Manual:Metarouter: Difference between revisions
m MetaRouter moved to Metarouter |
Metarouter example added |
||
| Line 105: | Line 105: | ||
Right now you saw that the virtual interface is visible in the '''Host''' ''Interfaces'' menu as ''vif1'' and also in the '''metarouter ''' ''interfaces'' menu as ''ether1''. You can add an IP address on both interfaces, and set up networking. Creating a bridge between the virtual interface and a physical interface allows traffic to pass. | Right now you saw that the virtual interface is visible in the '''Host''' ''Interfaces'' menu as ''vif1'' and also in the '''metarouter ''' ''interfaces'' menu as ''ether1''. You can add an IP address on both interfaces, and set up networking. Creating a bridge between the virtual interface and a physical interface allows traffic to pass. | ||
== Configuration examples == | |||
=== Creating isolated router router for client === | |||
This Example will show how to use Metarouter feature to create a isolated router on top of the WISP client site router. The setup for the example is shown on the diagram below: | |||
1. Adding a Metarouter for client: | |||
[admin@RouterGW] /metarouter> add name=client1 memory-size=32 | |||
[admin@RouterGW] /metarouter> print | |||
Flags: X - disabled | |||
# NAME MEMORY-SIZE DISK-SIZE USED-DISK STATE | |||
0 client1 32MiB 0kiB 189kiB running | |||
[admin@RouterGW] /metarouter> | |||
2. Adding Metarouter Interfaces for the new created Metarouter: | |||
[admin@RouterGW] /metarouter interface> add virtual-machine=client1 | |||
[admin@RouterGW] /metarouter interface> add virtual-machine=client1 | |||
[admin@RouterGW] /metarouter interface> print | |||
Flags: X - disabled, A - active | |||
# VIRTUAL-MACHINE TYPE VM-MAC-ADDRESS | |||
0 A client1 dynamic 02:49:E8:55:8E:E8 | |||
1 A client1 dynamic 02:16:16:90:EF:0E | |||
[admin@RouterGW] /metarouter interface> | |||
3. Creating a Bridge Interface for bridging metarouter interface together with ethernet interface where the client is physically connected: | |||
[admin@RouterGW] /interface bridge> add | |||
[admin@RouterGW] /interface bridge> print | |||
Flags: X - disabled, R - running | |||
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 protocol-mode=none | |||
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s | |||
forward-delay=15s transmit-hold-count=6 ageing-time=5m | |||
[admin@RouterGW] /interface bridge port> add interface=ether2 bridge=bridge1 | |||
[admin@RouterGW] /interface bridge port> add interface=vif2 bridge=bridge1 | |||
[admin@RouterGW] /interface bridge port> print | |||
Flags: X - disabled, I - inactive, D - dynamic | |||
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON | |||
0 ether2 bridge1 0x80 10 none | |||
1 vif2 bridge1 0x80 10 none | |||
4. Adding IP configuration for the new Metarouter interface which will be used for connecting between Meatrouter and Metarouter Host system: | |||
[admin@RouterGW] /ip address> add address=10.0.1.1/24 interface=vif1 | |||
[admin@RouterGW] /ip address> print | |||
Flags: X - disabled, I - invalid, D - dynamic | |||
# ADDRESS NETWORK BROADCAST INTERFACE | |||
0 D 10.5.8.68/24 10.5.8.0 10.5.8.255 ether1 | |||
1 10.0.1.1/24 10.0.1.0 10.0.1.255 vif1 | |||
[admin@RouterGW] /ip address> | |||
5. Connecting to Metarouter using the Console | |||
[admin@RouterGW] /metarouter> console client1 | |||
[Ctrl-A is the prefix key] | |||
Starting... | |||
Starting services... | |||
MikroTik 3.21 | |||
MikroTik Login: admin | |||
Password: | |||
[admin@MikroTik] > /sys identity set name=Client1 | |||
6. Configuring Metarouter to make it easy for client to understand the configuration: | |||
[admin@Client1] /interface ethernet> p | |||
Flags: X - disabled, R - running, S - slave | |||
# NAME MTU MAC-ADDRESS ARP | |||
0 R ether1 1500 02:49:E8:55:8E:E8 enabled | |||
1 R ether2 1500 02:16:16:90:EF:0E enabled | |||
[admin@Client1] /interface ethernet> set 0 name=public | |||
[admin@Client1] /interface ethernet> set 1 name=local | |||
[admin@Client1] /interface ethernet> print | |||
Flags: X - disabled, R - running, S - slave | |||
# NAME MTU MAC-ADDRESS ARP | |||
0 R public 1500 02:49:E8:55:8E:E8 enabled | |||
1 R local 1500 02:16:16:90:EF:0E enabled | |||
[admin@Client1] /interface ethernet> | |||
[admin@Client1] /ip address> add address=10.0.1.2/24 interfae=public | |||
[admin@Client1] /ip address> add address=10.0.2.1/24 interface=local | |||
[admin@Client1] /ip address> print | |||
Flags: X - disabled, I - invalid, D - dynamic | |||
# ADDRESS NETWORK BROADCAST INTERFACE | |||
0 10.0.1.2/24 10.0.1.0 10.0.1.255 public | |||
1 10.0.2.1/24 10.0.2.0 10.0.2.255 local | |||
[admin@Client1] /ip route> add gateway=10.0.1.1 | |||
[admin@Client1] /ip route> print | |||
Flags: X - disabled, A - active, D - dynamic, | |||
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, | |||
B - blackhole, U - unreachable, P - prohibit | |||
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE | |||
0 A S 0.0.0.0/0 r 10.0.1.1 1 public | |||
1 ADC 10.0.1.0/24 10.0.1.2 0 public | |||
2 ADC 10.0.2.0/24 10.0.2.1 0 local | |||
[admin@Client1] /ip route> | |||
[admin@Client1] /ip firewall nat> add action=masquerade out-interface=public chain=srcnat | |||
[[Category:Manual]] | [[Category:Manual]] | ||
[[Category:Virtualization]] | [[Category:Virtualization]] | ||
[[Category:Unfinished]] | [[Category:Unfinished]] | ||
Revision as of 14:30, 12 February 2009
Overview
MetaRouter is a new feature in RouterOS 4.0 beta 1 and RouterOS v3.21
Currently MetaRouter can be used for the RB400 series boards to create virtual machines, but more hardware platforms will be added in future.
Requirements
Each Metarouter instance uses just as much resources as a stand-alone RouterOS installation. This means you need a minimum of 16Mb of RAM for each machine, plus some for the main Router that hosts it. 16Mb is the absolute minimum - it is suggested to have more memory available per each Metarouter.
Currently you can create up to 8 metarouter virtual machines, this number will be increased to 16 in future versions.
In the main machine, you can create up to 8 virtual interfaces that will be connected to the metarouters. Currently the only way to add more, is to use VLAN. Currently it is not possible to use external storage devices (Store) in the metarouter virtual devices.
Uses
The MetaRouter function is useful for allowing clients or lower-privilege users access to their own 'router' and config to configure as they like, without the need for a complete second router, or giving them access to the main router configuration.
For example; a WISP can create a virtual router for the clients ethernet port allowing them to define their own firewall settings, while leaving the WISP's wireless settings untouched.
Commands
The /metarouter menu gives the following:
- add - allows you to create a new virtual router
- print - lets you list any virtual routers
- enable - to enable a virtual router
- disable - to disable a virtual router
- console - lets you access the console of a virtual router
- interface - lets you make network interface mappings
Creating a Metarouter
[admin@RB_Meta] /metarouter> add name=mr0 memory-size=32 disk-size=32000 disabled=no [admin@RB_Meta] /metarouter> print Flags: X - disabled # NAME MEMORY-SIZE DISK-SIZE USED-DISK STATE 0 mr0 16MiB 0kiB 377kiB running
- name: the name of the virtual router
- memory-size: amount of RAM allocated to the virtual router
- disk-size: amount of HDD in kiB allocated to the virtual router (if 0, size is dynamic) *
- used-disk: currently used disk space
- state: identifies if the metarouter is running or disabled
Note: * be careful when using dynamic HDD size for metarouters, a proxy could fill up all your hosts storage!
Example with no settings
If you will add a new metarouter without specifying any parameters, it will be added with Dynamic HDD size, and 16MiB of RAM:
[admin@RB_Meta] /metarouter> add name=mr1 [admin@RB_Meta] /metarouter> print Flags: X - disabled # NAME MEMORY-SIZE DISK-SIZE USED-DISK STATE 1 mr1 16MiB 0kiB 3kiB running
Adding Interfaces
First, you need to add a new interface to your virtual router. This is done in the interface menu.
The interface command has the following options:
[admin@MikroTik] /metarouter> interface add comment disabled dynamic-mac-address type virtual-machine copy-from dynamic-bridge static-interface vm-mac-address
Let's add one interface:
[admin@MikroTik] /metarouter> interface add virtual-machine=mr1 type=dynamic
On the host physical router the interface appears as a virtual interface:
[admin@MikroTik] > /interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU 8 R ether9 ether 1500 9 R test bridge 1500 10 DR vif1 vif 1500
Connecting to the virtual machine
To connect to your virtual machine, use the console command:
/metarouter console 0
You will see your newly added virtual interface here:
[admin@mr0] > interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU 0 R ether1 ether 1500
To disconnect from the metarouter virtual machine console, hit CTRL + A and then Q to Quit back to your Host console:
[admin@MikroTik] > [Q - quit connection] [B - send break] [A - send Ctrl-A prefix] [R - autoconfigure rate] Q Welcome back!
Configuring a virtual network
Right now you saw that the virtual interface is visible in the Host Interfaces menu as vif1 and also in the metarouter interfaces menu as ether1. You can add an IP address on both interfaces, and set up networking. Creating a bridge between the virtual interface and a physical interface allows traffic to pass.
Configuration examples
Creating isolated router router for client
This Example will show how to use Metarouter feature to create a isolated router on top of the WISP client site router. The setup for the example is shown on the diagram below:
1. Adding a Metarouter for client:
[admin@RouterGW] /metarouter> add name=client1 memory-size=32 [admin@RouterGW] /metarouter> print Flags: X - disabled # NAME MEMORY-SIZE DISK-SIZE USED-DISK STATE 0 client1 32MiB 0kiB 189kiB running [admin@RouterGW] /metarouter>
2. Adding Metarouter Interfaces for the new created Metarouter:
[admin@RouterGW] /metarouter interface> add virtual-machine=client1 [admin@RouterGW] /metarouter interface> add virtual-machine=client1 [admin@RouterGW] /metarouter interface> print Flags: X - disabled, A - active # VIRTUAL-MACHINE TYPE VM-MAC-ADDRESS 0 A client1 dynamic 02:49:E8:55:8E:E8 1 A client1 dynamic 02:16:16:90:EF:0E [admin@RouterGW] /metarouter interface>
3. Creating a Bridge Interface for bridging metarouter interface together with ethernet interface where the client is physically connected:
[admin@RouterGW] /interface bridge> add
[admin@RouterGW] /interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@RouterGW] /interface bridge port> add interface=ether2 bridge=bridge1
[admin@RouterGW] /interface bridge port> add interface=vif2 bridge=bridge1
[admin@RouterGW] /interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether2 bridge1 0x80 10 none
1 vif2 bridge1 0x80 10 none
4. Adding IP configuration for the new Metarouter interface which will be used for connecting between Meatrouter and Metarouter Host system:
[admin@RouterGW] /ip address> add address=10.0.1.1/24 interface=vif1 [admin@RouterGW] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 D 10.5.8.68/24 10.5.8.0 10.5.8.255 ether1 1 10.0.1.1/24 10.0.1.0 10.0.1.255 vif1 [admin@RouterGW] /ip address>
5. Connecting to Metarouter using the Console
[admin@RouterGW] /metarouter> console client1 [Ctrl-A is the prefix key] Starting... Starting services... MikroTik 3.21 MikroTik Login: admin Password: [admin@MikroTik] > /sys identity set name=Client1
6. Configuring Metarouter to make it easy for client to understand the configuration:
[admin@Client1] /interface ethernet> p Flags: X - disabled, R - running, S - slave # NAME MTU MAC-ADDRESS ARP 0 R ether1 1500 02:49:E8:55:8E:E8 enabled 1 R ether2 1500 02:16:16:90:EF:0E enabled [admin@Client1] /interface ethernet> set 0 name=public [admin@Client1] /interface ethernet> set 1 name=local [admin@Client1] /interface ethernet> print Flags: X - disabled, R - running, S - slave # NAME MTU MAC-ADDRESS ARP 0 R public 1500 02:49:E8:55:8E:E8 enabled 1 R local 1500 02:16:16:90:EF:0E enabled [admin@Client1] /interface ethernet> [admin@Client1] /ip address> add address=10.0.1.2/24 interfae=public [admin@Client1] /ip address> add address=10.0.2.1/24 interface=local [admin@Client1] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.0.1.2/24 10.0.1.0 10.0.1.255 public 1 10.0.2.1/24 10.0.2.0 10.0.2.255 local [admin@Client1] /ip route> add gateway=10.0.1.1 [admin@Client1] /ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE 0 A S 0.0.0.0/0 r 10.0.1.1 1 public 1 ADC 10.0.1.0/24 10.0.1.2 0 public 2 ADC 10.0.2.0/24 10.0.2.1 0 local [admin@Client1] /ip route> [admin@Client1] /ip firewall nat> add action=masquerade out-interface=public chain=srcnat