endpoint needs, but
I think MPLS is the actual right way to go, but EOIP is really easy to do.
End of the day we will implement BGP (after all the routers are
deployed) so our internal network will need to be in line for the best
utilization of that.
having BMUs does limit some things, like they only do OSPF, no BGP or
iBGP, there may be a way around that, I dont know, im short bus
special, mom told me the helmet made me handsome.
if i were a real network operator, what would i be doing differently?
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the team.
