Manual:Tools/RoMON: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
← Older editNewer edit →
Moved RoMON under tool menu after version 6.28
→‎Overview: added info on encryption
Line 6: Line 6:


Each router on RoMON network is assigned its RoMON ID. RoMON ID can be selected from port MAC address or specified by user.
Each router on RoMON network is assigned its RoMON ID. RoMON ID can be selected from port MAC address or specified by user.
RoMON protocol does not provide encryption services. Encryption is provided at "application" level, by e.g. using ssh or by using secure winbox.


== Configuration ==
== Configuration ==

Revision as of 08:44, 13 October 2015

Overview

This page contains information about RoMON feature in RouterOS. RoMON stands for "Router Management Overlay Network". RoMON works by establishing independent MAC layer peer discovery and data forwarding network. RoMON network operates independently from L2 or L3 forwarding configuration.

Each router on RoMON network is assigned its RoMON ID. RoMON ID can be selected from port MAC address or specified by user.

RoMON protocol does not provide encryption services. Encryption is provided at "application" level, by e.g. using ssh or by using secure winbox.

Configuration

In order for device to participate in RoMON network RoMON feature must be enabled and ports that participate in RoMON network must be specified.

RoMON feature is configured in /romon menu at version 6.28 and under /tool romon menu after version 6.28. It contains the following settings:

Property Description
enabled (yes | no; Default: no) Disable or enable RoMON feature
id (MAC address; Default: 00:00:00:00:00:00) MAC address to use as ID of this router

When RoMON is enabled and ID is automatically selected, ID is reported in menu info: 

Version 6.28:

[admin@R3] > romon print
       ;;; RoMON running, ID 00:33:00:00:00:02
  enabled: yes
       id: 00:00:00:00:00:00

After version 6.28:

[admin@R3] > tool romon print
       ;;; RoMON running, ID 00:33:00:00:00:02
  enabled: yes
       id: 00:00:00:00:00:00

Ports that participate in RoMON network are configured in romon port menu. Port list is ordered list of entries that match either specific port or all ports and specifies if matching port(s) is forbidden to participate in RoMON network and in case port is allowed to participate in RoMON network entry also specifies port cost. Note that all specific port entries must be placed above wildcard entry with interface=all.

For example, the following list specifies that all ports except ether1 participate in RoMON network with cost 100: 

Version 6.28:

[admin@R1] /romon port print
Flags: X - disabled, D - dynamic 
 #    INTERFACE                                                                 FORBID       COST
 0    ether1                                                                    yes           100
 1    all                                                                       no            100

After version 6.28:

[admin@R1] /tool romon port print
Flags: X - disabled, D - dynamic 
 #    INTERFACE                                                                 FORBID       COST
 0    ether1                                                                    yes           100
 1    all                                                                       no            100

By default one wildcard entry with forbid=no and cost=100 is created.

Peer discovery

In order to discover all routers on RoMON network romon discover command must be used: 

Version 6.28:

[admin@R1] romon discover 
ADDRESS                 COST       HOPS PATH                   L2MTU
00:22:00:00:00:02        200          1 00:22:00:00:00:02       1500
00:02:03:04:05:06        400          2 00:22:00:00:00:02       1500
                                        00:02:03:04:05:06

After version 6.28:

[admin@R1] tool romon discover 
ADDRESS                 COST       HOPS PATH                   L2MTU
00:22:00:00:00:02        200          1 00:22:00:00:00:02       1500
00:02:03:04:05:06        400          2 00:22:00:00:00:02       1500
                                        00:02:03:04:05:06

Applications

Multiple applications can be run over RoMON network.

Ping

In order to test reachability of specific router on RoMON network romon ping command can be used: 

Version 6.28:

[admin@R1] romon ping 00:22:00:00:00:02
  SEQ HOST                                    TIME  STATUS                                       
    0 00:22:00:00:00:02                       0ms                                                
    1 00:22:00:00:00:02                       1ms                                                
    2 00:22:00:00:00:02                       1ms                                                
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms 

After version 6.28:

[admin@R1] tool romon ping 00:22:00:00:00:02
  SEQ HOST                                    TIME  STATUS                                       
    0 00:22:00:00:00:02                       0ms                                                
    1 00:22:00:00:00:02                       1ms                                                
    2 00:22:00:00:00:02                       1ms                                                
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms

SSH

In order to establish secure terminal connection to router on RoMON network romon ssh command can be used, provided that security package is installed: 

Version 6.28:

[admin@R1] romon ssh 00:22:00:00:00:02  

After version 6.28:

[admin@R1] tool romon ssh 00:22:00:00:00:02
Retrieved from "https://wiki.mikrotik.com/index.php?title=Manual:Tools/RoMON&oldid=27509"