Mikrotik, DHCP Classless Route
DHCP Classless Route , why is it needed?
Our company uses a tincd solution for VPN . Due to the fact that on Mikrotik I did not find an easy way to run tinc, it was decided to run VPN on a separate server and use it as a gateway. The first attempt is to prescribe a route on the router. According to the pings, it was clear that the router sends a message about the redirect, while network lags were observed. When working created the feeling that the connection is established in this way, slows down.
As an experiment, I decided to try on my workplace to prescribe the route with my hands. This turned out to be the right decision - the lags disappeared, but this operation had to be done on all the machines in the office, and I didn’t want to drive it with my hands. In this regard, it was necessary to set up a static route on all clients that receive an address using the DHCP protocol without much stress.
')
The google process led me to the Mikrotika documentation page . Everything is clear - the DHCP Classless Route will help us. The setting is relatively easy, but because of this relativity, I killed a half-day setting. At the same time, there were problems with network access at the network hosts - the default route for Windows machines disappeared.
Another difficulty setting Mikrotik lies in the fact that you need to enter the route in hex (or binary) form that I was slightly confused. Yes, and in the documentation, some nuances are not specified. This option is considered in the basic version. And then whatever you want)). I had to delve a little into the details of the settings.
In order for you to get a route, all hosts, regardless of the operating system family, need to configure 2 options 121 and 249 . If all the developers followed the RFC , then perhaps the life of the system administrators would be much less important and less interesting.
According to the same document, the route scheme will look like this:
In order to correctly compile the route, you need to translate the destination network address, subnet mask and gateway address in hexadecimal format. Those who want tosuffer to increase their personal skills can translate into binary format.
LEN (destination subnet mask) = 24 = 0x18
DESTINATION = 10.0.0.0 = 0A 00 00
ROUTER = 192.168.0.2 = c0 a8 00 02
Summary line: 0x180A0000c0a80002
add route to microtic:
through winbox
through the console
LEN (destination subnet mask) = 8 = 0x08
DESTINATION = 10.0.0.0 = 0A
ROUTER = 192.168.0.2 = c0 a8 00 02
Summary line: 0x080Ac0a80002
LEN (destination subnet mask) = 29 = 0x19
DESTINATION = 172.16.4.0 = AC100400
ROUTER = 192.168.0.2 = AC10040001
Summary line: 0x19AC100400AC10040001
I don’t attach pictures to 2 and 3 examples; on the router itself, configure is identical to example 1.
I do not know why the small -time comrades hold the views of Comrade Lenin , but they follow them quite fanatically. Despite the presence of RFC3442, Microsoft decided on its clients to receive the route using option 249.
On the microtic, this option is configured like the 121st option.
0x [ destination address subnet mask ] [ destination address ] [ gateway address ]
Unfortunately, there is no example in the documentation on the Mikrotik website how to configure several routes correctly. We come to the aid of RFC3442 in which there is a wonderful scheme for compiling several routes which is given above.
Add to the first route the second route without 0x
Example
two routes 10.0.0.0/8 and 172.16.4.0/24 through the gateway 192.168.0.2 in one line will look like this:
I hope that this information will be useful to someone.
PS: I ask for comments and suggestions to send to the PM.
UPD:
Comrade orlovdl sketched the python function to translate a block of addresses into Hex format.
UPD:
Comrade poofeg suggested:
Our company uses a tincd solution for VPN . Due to the fact that on Mikrotik I did not find an easy way to run tinc, it was decided to run VPN on a separate server and use it as a gateway. The first attempt is to prescribe a route on the router. According to the pings, it was clear that the router sends a message about the redirect, while network lags were observed. When working created the feeling that the connection is established in this way, slows down.
As an experiment, I decided to try on my workplace to prescribe the route with my hands. This turned out to be the right decision - the lags disappeared, but this operation had to be done on all the machines in the office, and I didn’t want to drive it with my hands. In this regard, it was necessary to set up a static route on all clients that receive an address using the DHCP protocol without much stress.
')
The google process led me to the Mikrotika documentation page . Everything is clear - the DHCP Classless Route will help us. The setting is relatively easy, but because of this relativity, I killed a half-day setting. At the same time, there were problems with network access at the network hosts - the default route for Windows machines disappeared.
Another difficulty setting Mikrotik lies in the fact that you need to enter the route in hex (or binary) form that I was slightly confused. Yes, and in the documentation, some nuances are not specified. This option is considered in the basic version. And then whatever you want)). I had to delve a little into the details of the settings.
In order for you to get a route, all hosts, regardless of the operating system family, need to configure 2 options 121 and 249 . If all the developers followed the RFC , then perhaps the life of the system administrators would be much less important and less interesting.
Option 121
Option 121 , like all other DHCP options, is described in rfc3442 . This document dictates the following rules and requirements for parameter 121:- minimum length 5 bytes.
- can enter one or more routes
- each route must contain the destination network address and the gateway ip address.
According to the same document, the route scheme will look like this:
Code Len Destination 1 Router 1
+ ----- + --- + ---- + ----- + ---- + ---- + ---- + ---- + ---- +
| 121 | n | d1 | ... | dN | r1 | r2 | r3 | r4 |
+ ----- + --- + ---- + ----- + ---- + ---- + ---- + ---- + ---- +
Destination 2 Router 2
+ ---- + ----- + ---- + ---- + ---- + ---- + ---- +
| d1 | ... | dN | r1 | r2 | r3 | r4 |
+ ---- + ----- + ---- + ---- + ---- + ---- + ---- +
In order to correctly compile the route, you need to translate the destination network address, subnet mask and gateway address in hexadecimal format. Those who want to
Example 1
Create a route string for the network 10.0.0.0/ 24 through the router 192.168.0.2LEN (destination subnet mask) = 24 = 0x18
DESTINATION = 10.0.0.0 = 0A 00 00
ROUTER = 192.168.0.2 = c0 a8 00 02
Summary line: 0x180A0000c0a80002
add route to microtic:
through winbox
through the console
/ ip dhcp-server option
add code = 121 name = opt_121_10 value = 0x180A0000c0a80002
set 0 dhcp-option = opt_121_10
Example 2
Create a route string for the network 10.0.0.0/ 8 through the router 192.168.0.2LEN (destination subnet mask) = 8 = 0x08
DESTINATION = 10.0.0.0 = 0A
ROUTER = 192.168.0.2 = c0 a8 00 02
Summary line: 0x080Ac0a80002
Example 3
Create a route string for the network 10.0.0.0/ 8 through the router 192.168.0.2LEN (destination subnet mask) = 29 = 0x19
DESTINATION = 172.16.4.0 = AC100400
ROUTER = 192.168.0.2 = AC10040001
Summary line: 0x19AC100400AC10040001
I don’t attach pictures to 2 and 3 examples; on the router itself, configure is identical to example 1.
Very easily we can run into a sudden shutdown of clients due to one small nuance
If you incorrectly specify the subnet address. The mistake is very easy to make. To avoid this, you need to remember the theory and put it into practice.
Let's remember. There is an address and subnet mask. The address is divided into two parts - network and host.
The subnet mask indicates how many first bits of the address belong to the network part. Accordingly, the rest of the address indicates the host.
If we need a route to the network with a mask of 24 bits, then we need the first 3 octets of the destination network address (Example 1)
If we need a route to the network with a mask of 8 bits, then we need only the 1st octet of the destination network address (Example 2)
If we need a route to the network with a mask of 25 bits, then we will need to specify all octets (Example 3)
Let's remember. There is an address and subnet mask. The address is divided into two parts - network and host.
The subnet mask indicates how many first bits of the address belong to the network part. Accordingly, the rest of the address indicates the host.
If we need a route to the network with a mask of 24 bits, then we need the first 3 octets of the destination network address (Example 1)
If we need a route to the network with a mask of 8 bits, then we need only the 1st octet of the destination network address (Example 2)
If we need a route to the network with a mask of 25 bits, then we will need to specify all octets (Example 3)
Option 249
On the wikipedia page with a description of dhcp there is a link to generally accepted DHCP options. 249 option is in range for private use.I do not know why the small -time comrades hold the views of Comrade Lenin , but they follow them quite fanatically. Despite the presence of RFC3442, Microsoft decided on its clients to receive the route using option 249.
On the microtic, this option is configured like the 121st option.
0x [ destination address subnet mask ] [ destination address ] [ gateway address ]
If you have problems with setting up Windows machines, then try the advice under the spoiler
0x [ destination address subnet mask ] [ destination address ] [ gateway address ] 00 [ gateway address ]
Add to line 00 and the address of the router again.
Why it works, I do not understand. Through empirical research, the solution provided was found. Later, I had an option without this crutch.
Add to line 00 and the address of the router again.
Why it works, I do not understand. Through empirical research, the solution provided was found. Later, I had an option without this crutch.
Multiple routes in one line
Unfortunately, there is no example in the documentation on the Mikrotik website how to configure several routes correctly. We come to the aid of RFC3442 in which there is a wonderful scheme for compiling several routes which is given above.
Add to the first route the second route without 0x
Example
two routes 10.0.0.0/8 and 172.16.4.0/24 through the gateway 192.168.0.2 in one line will look like this:
0x 08 0Ac0a80002 18 AC100Bc0a80002bold highlighted subnet masks
I hope that this information will be useful to someone.
PS: I ask for comments and suggestions to send to the PM.
UPD:
Comrade orlovdl sketched the python function to translate a block of addresses into Hex format.
UPD:
Comrade poofeg suggested:
I would draw attention to this phrase in RFC3442:
The DHCP server administrators [...] should specify the default router and the default router option.
In all your examples in option 121, the default route is missing. That is, it is better to add 00c0a80001 (0.0.0.0/0 via 192.168.0.1) to both lines at the end.
Source: https://habr.com/ru/post/239141/
All Articles