BGP vs OSPF when using PPPoE and Tunnels

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay apologies for the delay they gave me a laptop with no HDMI sorry about that okay so we've got the presentation up and running my name is Chris Sutherland I'm from a company called IP tech training we're a small team we specialize in training and events and things like that specifically for my critics networks for voice over IP CCTV the whole lot so we manage primarily online training platforms so instead of actually standing in front of three people and taking them out of their busy work schedule for days and days on end we prefer to sort of virtualized trainings get it up in the cloud get it all video of a video base and you can do the trainings whenever you want if you feel like two o'clock in the morning going and doing a couple of training modules that's what we do we post all of that all right something else that we do do it on top of this is we maintain and support a number of wireless ISPs primarily wireless ISPs throughout the country and we just help them out with all of their firewalls routing any general queries that they've got this helps us in a number of different ways first of all it helps us build better training content and it helps us keep our finger on the pulse when it comes to what networks are doing nowadays how are they evolving what are the best ways to set certain things up and that's primarily why I'm here today and what I'm talking about is with a wireless isp what's the best way to actually configure and set this lot up what routing protocols do you use do I use people if you do I used to hcp do I use BGP all of these analogies and terms and a lot of the time the guys just don't understand what they are or which ones best to use so hopefully I'll be able to give you a bit of a better idea on how the Ledford fits and works so just a quick outline we're going to start off with the evolution of a wisp pretty much how it wisp starts out and how they go through the motions of becoming bigger and better we're going to have a look at the differences between OSPF routing protocols and BGP routing protocols and then finally we're going to finish off with PPP we dial ups to towers do you do them to towers or should you rather do them through your core via tunnels so a couple of questions they just while I'm carrying on I don't like to do a Q&A session at the end if you guys have got a question throw something at me stick your hand in the air I'm more than happy to answer questions as we go through it's just a little bit easier when you're actually asking questions on the sort of topic that we're at at this particular point so please feel free to stop me at any particular time and I'll be very happy to answer some questions okay so let's start off with the evolution of a wisp how does a wisp start out alright usually with a whole bunch of towers all bridged together with one big DHCP server running on it don't laugh you've all been there before I know half the ISPs in this room and you've all done it okay this is the easiest and simplest and nastiest way to get a wireless network up and running and it works for a brief period of time until you start getting bigger and bigger and then the gremlins start creeping in and things start going wrong alright so a couple of issues with a bridged Network well first of all the benefits easy to set up that's it it's the only benefit you get ok problems it starts to become very unstable especially as you start to grow and add more and more devices onto the system so you've got very limited growth potential you can only get to a certain size before things start to really go wrong and trust me they will go wrong you've got a single broadcast domain which means any packet that gets sent out into this network basically it's broadcast through the entire network so all of the devices get contacted with every single packet that flows through it so that wastes a lot of speed a lot of time you get a lot of packet timeouts the list goes on susceptible to loops unfortunately if one of these towers connects to another tower in some way shape or form either with a bridged cable or an incorrect wireless antenna pointed in the wrong direction you cause a network loop and it's not an isolated loop it will crash your entire network in one gun which again major problem ok so very difficult to diagnose faults and you get no failover so if one link goes down let's say for example this one in the middle here can you see my master yeah if that link goes down you lose that whole section of your network all right you can't have backups in place unfortunately so the next stage of a wireless ISP is to move to a static routing table so this is where you now have no more breach network you have a whole bunch of IP addresses and IP ranges all scattered across these towers and it all becomes a rooted platform much much better much better managed and obviously a lot less issues in gremlins and now it actually gives you the option for redundancy so now you can start putting in backup links and when the main links fall or fail over or get struck by lightning whatever it may be failover links can be in and your clients they have been running alright so some positives and negatives to static routing so first of all remove all the downside of a bridge system that we've just mentioned so you get rid of all of those loops and all that sort of nonsense and it adds the potential for those fail overs couple of problems pretty difficult to set up and maintain especially if you've got multiple links all over the place you have to build and maintain routing tables that can sometimes become pages and pages long it's a nightmare so failover because of that nightmare is usually a manual process okay if a main link goes down it means you've got to log in some way disable a primary route enable a failover route get the link up and running again and obviously off you go so failover still exists but it's much more manual and because of that you never get to go on holiday if you're the guy who set up the static routing table you're the one they're going to phone to always always always fix the network all right show of hands anybody who's been in that position couple of people yeah all right so very difficult to scale as well so now of course we move to the reason why I'm here which is the automatic routing protocols we've got to is OSPF which is open shortest path first and then we get BGP which the name escapes you what it actually stands for but these two protocols work in a very similar manner and basically it's the same sort of things the static routing you get a full routing table across your entire network but it's all automated your route reports talk to each other they shake hands they share details between all of their devices etc and they build a fully dynamic routing table now you of course do have a lot more control over how this routing table is built we'll get to that in a second when I start doing some demos but it's a very very nice simple straightforward process and this now starts giving you fail overs but in every aspect if if you've turned on OSPF and BGP if there's a failover route in place that it can find it'll find it and it'll use it you don't have to physically tell it this link is for backup purposes this one and so on and so forth it just does it all automatically alright so some benefits the system builds itself it's fully automated failover so it's infinitely scalable you can make your network as big and bad as you can possibly imagine some problems notifications need to be in place for failover you laugh we've had this before it started off in bloom Fontaine a very good customer of mine a couple years ago when we first started playing around with OSPF and we actually figured out we were running on a backup link for the better part of three months because his main link went down and nobody complained we didn't know about it his customers carried on running so you're gonna have to put in some form of notifications if your main links go down because genuinely you won't know your clients will just carry on running and again I'll show you in the demo how that runs a very good hard wait is needed on your towers and especially on your core especially if you've got a lot of devices out there a lot of clients EPS as well as a lot of tower devices that's a lot of IP addresses to handle you can't have a little root aboard 750 sitting on your high side handling 14 ApS or with their own routing protocols it's not going to work very well so on your high sites make sure you've got something decent either a 30 11 1100 or indeed if you've got the budget for it some of the CCR rooters work incredibly well and they're able to be powered by POV now so they work very nicely on high sites and towers ok any questions so far everyone's got very quiet all good okay everyone's hungry I think okay so differences between OSPF and BGP so OSPF fairly easy to implement routing table and fortunately take some time to both this is the one downside I've had with OSPF in the past it works incredibly well but it's slow its sluggish all right so failover because of their process takes some time to actually kick in so if a main link goes down you'll notice sometimes it'll take up to 30 seconds I've headed in some environments for the failover link to realize okay there's a problem here flick over so on and so forth so routing path control is a little bit challenging but it is possible with OSPF but BGP all the more better so we sort of with BGP a little bit more challenging to implement to be fair but routing table is built almost instantaneously and I will show you this in a demo in a second further over time can be fully customized so you can actually tell the route abort if a failure of a link does take place how long should you wait before flicking over to the fellow that you can actually fully customize that so if your link just drops a couple of packets because of a bit of interference or something along those lines you don't want the whole routing table to flush and rebuild you can actually tell it listen if a link drops hold on for five seconds if it doesn't come back in five seconds then flick over all right fully fully customizable and you get routing filters which makes routing path a lot easier so you can with OSPF it literally just try and take what it thinks is the shortest path maybe that's what OSPF stands for open shortest path first unfortunately sometimes it just gets it a bit wrong whereas with bgp you can customize it you can say this path here this is your primary this is your failure but there are no ifs ands or buts that's the way I want it and that's the way it alert okay help you with that okay so in the corner they in a little bunch of cables and power and all the rest of it I've got a couple of readers that I've set up in my little mock ISP so we've got a primary core we've got a root of B a root of C and in a little bit later on I'm going to jump a client on to that and show you how all of that works so if I log in to my root it yeah can you everyone see that on the screen okay alright so this is my main primary call and I can see over here I've got one client dialed up if I go and have a look at that clients traffic you can see they're pushing about 3 to 4 Meg's constant so this guy suppose you're watching a YouTube video Netflix whatever it may be okay if I go and have a look at my interfaces I can actually see that that traffic is coming in by a port number C alright sorry sorry I just wanted to be if it's awful just want to show you this quickly so if I go to routing BGP I have my BGP engaged between all of the different devices so remember I've got three main towers that are all talking to each other all sharing communications etc so let me see if I can get the screen a bit bigger yeah okay so at the moment it's running through Reuters see that's where the primary traffic is coming through if I go and drop route to see lightning strikes my antenna somebody unplug the cable they shouldn't do whatever the case may be is so it drops from root to see immediately flicks over to root a B and notice how my clients traffic not affected in the slightest okay so immediately changes paths the client didn't have to read either connection you didn't lose a single ping packet everything just carries on running that's the power of BGP all right whereas with OSPF unfortunately you're not really all that yet lucky with it so to give you an example immediately flicks backup so if I did turn it back on if I go and have a look at interfaces you'll see root to see there it is back up and running again yeah client doesn't notice he just carries on watching Netflix he's completely oblivious that you just had a major tower struck by lightning well alright okay so let's have a look at the difference between BGP and OSPF with actually building those routing tables I made note that BGP is a hell of a lot faster let's demonstrate so if you have a look here's my standard routing table pretty basic this little guy over here you can see it's got a Dao if I hold my mouse door it sends for dynamic active and OSPF so that's one of the routes it's actually been built by the SPF if I go and turn my SPF off that pretty much clears out pretty quickly so the routing table does flush fairly fast if it's a large routing table it takes a lot longer trust me if I turn it back on one two three four five six seven you get the idea okay [Laughter] it's still going there we go there we go okay so OSP it's back up and running so that took the better part of what I'm guessing is thirty Seconds something along those lines twenty thirty Seconds okay let's turn OSPF back on back off sorry okay if I go and enable BGP across my entire network back it's literally instantaneous so the to do exactly the same job they build that automatic routing table they give you that nice failover bgp just works a hell of a lot faster than OSPF does so if you're going to be implementing this in your networks i'd highly highly highly recommend bgp okay honestly the only tipping point i found is a learning curve so OSPF as i mentioned is it typically a little bit easier to set up so it's a little bit easier to wrap your head around whereas bgp because you've got things like autonomous path numbers and a few other things that you have to sort of wrap your head around it's a little bit more of a learning curve but other than that there's no reason why you shouldn't start using bgp right from the word go alright the really nice thing is is they play nicely with each other if you've got a network that's already running on OSPF you've more than happy more than capable of turning bgp on simultaneously and getting the whole thing up and running and then as you ready and everything is running okay then you can go to and off your SP there's nothing wrong with running it side by side at all so it depends on the actual the way that you've set it up but primarily it will actually be the BGP and if I can zoom in a bit here you just turn on my OSPF so it primarily comes down with the distances so if you have a look at my roots here for BGP dynamic active and BGP they get added with a distance of 20 which is a fairly high priority once the OSPF actually kicks in you'll see it's added with by default a distance of 110 now you can customize those distances but by default BGP will always kick in as a preference to SPF okay happy so far any other questions yes exactly right that's your path cost correct okay all right so that's the difference between BGP and OSPF we know BGP works gives you full fail overs that's awesome so now we come to the next question with an isp of obviously you've ditched the whole dhcp scenario way back when when you realize that doesn't work too well now you've moved on to pppoe which is your client physically dials up to a tower with a username password gets his internet it allows you to properly manage him apply speed limits all that sort of good stuff but the question has always been and a couple of guys still Oscar today do you either dial up to the tower directly or do you dial up to a call by using some kind of layer to tunnel what are the benefits why should you do one over the other so we'll start off with dialing up to the actual tower so this is where the customer physically puts in his username and password and it authenticates on that tower and that's where the connection physically sits so couple of benefits first of all the pppoe sessions stay fully active during failover even if it's a static reaching failover so if you manually changing routes and all that sort of thing the clients connection will always stay active to their Tower you might not physically have internet what are you changing routes but the PPP recession itself doesn't have to redial okay MTU works incredibly well when there's no tunnel so you don't have to mess around with any MTU values that's a whole training course all of its own if you want to discuss more about em to use I'm more than happy to do it during lunch but that's a totally different animal some problems you get however with dialing at your core first of all your client traceroutes reveal your internal IP infrastructure so if i go back and not share if your client even if he's getting a public IP address directly from your radio server or whatever you're using for your authentication server if he does a trace route out to google he's basically going to see your entire internal routing infrastructure whether it's internal IP addresses public IP addresses he'll be able to see all of the towers that he's bouncing through all right so first of all to your client it looks like he's taking a much longer path to get to the Internet than he really has to and second of all if you've got somebody that's fairly malicious they can actually see all the towers and start messing around with you with your network if you haven't got proper security in place make sense okay next thing is very good hardware is needed on your towers and your core so this comes down to sorry this option over here queues are actually managed by the physical tower so when your client dials up to this and he's got it say a four Meg internet connection that four Meg limitation gets placed on the tower that he's actually getting connected to so again if you've got a smaller route award like a 2011 or God forbid even a 750 or something like that that little Rooter can only handle so much queuing before it actually falls over and starts giving issues if you've got 20 clients all along there with 4 to 10 Meg Internet connections and it has to do all of the limitations for that it's going to struggle so you need some fairly good actual equipment on the high site from a processing standpoint ok each tower router will need its own separate firewall configuration to actually protect your tower all your physical clients all right so another way that we prefer to do it which makes things a lot easier is to actually do this through a tunnel so you've still got your overall network it's all routed all the failure was working everything's there or what you do now is you establish a layer to tunnel through your entire network you can do this with a number of different tunnel methods even Ethernet over IP or your IPS one of the by far the easiest you get other ones like VPLS and the like but we'll just use your IP 4 for today's example so what happens is this tower through the entire rooted network actually builds this layer to tunnel all right the client will then physically hit that layer to tunnel and immediately see its core so when that pppoe dial-up session kicks in when it does I put that username and password it's physically talking straight to my core device now it's no longer talking to the actual tower itself the tower itself is just providing that letter to connection for the client that's it that's all it needs to worry about so now there's no more queues on the tower there's no more firewalls it just provides that layer - ok so first benefit that you'll find again if you do that trace route from the client side there's no more hops going through all of the different towers all your client sees is his public IP address the COS public IP address and he's on the Internet ok happy with that all right a couple of other things so some other benefits pppoe sessions will still stay active during a failover if you've got the appropriate bgp client traceroute so who are fewer hops it's much easier to monitor your active clients and faults all right just to give you an example here sorry this is not my laptop just give me a second Internet's a bit sluggish sorry it's an it's really slow okay okay I'll just let us build for a second so basically what happens is is on your actual main call on this physical main core root aboard you're going to need something fairly hefty a really decent cloud core device with a really good couple of cause to it if you can afford a 72 core by all means please do it we've had some excellent success with them and each one of those for that core will actually have an you IP tunnel or a VPLS tunnel to each and every high site that your clients are talking to and your clients will then dial up through those IP tunnels so when this thing eventually wakes up you'll actually see it'll give me a list of the different high sites and the clients that are associated to that high site so it gives me one good overview of exactly how many clients are connected to that high site just by me logging into my core Rooter I don't have to log into my physical Rooter 20 Kay's away on Tower number 27 to go and see how many clients are associated I can immediately just go to my core and I can see where I'm having problems okay it's just showing me all the PPP's is not helpful this laptop is not happy okay anyway it's starting now so there's one of my hai sites as an example Northpoint Andy I can immediately see all of the clients physically dialing up to that Northpoint eyesight making sense okay next best thing is the actual queues themselves against probably gonna take 20 minutes to build of this internet connection but all of the queues are handled on this main call so this is one decent 72 core server this will handle all of your queues with no issues so the advantage here is is you have one really decent highly priced mikrotik that handles all of the heavy lifting and then on your high sites you don't need anything more than CRS as 2011's or even 30 Elevens because all of those all those devices are doing down the end is doing a little bit of bgp routing establishing the tunnel and that's it they leave it they don't care what type of connection the client is making they don't care how fast the connection is for the client and they don't care about any firewalls all of that is handled by the core because it's now physically one centralized system all right so if you want to protect your physical CPE devices from being hacked you add one firewall rule 422 block and all of a sudden what your client devices are protected okay makes a lot more sense yes you actually are yes I'd never thought about that but do 100% right you actually are saving those packets correct or saving some bandwidth on those packets yeah correct yes spear spear 72 cool now genuinely what we do have is we have int Erica where we host a lot of our services for our clients we actually have 272 course sitting Lea with a protocol called vrrp which stands for virtual rita redundancy protocol so if the main one does fall down there's redundancy links in place the second one kicks in with the exact same IP addresses and the same EO IP tunnels and everything does get re-established so unfortunately the client's connections will have to redial they're all gonna notice but they'll be back up in a couple of seconds as opposed to anything else okay it's gonna sorry this is just going a bit too slow on the internet if you've got a really decent monitoring system either the dude zabbix Nagios whatever monitoring system you use the advantage as well of having all of your PPE sessions on that one central core is you can actually count how many sessions are physically dialed up at the same time I'll try and log in here and we'll see how sluggish it's gonna go but you can actually pull a report based on active connections so you can physically see how many devices you've got connected at the set at one time so what we typically do is we monitor this without a knock Center if we actually see in the graph that a couple of connections has dipped we know there's a problem we'll go and check it out see which high site has obviously lost a whole bunch of connections and then start working our way back from thee where as unfortunate if the clients were dialed up to one of the towers you have to monitor that individual tower to actually get the same results it looks like it's playing nicely now all of a sudden okay so so by that I can actually see how many physical simultaneous connections I've got on our one central core so at the moment I've got a thousand four hundred and sixty and I did have a quite a large dip there at about ten fourteen sorry twenty positive okay so I can actually go and you base the gate that if I see this dip again obviously I can get an alert I can go and see what's going on so on and so forth it just makes monitoring your network a hell of a lot easier because it's not just about monitoring your towers and your back all things it's also about your client connections all right you even have scenarios where you'll have your all of your towers still physically up and running but all of a sudden your client connections dip by 200 and after just doing a bit of investigation this comes at it again and the power and the area's gone out but at least you know about it okay any other questions all good okay that's pretty much it so that's OSPF BGP and pppoe tunnels so if you are gonna implement something like this or if you've got something similar running i'd highly highly recommend bgp with some layer two tunnels it makes monitoring management everything's just so much easier thanks I hope you enjoyed it enjoy lunch [Applause] yeah course the lunch will be on the first on the ground floor and we will be back after 1 hour and 15 minutes 15
Info
Channel: MikroTik
Views: 4,366
Rating: 4.7142859 out of 5
Keywords: mikrotik, routerboard, routeros, latvia
Id: ge6hW5ecdUQ
Channel Id: undefined
Length: 29min 1sec (1741 seconds)
Published: Fri Dec 01 2017
Related Videos
Protocolos de ruteo dinámico - OSPF, BGP, MPLS
MikroTik
10K
UK Police Radio Frequencies, Callsigns & Codes
Ringway Manchester
4.2K
OSPF Explained | Step by Step
CertBros
540K
APRICOT 2017 - Deploy MPLS Traffic Engineering Tutorial (Part 1)
APNIC
12K
MikroTik, BGP and Internet Exchanges
MikroTik
4.7K
The janitor who changed the world of science
Simon Clark
511K
Diseño y funcionamiento de una red WISP (Proveedor de Servicio de Internet) con enrutamiento OSPF
MikroTik
4.7K
OSPF Stub/Totally Stubby/NSSA Areas Explained
CCNP Seth
15K
The Map of Particle Physics | The Standard Model Explained
DoS - Domain of Science
475K
HowToWithLiene: Choosing the right MikroTik device
MikroTik
9.9K
Subnet Mask - Explained
PowerCert Animated Videos
88K
166 IPExpert BGP Peering ebgp and ibgp
CCIEORDIE.COM
5.2K
MikroTik Bandwidth Management with Gaming Priority - Mangle | Queue Tree | Simple Queues - [Tagalog]
Vanz J Tutorials
12K
Super Capacitor Bike
Tom Stanton
1.2M
BGP Introduction - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012
Sikandar Shaik
303K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.