Страница 1 из 2
OSPF и несколько офисов
Добавлено: 24 июн 2019, 12:46
Igorewka
Добрый день! Подскажите пожалуйста, был джунипер(вышел из строя) , конфиг остался, начал переносить на микротик, но запутался с оспф. На джунипере все было просто, такой то area такой интерфейс. А тут не могу понять. Конфига прикладываю.
джунипер
Код: Выделить всё
set system services dhcp pool 172.31.8.0/23 address-range low 172.31.8.31
set system services dhcp pool 172.31.8.0/23 address-range high 172.31.9.254
set system services dhcp pool 172.31.8.0/23 default-lease-time 2678400
set system services dhcp pool 172.31.8.0/23 name-server 172.31.8.5
set system services dhcp pool 172.31.8.0/23 name-server 8.8.8.8
set system services dhcp pool 172.31.8.0/23 router 172.31.8.1
set system services dhcp pool 172.31.8.0/23 propagate-settings ge-0/0/1.0
set system services dhcp pool 172.31.10.0/24 address-range low 172.31.10.31
set system services dhcp pool 172.31.10.0/24 address-range high 172.31.10.254
set system services dhcp pool 172.31.10.0/24 default-lease-time 2678400
set system services dhcp pool 172.31.10.0/24 name-server 172.31.8.5
set system services dhcp pool 172.31.10.0/24 name-server 8.8.8.8
set system services dhcp pool 172.31.10.0/24 router 172.31.10.1
set system services dhcp pool 172.31.10.0/24 propagate-settings fe-0/0/2.0
set interfaces ge-0/0/0 unit 0 description "#CRYPTO#"
set interfaces ge-0/0/0 unit 0 family inet address 172.31.15.1/29
set interfaces gr-0/0/0 unit 0 description set
set interfaces gr-0/0/0 unit 0 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 0 tunnel destination 172.31.0.150
set interfaces gr-0/0/0 unit 0 family inet mtu 1400
set interfaces gr-0/0/0 unit 0 family inet address 172.31.57.1/30
set interfaces gr-0/0/0 unit 1 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 1 tunnel destination 172.31.0.129
set interfaces gr-0/0/0 unit 1 family inet mtu 1400
set interfaces gr-0/0/0 unit 1 family inet address 172.31.19.5/30
set interfaces gr-0/0/0 unit 2 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 2 tunnel destination 172.31.0.132
set interfaces gr-0/0/0 unit 2 family inet mtu 1400
set interfaces gr-0/0/0 unit 2 family inet address 172.31.31.5/30
set interfaces gr-0/0/0 unit 3 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 3 tunnel destination 172.31.0.133
set interfaces gr-0/0/0 unit 3 family inet mtu 1400
set interfaces gr-0/0/0 unit 3 family inet address 172.31.35.5/30
set interfaces gr-0/0/0 unit 4 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 4 tunnel destination 172.31.0.134
set interfaces gr-0/0/0 unit 4 family inet mtu 1400
set interfaces gr-0/0/0 unit 4 family inet address 172.31.39.5/30
set interfaces gr-0/0/0 unit 5 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 5 tunnel destination 172.31.0.135
set interfaces gr-0/0/0 unit 5 family inet mtu 1400
set interfaces gr-0/0/0 unit 5 family inet address 172.31.43.5/30
set interfaces gr-0/0/0 unit 6 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 6 tunnel destination 172.31.0.136
set interfaces gr-0/0/0 unit 6 family inet mtu 1400
set interfaces gr-0/0/0 unit 6 family inet address 172.31.47.5/30
set interfaces gr-0/0/0 unit 7 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 7 tunnel destination 172.31.0.142
set interfaces gr-0/0/0 unit 7 family inet mtu 1400
set interfaces gr-0/0/0 unit 7 family inet address 172.31.71.5/30
set interfaces gr-0/0/0 unit 8 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 8 tunnel destination 172.31.0.144
set interfaces gr-0/0/0 unit 8 family inet mtu 1400
set interfaces gr-0/0/0 unit 8 family inet address 172.31.79.5/30
set interfaces gr-0/0/0 unit 9 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 9 tunnel destination 172.31.0.130
set interfaces gr-0/0/0 unit 9 family inet mtu 1400
set interfaces gr-0/0/0 unit 9 family inet address 172.31.23.5/30
set interfaces gr-0/0/0 unit 10 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 10 tunnel destination 172.31.0.131
set interfaces gr-0/0/0 unit 10 family inet mtu 1400
set interfaces gr-0/0/0 unit 10 family inet address 172.31.27.5/30
set interfaces gr-0/0/0 unit 11 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 11 tunnel destination 10.0.2.14
set interfaces gr-0/0/0 unit 11 family inet mtu 1400
set interfaces gr-0/0/0 unit 11 family inet address 172.19.2.86/30
deactivate interfaces gr-0/0/0 unit 11
set interfaces gr-0/0/0 unit 12 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 12 tunnel destination 172.31.0.137
set interfaces gr-0/0/0 unit 12 family inet mtu 1400
set interfaces gr-0/0/0 unit 12 family inet address 172.31.51.5/30
set interfaces ge-0/0/1 unit 0 description "#LAN_multibind#"
set interfaces ge-0/0/1 unit 0 family inet address 172.31.8.1/23
set interfaces fe-0/0/2 unit 0 description "#Remote_Clients#"
set interfaces fe-0/0/2 unit 0 family inet address 172.31.10.1/24
set interfaces fe-0/0/2 unit 0 family mpls
set interfaces fe-0/0/7 unit 0 family ethernet-switching port-mode trunk
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members 666
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members 667
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members 668
set interfaces lo0 unit 0 family inet address 172.31.0.128/32
set interfaces vlan unit 666 family inet address 10.0.3.42/29
set interfaces vlan unit 667 family inet address 10.1.1.41/29
set interfaces vlan unit 668 family inet address 172.31.15.17/29
set routing-options static route 0.0.0.0/0 next-hop 172.31.15.2
set routing-options static route 10.2.0.8/30 next-hop 172.31.15.18
set routing-options static route 10.2.0.8/30 tag 1
set routing-options static route 10.231.201.128/25 next-hop 172.31.15.18
set routing-options static route 10.231.201.128/25 tag 1
set routing-options static route 172.16.0.0/14 next-hop 172.31.15.18
set routing-options static route 172.16.0.0/14 tag 1
set routing-options static route 172.17.22.0/24 next-hop 172.31.15.18
set routing-options static route 172.17.22.0/24 tag 1
set routing-options static route 172.31.0.0/24 next-hop 172.31.15.2
set routing-options static route 172.31.15.20/30 next-hop 172.31.15.2
set routing-options static route 172.31.56.0/24 next-hop 172.31.57.2
set routing-options static route 172.31.80.0/24 next-hop 172.31.8.5
set routing-options static route 172.31.80.0/24 tag 1
set routing-options static route 172.31.90.0/24 next-hop 172.31.8.27
set routing-options static route 172.31.90.0/24 tag 1
set protocols ospf export OSPF
set protocols ospf area 0.0.0.0 interface gr-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.1 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.2 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.3 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.4 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.5 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.6 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.7 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.8 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.9 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.10 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.11 interface-type p2p
deactivate protocols ospf area 0.0.0.0 interface gr-0/0/0.11
set protocols ospf area 0.0.0.0 interface gr-0/0/0.12 interface-type p2p
set protocols ospf area 172.31.8.0 area-range 172.16.0.0/14
set protocols ospf area 172.31.8.0 area-range 172.31.8.0/21
set protocols ospf area 172.31.8.0 interface ge-0/0/0.0 passive
set policy-options policy-statement OSPF term term1 from protocol static
set policy-options policy-statement OSPF term term1 from tag 1
set policy-options policy-statement OSPF term term1 then accept
set policy-options policy-statement OSPF term term2 then reject
Микротик
Код: Выделить всё
/interface bridge
add name=loopback0
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
/interface gre
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel1 remote-address=172.31.0.150
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel2 remote-address=172.31.0.129
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel3 remote-address=172.31.0.132
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel4 remote-address=172.31.0.133
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel5 remote-address=172.31.0.134
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel6 remote-address=172.31.0.135
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel7 remote-address=172.31.0.136
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel8 remote-address=172.31.0.142
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel9 remote-address=172.31.0.144
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel10 remote-address=172.31.0.130
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel11 remote-address=172.31.0.131
add local-address=172.31.0.128 mtu=1400 name=gre-tunnel12 remote-address=172.31.0.137
/interface vlan
add interface=ether5 name=666 vlan-id=666
add interface=ether5 name=667 vlan-id=667
add interface=ether5 name=668 vlan-id=668
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=LAN_POOL ranges=172.31.8.31-172.31.9.254
add name=Remoute_lan ranges=172.31.10.31-172.31.10.254
/ip dhcp-server
add address-pool=LAN_POOL disabled=no interface=ether3 lease-time=4w2d10m name=LAN_DHCP
add address-pool=Remoute_lan disabled=no interface=ether4 lease-time=4w2d10m name=remoute_dhcp
/routing ospf area
add area-id=172.31.8.0 name=area1
/routing ospf instance
set [ find default=yes ] name=30 redistribute-static=as-type-1 routing-table="tag 1"
/ip address
add address=172.31.15.1/29 comment=#CRYPTO# interface=ether2 network=172.31.15.0
add address=172.31.8.1/23 comment=#LAN_multibind# interface=ether3 network=172.31.8.0
add address=172.31.10.1/24 comment=#Remote_Clients# interface=ether4 network=172.31.10.0
add address=172.31.0.128 interface=loopback0 network=172.31.0.128
add address=10.0.3.42/29 interface=666 network=10.0.3.40
add address=10.1.1.41/29 interface=667 network=10.1.1.40
add address=172.31.15.17/29 interface=668 network=172.31.15.16
add address=172.31.57.1/30 interface=gre-tunnel1 network=172.31.57.0
add address=192.168.0.2/24 interface=ether1 network=192.168.0.0
add address=172.31.19.5/30 interface=gre-tunnel2 network=172.31.19.4
add address=172.31.31.5/30 interface=gre-tunnel3 network=172.31.31.4
add address=172.31.35.5/30 interface=gre-tunnel4 network=172.31.35.4
add address=172.31.39.5/30 interface=gre-tunnel5 network=172.31.39.4
add address=172.31.43.5/30 interface=gre-tunnel6 network=172.31.43.4
add address=172.31.47.5/30 interface=gre-tunnel7 network=172.31.47.4
add address=172.31.71.5/30 interface=gre-tunnel8 network=172.31.71.4
add address=172.31.79.5/30 interface=gre-tunnel9 network=172.31.79.4
add address=172.31.23.5/30 interface=gre-tunnel10 network=172.31.23.4
add address=172.31.27.5/30 interface=gre-tunnel11 network=172.31.27.4
add address=172.31.51.5/30 interface=gre-tunnel12 network=172.31.51.4
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=172.31.8.0/23 dns-server=172.31.8.5,8.8.8.8 gateway=172.31.8.1 netmask=23
add address=172.31.10.0/24 dns-server=172.31.8.5,8.8.8.8 gateway=172.31.10.1 netmask=24
/ip route
add distance=1 dst-address=10.2.0.8/30 gateway=172.31.15.18 routing-mark="tag 1"
add distance=1 gateway=172.31.15.2
/ip route vrf
add routing-mark="tag 1"
/routing ospf area range
add area=area1 range=172.16.0.0/14
add area=area1 range=172.31.8.0/21
/routing ospf interface
add instance-id=30 interface=gre-tunnel1 network-type=point-to-point
add instance-id=30 interface=gre-tunnel2 network-type=point-to-point
add instance-id=30 interface=gre-tunnel3 network-type=point-to-point
add instance-id=30 interface=gre-tunnel4 network-type=point-to-point
add instance-id=30 interface=gre-tunnel5 network-type=point-to-point
add instance-id=30 interface=gre-tunnel6 network-type=point-to-point
add instance-id=30 interface=gre-tunnel7 network-type=point-to-point
add instance-id=30 interface=gre-tunnel8 network-type=point-to-point
add instance-id=30 interface=gre-tunnel9 network-type=point-to-point
add instance-id=30 interface=gre-tunnel10 network-type=point-to-point
add instance-id=30 interface=gre-tunnel11 network-type=point-to-point
add instance-id=30 interface=gre-tunnel12 network-type=point-to-point
add instance-id=30 interface=ether2 passive=yes
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 13:11
Erik_U
на джунифере есть area-id=0.0.0.0 и area-id=172.31.8.0
на микротике только area-id=172.31.8.0
Схема то какая у OSPF?.
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 13:23
Igorewka
Код: Выделить всё
router ospf 30
fast-convergence
originate-default always
area 0.0.0.0
interface Tunnel2
network-type point-to-point
interface Tunnel3
network-type point-to-point
interface Tunnel4
network-type point-to-point
interface Tunnel5
network-type point-to-point
interface Tunnel6
network-type point-to-point
interface Tunnel7
network-type point-to-point
interface Tunnel8
network-type point-to-point
interface Tunnel9
network-type point-to-point
interface Tunnel10
network-type point-to-point
interface Tunnel1
network-type point-to-point
interface Tunnel20
network-type point-to-point
interface Tunnel15
network-type point-to-point
area 172.31.8.0
range 172.16.0.0/14
range 172.31.8.0/21
interface CRYPTO
passive
redistribute static route-map StaticToOspf
route-map StaticToOspf permit 10
match tag 1
Это конфиг давнишний до меня был на smartedge 100, его под джунипер писал.
И то и то , просто area 0.0.0.0 смотрит в GRE тунели там модули шифрования, а area 172.31.8.0 это сетка внутри и там еще один vrf на bgp я его еще не настраивал это где vlans. Что то в консольном area 0.0.0.0 не отображается
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 13:31
Igorewka
Могу скинуть полный конфиг джунипера , уже какой день бьюсь не получается.
Вот полный конфиг рабочий.
Код: Выделить всё
set system services dhcp pool 172.31.8.0/23 address-range low 172.31.8.31
set system services dhcp pool 172.31.8.0/23 address-range high 172.31.9.254
set system services dhcp pool 172.31.8.0/23 default-lease-time 2678400
set system services dhcp pool 172.31.8.0/23 name-server 172.31.8.5
set system services dhcp pool 172.31.8.0/23 name-server 8.8.8.8
set system services dhcp pool 172.31.8.0/23 router 172.31.8.1
set system services dhcp pool 172.31.8.0/23 propagate-settings ge-0/0/1.0
set system services dhcp pool 172.31.10.0/24 address-range low 172.31.10.31
set system services dhcp pool 172.31.10.0/24 address-range high 172.31.10.254
set system services dhcp pool 172.31.10.0/24 default-lease-time 2678400
set system services dhcp pool 172.31.10.0/24 name-server 172.31.8.5
set system services dhcp pool 172.31.10.0/24 name-server 8.8.8.8
set system services dhcp pool 172.31.10.0/24 router 172.31.10.1
set system services dhcp pool 172.31.10.0/24 propagate-settings fe-0/0/2.0
set interfaces ge-0/0/0 unit 0 description "#CRYPTO#"
set interfaces ge-0/0/0 unit 0 family inet address 172.31.15.1/29
set interfaces gr-0/0/0 unit 0 description set
set interfaces gr-0/0/0 unit 0 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 0 tunnel destination 172.31.0.150
set interfaces gr-0/0/0 unit 0 family inet mtu 1400
set interfaces gr-0/0/0 unit 0 family inet address 172.31.57.1/30
set interfaces gr-0/0/0 unit 1 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 1 tunnel destination 172.31.0.129
set interfaces gr-0/0/0 unit 1 family inet mtu 1400
set interfaces gr-0/0/0 unit 1 family inet address 172.31.19.5/30
set interfaces gr-0/0/0 unit 2 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 2 tunnel destination 172.31.0.132
set interfaces gr-0/0/0 unit 2 family inet mtu 1400
set interfaces gr-0/0/0 unit 2 family inet address 172.31.31.5/30
set interfaces gr-0/0/0 unit 3 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 3 tunnel destination 172.31.0.133
set interfaces gr-0/0/0 unit 3 family inet mtu 1400
set interfaces gr-0/0/0 unit 3 family inet address 172.31.35.5/30
set interfaces gr-0/0/0 unit 4 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 4 tunnel destination 172.31.0.134
set interfaces gr-0/0/0 unit 4 family inet mtu 1400
set interfaces gr-0/0/0 unit 4 family inet address 172.31.39.5/30
set interfaces gr-0/0/0 unit 5 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 5 tunnel destination 172.31.0.135
set interfaces gr-0/0/0 unit 5 family inet mtu 1400
set interfaces gr-0/0/0 unit 5 family inet address 172.31.43.5/30
set interfaces gr-0/0/0 unit 6 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 6 tunnel destination 172.31.0.136
set interfaces gr-0/0/0 unit 6 family inet mtu 1400
set interfaces gr-0/0/0 unit 6 family inet address 172.31.47.5/30
set interfaces gr-0/0/0 unit 7 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 7 tunnel destination 172.31.0.142
set interfaces gr-0/0/0 unit 7 family inet mtu 1400
set interfaces gr-0/0/0 unit 7 family inet address 172.31.71.5/30
set interfaces gr-0/0/0 unit 8 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 8 tunnel destination 172.31.0.144
set interfaces gr-0/0/0 unit 8 family inet mtu 1400
set interfaces gr-0/0/0 unit 8 family inet address 172.31.79.5/30
set interfaces gr-0/0/0 unit 9 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 9 tunnel destination 172.31.0.130
set interfaces gr-0/0/0 unit 9 family inet mtu 1400
set interfaces gr-0/0/0 unit 9 family inet address 172.31.23.5/30
set interfaces gr-0/0/0 unit 10 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 10 tunnel destination 172.31.0.131
set interfaces gr-0/0/0 unit 10 family inet mtu 1400
set interfaces gr-0/0/0 unit 10 family inet address 172.31.27.5/30
set interfaces gr-0/0/0 unit 11 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 11 tunnel destination 10.0.2.14
set interfaces gr-0/0/0 unit 11 family inet mtu 1400
set interfaces gr-0/0/0 unit 11 family inet address 172.19.2.86/30
deactivate interfaces gr-0/0/0 unit 11
set interfaces gr-0/0/0 unit 12 tunnel source 172.31.0.128
set interfaces gr-0/0/0 unit 12 tunnel destination 172.31.0.137
set interfaces gr-0/0/0 unit 12 family inet mtu 1400
set interfaces gr-0/0/0 unit 12 family inet address 172.31.51.5/30
set interfaces ge-0/0/1 unit 0 description "#LAN_multibind#"
set interfaces ge-0/0/1 unit 0 family inet address 172.31.8.1/23
set interfaces ge-0/0/1 unit 0 family inet address 192.168.10.8/24
set interfaces fe-0/0/2 unit 0 description "#Remote_Clients#"
set interfaces fe-0/0/2 unit 0 family inet address 172.31.10.1/24
set interfaces fe-0/0/2 unit 0 family mpls
set interfaces fe-0/0/7 unit 0 family ethernet-switching port-mode trunk
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members 666
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members 667
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members 668
set interfaces lo0 unit 0 family inet address 172.31.0.128/32
set interfaces vlan unit 666 family inet address 10.0.3.42/29
set interfaces vlan unit 667 family inet address 10.1.1.41/29
set interfaces vlan unit 668 family inet address 172.31.15.17/29
set routing-options static route 0.0.0.0/0 next-hop 172.31.15.2
set routing-options static route 10.2.0.8/30 next-hop 172.31.15.18
set routing-options static route 10.2.0.8/30 tag 1
set routing-options static route 10.231.201.128/25 next-hop 172.31.15.18
set routing-options static route 10.231.201.128/25 tag 1
set routing-options static route 172.16.0.0/14 next-hop 172.31.15.18
set routing-options static route 172.16.0.0/14 tag 1
set routing-options static route 172.17.22.0/24 next-hop 172.31.15.18
set routing-options static route 172.17.22.0/24 tag 1
set routing-options static route 172.31.0.0/24 next-hop 172.31.15.2
set routing-options static route 172.31.15.20/30 next-hop 172.31.15.2
set routing-options static route 172.31.56.0/24 next-hop 172.31.57.2
set routing-options static route 172.31.80.0/24 next-hop 172.31.8.5
set routing-options static route 172.31.80.0/24 tag 1
set routing-options static route 172.31.90.0/24 next-hop 172.31.8.27
set routing-options static route 172.31.90.0/24 tag 1
set routing-options autonomous-system 65033
set protocols bgp group LAN export LAN-OUT
set protocols bgp group LAN neighbor 172.31.15.2 peer-as 65033
set protocols ospf export OSPF
set protocols ospf area 0.0.0.0 interface gr-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.1 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.2 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.3 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.4 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.5 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.6 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.7 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.8 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.9 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.10 interface-type p2p
set protocols ospf area 0.0.0.0 interface gr-0/0/0.11 interface-type p2p
deactivate protocols ospf area 0.0.0.0 interface gr-0/0/0.11
set protocols ospf area 0.0.0.0 interface gr-0/0/0.12 interface-type p2p
set protocols ospf area 172.31.8.0 area-range 172.16.0.0/14
set protocols ospf area 172.31.8.0 area-range 172.31.8.0/21
set protocols ospf area 172.31.8.0 interface ge-0/0/0.0 passive
set policy-options policy-statement VRF-IN term term1 from route-filter 10.0.0.0/8 exact
set policy-options policy-statement VRF-IN term term1 then accept
set policy-options policy-statement VRF-IN term term2 then reject
set policy-options policy-statement VRF-OUT term term1 from route-filter 10.1.1.40/29 exact
set policy-options policy-statement VRF-OUT term term1 then accept
set policy-options policy-statement VRF-OUT term term2 from route-filter 172.31.0.0/25 exact
set policy-options policy-statement VRF-OUT term term2 then accept
set policy-options policy-statement VRF-OUT term term3 from route-filter 172.31.0.128/32 exact
set policy-options policy-statement VRF-OUT term term3 then accept
set policy-options policy-statement VRF-OUT term term4 from route-filter 172.31.0.150/32 exact
set policy-options policy-statement VRF-OUT term term4 then accept
set policy-options policy-statement VRF-OUT term term5 then reject
set policy-options policy-statement LAN-OUT term term1 from route-filter 172.16.0.0/14 exact
set policy-options policy-statement LAN-OUT term term1 then accept
set policy-options policy-statement LAN-OUT term term2 from route-filter 172.31.0.128/32 exact
set policy-options policy-statement LAN-OUT term term2 then accept
set policy-options policy-statement LAN-OUT term term3 then reject
set policy-options policy-statement OSPF term term1 from protocol static
set policy-options policy-statement OSPF term term1 from tag 1
set policy-options policy-statement OSPF term term1 then accept
set policy-options policy-statement OSPF term term2 then reject
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
set routing-instances VRF instance-type virtual-router
set routing-instances VRF interface vlan.666
set routing-instances VRF interface vlan.667
set routing-instances VRF routing-options static route 0.0.0.0/0 next-hop 10.0.3.41
set routing-instances VRF routing-options static route 10.0.2.0/27 next-hop 10.0.3.41
set routing-instances VRF routing-options static route 172.31.0.128/32 next-hop 10.1.1.42
set routing-instances VRF routing-options static route 172.31.0.0/25 next-hop 10.1.1.42
set routing-instances VRF routing-options static route 172.31.0.150/32 next-hop 10.1.1.42
set routing-instances VRF routing-options autonomous-system 65033
set routing-instances VRF protocols bgp group VRF import VRF-IN
set routing-instances VRF protocols bgp group VRF export VRF-OUT
set routing-instances VRF protocols bgp group VRF local-as 65033
set routing-instances VRF protocols bgp group VRF neighbor 10.0.3.41 peer-as 35177
set vlans vl666 vlan-id 666
set vlans vl666 l3-interface vlan.666
set vlans vl667 vlan-id 667
set vlans vl667 l3-interface vlan.667
set vlans vl668 vlan-id 668
set vlans vl668 l3-interface vlan.668
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 13:31
Erik_U
А в логе на микротике что?
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 13:40
Igorewka
Я его еще не подключал так как не до настроен и явно оспф не поднимется, просто щас работает временном джунипере который слабый , отключать нельзя все работают. Ток на выходные смогу его вкл и проверить. Но надо настроить более менее правильно. Если можете помогите накидать примерно конфиг. Спасибо
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 15:40
Erik_U
На микротике в OSPF лучше не интерфейсы прописывать, а сети.
Интерфейсы он динамически подтянет.
А 172-х адресов нет в копилке?
Можно поставить микротик рядом с джунифером, на него завести вторые GRE, добавить все в OSPF, и когда будет видно, что работает, джунифер выключить.
ПРосто как он может работать, если интерфейсы добавлены, но они в OFF-е?
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 15:53
Igorewka
Столько не будет, а можете хотябы на одном примере для area 0.0.0.0 и 172.31.8.0 не пойму логику микротика, а там по аналогии буду разбираться.
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 18:13
Erik_U
Area - это зона, в которой будет работать маршрутизация OSPF.
Instances - это узел, маршрутизатор. Ему микротик советует дать ID по адресу специально созданного бриджа с именем loopback и адресом /32.
Этот адрес не участвует в маршрутизации, просто выступает в качестве метки конкретного роутера.
Networks - добавляем сюда сети, которые есть на этом конкретном микротике. Только их. И никакие другие. Можно добавлять не все, а только те, которые должны быть доступны в вашем Area.
При добавлении сети, микротик сам добавит интерфейс в разделе Interfaces. Если настройки динамически назначенного интерфейса не устраивают (по стоимости, например) - его нужно пересоздать вручную. ПОсле создания вручную динамически добавленный исчезнет.
Дальше все работает автоматом. Микротик в добавленные сети через добавленные интерфейсы начинает посылать OSPF паветы, и получать их от другим маршрутизаторов. Если полученные пакеты принадлежат к тому же Area, он добавляет полученную информацию в свою таблицу.
Маршруты строит в соответствии с суммарной стоимостью. В приоритете всегда самый дешевый, если есть несколько до одной цели.
Если на одном маршрутизаторе 2 выхода в интернет, то нужно в IP.Routes создать 2 маршрута 0.0.0.0/0, или один с двумя шлюзами. И добавить сеть 0.0.0.0/0 в OSPF. Будет резервированный выход в интернет. Без пингов и скриптов.
Чтобы отвалившиеся маршруты не вводили в заблуждение своим присутствием в списке, нужно в настройках интерфейсов заполнить параметр Keepalive.
В случае с двумя Area на микротике нужно поделить между ними сети (когда добавляешь их в Routing:OSPF.Networks.
Одну сеть в два Area добавить нельзя.
Re: OSPF и несколько офисов
Добавлено: 24 июн 2019, 18:21
Igorewka
Спасибо, буду настраивать.