dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1224
share rss forum feed

unwired9
Premium
join:2008-04-08
Algoma, WI

OSPF Backhauls

I'm running OSPF across my network. I have a router at the base and run a /29 across each link. I originally started with mikrotik ptp so it worked ok I could always winbox into the othersides router and console into ptp - I've been switching over to ubnt ptp and as we all know command line isn't as friendly. How can I go about configuring these links so that I can maintain the ospf and connectivity to the wireless bridges via ip. Just curious what everyone else is doing.



Inssomniak
The Glitch
Premium
join:2005-04-06
Cayuga, ON
kudos:2

When you have an answer, I need it too.

They dont officially support OSPF, so if I need to, I continue at the commandline from some other router in the same subnet if it just so happens the link towards the gateway is out. Which end is the gateway? I always make it the end closest to the core router where my attack angle usually is coming from.

NAT is another option, but messy.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca



warwick

join:2009-06-05
Hollywood, FL

Hmm, if I may - what exactly is being asked?



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to unwired9

OSPF uses multicast to communicate with neighbors. Multicast does not propagate beyond L3 hops. So if the Ubnt radios are set up in a kind of "routing" mode, as opposed to a "bridging" mode where one would damn well hope they are just transparent bridges, then you may have issues.

Are you suggesting that Ubnt radios dont transparently bridge (i.e. they dont care what is in an IP packet or ethernet frame, they just forward it)?



Inssomniak
The Glitch
Premium
join:2005-04-06
Cayuga, ON
kudos:2
reply to warwick

I think he is asking about the ubnt bridges between mikrotik routers and OSPF if a link goes down, and the ubnt loses its ability to communicate with its default gateway you can't access them out of their subnet after OSPF re routes around the problem.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

We used to do radio management like the following diagram.

Blue is a VLAN which we are using to route between the two POPs, and red is a VLAN used for device management at the POP on the left.




If the router at the remote side had issues, you were at least able to confirm it was the router, and not the link in the middle.

We would run OSPF over the blue VLAN, but red was basically an access VLAN solely for management devices.

mindustries

join:2009-07-03
NB Canada
reply to unwired9

I had trouble with this to I change my ospf to NBMA instead of multicast and that way with the ubnt ptp it works it is a bit more work to set up but it works.


unwired9
Premium
join:2008-04-08
Algoma, WI
reply to unwired9

Inssomniak feels my pain - The issue is if I take down the bridge I loose connectivity to the far side radio. For instance if I wanted to drop the link to run a spectrum scan from both sides - I could not. I was thinking that vlan may be the solution with the exception being that I would run a /30 between the far side router and bridge and a /30 to the near side router and bridge and then a seperate /30 for the router to router - ospf communication. I have redundant links accross the board so it is not a matter of being able to access the far side router if I drop the link. This is not an ospf issue or a ubnt ospf issue - It is how would you maintain management access to the bridge in the event the link went down or you dropped the link for maintianance purposes.


unwired9
Premium
join:2008-04-08
Algoma, WI
reply to unwired9

The vlan's appear to be working - I set a vlan with a /30 between the router and the bridge once the link dropped ospf kicked in and I was able to access the far end remotely.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to unwired9

said by unwired9:

It is how would you maintain management access to the bridge in the event the link went down or you dropped the link for maintianance purposes.

If I understand your question then the answer would be: you dont have to worry about it, thats what OSPF will take care of, and the reason we use routing protocols like that.

If you have redundant paths around your network, then if one of them fails, the subnets attached to the routers either side of that failed links simply become available via other paths.

If you have an existing connection open to a device, packets for that connection should start routing via the new path. If you try to establish a connection, then again packets route via the new paths to reach the device.

When the link comes back up and OSPF determines there is a better path, all packets start routing via that path again.

There is likely to be a short delay as OSPF realises that a link has failed and withdraws routes via that path and it propagates around the network.

Naturally if you've done something like what I illustrated above, then its easy enough to lose access to a device when the link drops, since it is "connected" to a device over the link that has gone down.

If you have redundant paths then yes, definitely have each radio on each side of a link connected management wise to its local router to take advantage of routing around link failures.

gunther_01
Premium
join:2004-03-29
Saybrook, IL
reply to unwired9

I think you could accomplish this with IP aliases as well. I can't recall if there is an alternate gateway option in there or not.
--
»www.wirelessdatanet.net


bburley

join:2010-04-30
Cold Lake, AB

2 edits

Be careful with UBNT and IP Alias. A default route will be created for the Alias subnet. The creation of this new default route may be delayed until another event triggers it. If the sort order for this new default route appears before your original default route, and is not valid, you can lose connectivity.

In my case, I used IP Alias on the CPE's with Rocket M900 AP's. If a CPE was installed, or an existing CPE was rebooted, the new default route would appear in the AP a few (or even 24 or so) hours later.

I still use Auto IP Alias, but all IP Alias entries have been removed from every device. Turning it off, or disabling, does not work. All entries have to be blanked.



Mad Dawg
Mad Dawg
Premium
join:2006-03-19
reply to unwired9

I am using ospf over UBNT all over the place
all the OSPF is handled by MikroTiks on each end the radios are just wireless bridges works very well for us
We always disable IP alias and enable multicast on the radios


gunther_01
Premium
join:2004-03-29
Saybrook, IL

But are you able to access your radio's when the appropriate router/gateway for a radio becomes accessible?

I think the main issue he is asking about is in a routed scenario, your UBNT radio's (event though in bridge modes) will have a gateway set in them for IP purposes. In the odd case that your bridged wireless link fails, and OSPF re-routes around the issue,(via some other redundant path) you loose your gateway for that link, and you can no longer communicate with the radio's to check on them, or work on them...

Say x.x.x.1 OSPF router --> x.2 UBNT AP -->. x.3 UBNT CPE --> x.4 OSPF router .

If the link fails doesn't x.1 go out of service when your routers re-route around the problem via another route/link? But than at that point x.4 would be accessible via the redundant link. BUT, you are trying to access the UBNT radios via x.4, which isn't their gateway, so they don't communicate back to you properly??

I think this is the problem. And also I guess my question to clarify from him and or the group. I have dabbled a bit with OSPF, but not had a chance to see how it really works within my network and it's caveats during redundant links
--
»www.wirelessdatanet.net



Mad Dawg
Mad Dawg
Premium
join:2006-03-19

4 edits

said by gunther_01:

But are you able to access your radio's when the appropriate router/gateway for a radio becomes accessible?

I think the main issue he is asking about is in a routed scenario, your UBNT radio's (event though in bridge modes) will have a gateway set in them for IP purposes. In the odd case that your bridged wireless link fails, and OSPF re-routes around the issue,(via some other redundant path) you loose your gateway for that link, and you can no longer communicate with the radio's to check on them, or work on them...



Yes this is correct but it also depends on what you use for the gateway ip on
each wireless link ie you could have radio ones gateway as the opposing ends mikrotik port IP or its local
i.e. tik-1-IP-10.255.0.1/29
radio1-10.255.0.3/29 gateway 10.255.0.1
radio2 10.255.0.4/29 gateway 10.255.0.2
Tik-2-IP-10.255.0.2/29
alternatively radio 1 would use the opposite end (10.255.0.2) as its gateway
either way will work but in method one the radio will still be accessable via its gateway interface
since its local,directly connected to it and its gateway it shouldnt matter if the link is down and not actually in use

This is how I set mine and I can still access the radios even if the primary wireless link is down and
were running on the backup link as long as the radio is phsically connected and running I can still access the primarys
--
Best Regards

MD


Inssomniak
The Glitch
Premium
join:2005-04-06
Cayuga, ON
kudos:2

Yea this is how I do it as well, sometimes its hit or miss though for me.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca


unwired9
Premium
join:2008-04-08
Algoma, WI
reply to Mad Dawg

This is how I had been doing it - The issue is even though the gateway is local the subnet is not necessarily routed to that router. So why I could access the router then in turn the device via ssh/telnet - I could not access the gui. It was not just an issue of when the link goes down but also taking the links down for spectrum scans etc. I try to make a habit of verifing my links from time to time. As I posted for those fighting this - I created a vlan interface on the router and set the management vlan on the ubnt then assigned a /30 so I have a /30 assigned to the routers for direct communication the a /30 assigned to a vlan on each end for access to the bridge. If I take the link down I just have to wait a couple seconds for the far side route to repropogate and then I can access both sides.