Mikrotik, DHCP Classless Route
- Tutorial
DHCP Classless Route , why is it needed?
Our company uses a tincd solution for VPN . Due to the fact that on Mikrotik I did not find an easy way to start tinc, it was decided to start the VPN on a separate server and use it as a gateway. The first attempt is to register a route on the router. From the pings, it was clear that the router was sending a redirect message, while network lags were observed. During operation, the feeling was created that the connection established in this way slows down.
As an experiment, I decided to try to register the route with my hands at my workplace. This turned out to be the right decision - the lags were gone, but this operation had to be done on all office machines, but I didn’t want to drive in with my hands somehow. In this regard, we needed a way, without much stress, to configure a static route on all clients receiving an address using the DHCP protocol.
The googling process led me to the Mikrotika documentation page . Everything is clear - DHCP Classless Route will help us . The setup is relatively easy, but because of this relativity I killed half a day to set up. At the same time, there were problems with network access on network hosts - on Windows machines, the default route disappeared.
Another difficulty in setting up Mikrotik is that you need to enter the route in hexadecimal (or binary) form, which slightly confused me. Yes, and in the documentation some nuances are not indicated. This option is considered in the basic version. And then as you want)). I had to go a little deeper into the details of the settings.
In order for all hosts to get the route, regardless of the operating system family, you need to configure 2 options 121 and 249 . If all developers would follow the RFC , then perhaps the life of system administrators would be much fresher and less interesting.
According to the same document, the route diagram will look like this:
In order to correctly route, you need to translate the destination network address, subnet mask and gateway address in hexadecimal format. Those who wish tosuffer can increase their personal skill in binary format.
LEN (destination subnet mask) = 24 = 0x18
DESTINATION = 10.0.0.0 = 0A 00 00
ROUTER = 192.168.0.2 = c0 a8 00 02
Summary line: 0x180A0000c0a80002
add the route Mikrotik:
through winbox
through the console
LEN (destination subnet mask) 8 = = 0x08
DESTINATION = 10.0.0.0 = 0A
ROUTER = 192.168.0.2 = c0 a8 00 02
Total line: 0x080Ac0a80002
LEN (destination subnet mask) = 29 = 0x19
DESTINATION = 172.16.4.0 = AC100400
ROUTER = 192.168.0.2 = AC10040001
Total line: 0x19AC100400AC10040001
Images 2 to 3 examples they are not I apply, because on the router itself, configure identical to example 1.
I don’t know why the fellow soft-minded people adhere to the views of Comrade Lenin , but they follow them rather fanatically. Despite the presence of RFC3442, Microsoft decided to get the route on its clients with option 249.
On Mikrotik, this option is configured like the 121st option
0x [ destination address subnet mask ] [ destination address ] [ gateway address ]
Unfortunately, the documentation on the Mikrotik website does not contain an example of how to configure several routes correctly. RFC3442 comes to the rescue in which there is a wonderful scheme for compiling several routes which is given above.
Add the second route to the first route without 0x.
Example
two routes 10.0.0.0/8 and 172.16.4.0/24 through the gateway 192.168.0.2 in one line will look like this:
I hope that this information will be useful to someone.
PS: I ask for comments and suggestions to send in a personal.
UPD:
comrade orlovdl sketched a python function to translate the address block into the Hex format.
UPD:
comrade poofeg suggested:
Our company uses a tincd solution for VPN . Due to the fact that on Mikrotik I did not find an easy way to start tinc, it was decided to start the VPN on a separate server and use it as a gateway. The first attempt is to register a route on the router. From the pings, it was clear that the router was sending a redirect message, while network lags were observed. During operation, the feeling was created that the connection established in this way slows down.
As an experiment, I decided to try to register the route with my hands at my workplace. This turned out to be the right decision - the lags were gone, but this operation had to be done on all office machines, but I didn’t want to drive in with my hands somehow. In this regard, we needed a way, without much stress, to configure a static route on all clients receiving an address using the DHCP protocol.
The googling process led me to the Mikrotika documentation page . Everything is clear - DHCP Classless Route will help us . The setup is relatively easy, but because of this relativity I killed half a day to set up. At the same time, there were problems with network access on network hosts - on Windows machines, the default route disappeared.
Another difficulty in setting up Mikrotik is that you need to enter the route in hexadecimal (or binary) form, which slightly confused me. Yes, and in the documentation some nuances are not indicated. This option is considered in the basic version. And then as you want)). I had to go a little deeper into the details of the settings.
In order for all hosts to get the route, regardless of the operating system family, you need to configure 2 options 121 and 249 . If all developers would follow the RFC , then perhaps the life of system administrators would be much fresher and less interesting.
Option 121
Option 121 , like all other DHCP options, is described in rfc3442 . This document dictates the following rules and requirements for 121 parameters:- minimum length is 5 bytes.
- you can enter one or more routes
- each route must contain the destination network address and the gateway IP address.
According to the same document, the route diagram will look like this:
Code Len Destination 1 Router 1
+ ----- + --- + ---- + ----- + ---- + ---- + ---- + ---- + - - +
| 121 | n | d1 | ... | dN | r1 | r2 | r3 | r4 |
+ ----- + --- + ---- + ----- + ---- + ---- + ---- + ---- + ---- +
Destination 2 Router 2
+ ---- + ----- + ---- + ---- + ---- + ---- + ---- +
| d1 | ... | dN | r1 | r2 | r3 | r4 |
+ ---- + ----- + ---- + ---- + ---- + ---- + ---- +
In order to correctly route, you need to translate the destination network address, subnet mask and gateway address in hexadecimal format. Those who wish to
Example 1
We compose the route line for the network 10.0.0.0/ 24 through the router 192.168.0.2LEN (destination subnet mask) = 24 = 0x18
DESTINATION = 10.0.0.0 = 0A 00 00
ROUTER = 192.168.0.2 = c0 a8 00 02
Summary line: 0x180A0000c0a80002
add the route Mikrotik:
through winbox
through the console
/ ip dhcp-server option
add code = 121 name = opt_121_10 value = 0x180A0000c0a80002
set 0 dhcp-option = opt_121_10
Example 2
Form the route string for 10.0.0.0/ network 8 through a router 192.168.0.2LEN (destination subnet mask) 8 = = 0x08
DESTINATION = 10.0.0.0 = 0A
ROUTER = 192.168.0.2 = c0 a8 00 02
Total line: 0x080Ac0a80002
Example 3
Form the route string for 10.0.0.0/ network 8 through a router 192.168.0.2LEN (destination subnet mask) = 29 = 0x19
DESTINATION = 172.16.4.0 = AC100400
ROUTER = 192.168.0.2 = AC10040001
Total line: 0x19AC100400AC10040001
Images 2 to 3 examples they are not I apply, because on the router itself, configure identical to example 1.
Very easily we can run into a sudden disconnection of customers due to one small nuance
If you enter the subnet address incorrectly. Making a mistake is very easy. To avoid this, you need to recall the theory and apply it in practice.
Let's remember. There is an address and a subnet mask. The address is divided into two parts - network and host.
The subnet mask indicates how many first bits of the address belong to the network part. Accordingly, the rest of the address indicates the host.
If we need a route to the network with a mask of 24 bits, then we need the first 3 octets of the address of the destination network (Example 1)
If we need a route to the network with a mask of 8 bits, we only need the 1st octet of the address of the destination network ( Example 2)
If we need a route to the network with a mask of 25 bits, then all octets will need to be specified (Example 3)
Let's remember. There is an address and a subnet mask. The address is divided into two parts - network and host.
The subnet mask indicates how many first bits of the address belong to the network part. Accordingly, the rest of the address indicates the host.
If we need a route to the network with a mask of 24 bits, then we need the first 3 octets of the address of the destination network (Example 1)
If we need a route to the network with a mask of 8 bits, we only need the 1st octet of the address of the destination network ( Example 2)
If we need a route to the network with a mask of 25 bits, then all octets will need to be specified (Example 3)
Option 249
On the wikipedia page with dhcp description, there is a link to generally accepted DHCP options. 249 option is in range for private use.I don’t know why the fellow soft-minded people adhere to the views of Comrade Lenin , but they follow them rather fanatically. Despite the presence of RFC3442, Microsoft decided to get the route on its clients with option 249.
On Mikrotik, this option is configured like the 121st option
0x [ destination address subnet mask ] [ destination address ] [ gateway address ]
If you have problems setting up Windows machines, then try using the tip under the spoiler
0x [ destination address subnet mask ] [ destination address ] [ gateway address ] 00 [ gateway address ]
Add the address of the router to line 00 again.
Why it works, I did not understand. Through empirical research, a solution was found. Later, an option worked without my crutch.
Add the address of the router to line 00 again.
Why it works, I did not understand. Through empirical research, a solution was found. Later, an option worked without my crutch.
Multiple Routes on One Line
Unfortunately, the documentation on the Mikrotik website does not contain an example of how to configure several routes correctly. RFC3442 comes to the rescue in which there is a wonderful scheme for compiling several routes which is given above.
Add the second route to the first route without 0x.
Example
two routes 10.0.0.0/8 and 172.16.4.0/24 through the gateway 192.168.0.2 in one line will look like this:
0x 08 0Ac0a80002 18 AC100Bc0a80002bold highlighted subnet masks
I hope that this information will be useful to someone.
PS: I ask for comments and suggestions to send in a personal.
UPD:
comrade orlovdl sketched a python function to translate the address block into the Hex format.
UPD:
comrade poofeg suggested:
I would pay attention to this phrase in RFC3442:
DHCP server administrators [...] should specify the default router (s) both in the Router option and in the Classless Static Routes option.
In all of your examples in option 121, the default route is missing. That is, it is better to append 00c0a80001 to both lines at the end (0.0.0.0/0 via 192.168.0.1).