Usare OSPF per aggregare due link su rete bridge

[g.timpano]

Ciao a tutti è il mio primo post e volevo segnalarvi la mia problematica.
Ho una rete completamente in bridge che usa le due classi 172.16.0.0/16 per le dorsali punto punto e la classe 172.17.0.0/16 per gli access point dei clienti. I clienti si autenticano tramite pppoe gestito da server radius con free radius e da routerOs e gli viene asseganta la classe 172.18.0.0/16.
Ora vorrei creare un link doppio su una dorsale per aumentare la banda a disposizione di quel nodo e a questo pnto vorrei collegare questi due nodi su un router mikrotik RB450 ed utilizzare l'OSPF per gestire il failover e ottimizzare la gestione della banda sulle due punti punto.
Al momento il nodo in questione è così configurato:

una dorsale punto-punto indirizzo 172.16.0.18
tre AP sempre sulla stessa classe collegati ad uno switch e completamente in bridge con indirizzo 172.16.0.19-20-21

la configurazione futura dovrebbe essere
due dorsali punto-punto collegate al router mikrotik a sua volta collegato allo switch
quattro AP collegate allo switch

Inizialmente avevo pensato di conofigurarle così

eth1 172.16.0.100 (punto-punto 1)
eth2 172.16.0.101 (punto-punto 2)

eth3 172.16.0.102 (switch)

fare un bridg di tutte e tre le interfacce e inserire in OSFP le due interfacce eth1 eth2 dandogli come costo 100 ad entrambe

Il problema che essendo sia la eth1 sia la eth2 collegate a valle tramite le punto punto ad uno switch mi si impalla tutto poiche di sicuro si crea un loop di pacchetti

Qualcuno potrebbe darmi una mano????

Grazie

[piciccia]

Perchè devi usare un bridge se sei in routing ??
E' normale che va in loop......

Niente bridge.

Saluti
C.

[g.timpano]

Avevo sospettato la cosa ma non riesco a fare passare i paccheti da una parte all'altra mi potresti dare un suggerimento??
Grazie

[g.timpano]

Anche perchè probabilmente il problema e che on devo fare il routing ma quello che serviva era un bridg dinamico delle due punto-punto cioè la mia esigenza era che oltre ad aumentare la banda se cadeva una punto punto continuava a funzinare l'altra.
Ora siccome tutta la rete è in bridge dovrei continuare a fare bridg anche perchè probabilmente avrei problemi con il ppoe degli utenti...

[g.timpano]

Ok con buona pace di Parabolino sono riuscito a configurare il tutto....
Quello che mancava era innanzitutto un'altra routerboard dall'altra parte delle punto punto altrimenti avrei creato un loop in partenza, e l'ho agiunta a questo punto la cosa è stata semplice vi posto la configurazione di uno dei due router

Codice: Seleziona tutto

# oct/11/2010 19:26:53 by RouterOS 4.11
# software id = EWIY-CT4C
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1500 max-message-age=20s \
    mtu=1500 name="lobridge\r\
    \n" priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
    l2mtu=1526 mac-address=00:0C:42:54:8F:6D mtu=1500 name=ether1 speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:54:8F:6E \
    master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:54:8F:6F \
    master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:54:8F:70 \
    master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:54:8F:71 \
    master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface vpls
add advertised-l2mtu=1500 arp=enabled cisco-style=no cisco-style-id=0 \
    comment="" disable-running-check=no disabled=no l2mtu=1500 mac-address=\
    02:E2:82:F0:1E:92 mtu=1500 name=vpls1 pw-type=raw-ethernet remote-peer=\
    172.16.0.101 vpls-id=10:0
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
    group-key-update=5m interim-update=0s management-protection=disabled \
    management-protection-key="" mode=none name=default \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
    none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
    wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
    1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des \
    lifetime=30m name=default pfs-group=modp1024
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
    stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
    use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
    only-one=default use-compression=default use-encryption=yes \
    use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default comment="" disabled=no distribute-default=never in-filter=ospf-in \
    metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
    auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
    redistribute-bgp=no redistribute-connected=as-type-2 \
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=\
    backbone type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
    time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no silent-boot=yes
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no silent-boot=yes
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
    word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
    ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
    ,test,winbox,password,web,sniff,sensitive"
/interface bridge port
add bridge="lobridge\r\
    \n" comment="" disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge="lobridge\r\
    \n" comment="" disabled=no edge=auto external-fdb=auto horizon=none \
    interface=vpls1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no \
    use-ip-firewall-for-vlan=no
/interface ethernet switch port
set (unknown)
set (unknown)
set (unknown)
set (unknown)
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:DB:15:A4:60:4A \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
    enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
    00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
    frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
    multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
    no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=172.16.1.1/24 broadcast=172.16.1.255 comment="" disabled=no \
    interface=ether1 network=172.16.1.0
add address=172.16.2.1/24 broadcast=172.16.2.255 comment="" disabled=no \
    interface=ether2 network=172.16.2.0
add address=172.16.0.100/32 broadcast=172.16.0.100 comment="" disabled=no \
    interface="lobridge\r\
    \n" network=172.16.0.100
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set "lobridge\r\
    \n" discover=yes
set vpls1 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=yes hop-limit=255 loop-detect=no \
    lsr-id=172.16.0.100 path-vector-limit=255 transport-address=172.16.0.100 \
    use-explicit-null=no
/mpls ldp interface
add accept-dynamic-neighbors=yes comment="" disabled=no hello-interval=5s \
    hold-time=15s interface=ether1 transport-address=0.0.0.0
add accept-dynamic-neighbors=yes comment="" disabled=no hello-interval=5s \
    hold-time=15s interface=ether2 transport-address=0.0.0.0
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set "lobridge\r\
    \n" queue=default
set vpls1 queue=wireless-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set all comment="" disabled=no interface=all interval=0.2sec min-rx=0.2sec \
    multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing ospf network
add area=backbone comment="" disabled=no network=172.16.1.0/24
add area=backbone comment="" disabled=no network=172.16.2.0/24
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Europe/Rome
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
    filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
    yes interface=all memory-limit=10 memory-scroll=no only-headers=no \
    streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no


Ora il mio dubbio è che ha me servirebbe un bilanciamento ma dalle prove che ho fatto mi pare che funzioni sempre una sola interfaccia alla volta esegue correttamente il failover se una delle due manca l'altra viene usata ma vorrei sapere se devo aggiungere qualcosa nella configurazione per eseguire il bilanciamento.

Qualcuno mi può aiutare??

[parabolino]

Bravo!

[g.timpano]

Nessuno sa aiutarmi dai.....

[piciccia]

guarda che c'è un mio vecchio post con la configurazione bella e pronta.

Saluti
C.

[g.timpano]

Se parli di questo http://www.routerositalia.altervista.org/viewtopic.php?f=1&t=213&hilit=bilanciamento ho provato a configurarlo come staa scritto ma non mi sembra funzionasse e non capisco quale paramentro abilita il bilanciamento.

Ciao grazie

[piciccia]

quale paramentro abilita il bilanciamento.

In che senso ??? E' OSPF che bilancia per sessione.
Ma di che stai parlando ??

C.