Point-to-point (/31) addresses

Eising · Wed Jun 24, 2009 1:23 pm

I've tried with several devices now, but there's absolutely no way, I can get /31 addresses working. Is this a bug, or is it a missing feature?

For the reference:
R1 (RB450):
/ip address add interface=ether1 address=10.10.10.2/31 disabled=no
R2 (RB450)::
/ip address add interface=ether1 address=10.10.10.3/31 disabled=no

Ping times out.

QpoX · Wed Jun 24, 2009 1:39 pm

I've tried with several devices now, but there's absolutely no way, I can get /31 addresses working. Is this a bug, or is it a missing feature?

For the reference:
R1 (RB450):
/ip address add interface=ether1 address=10.10.10.2/31 disabled=no
R2 (RB450)::
/ip address add interface=ether1 address=10.10.10.3/31 disabled=no

Ping times out.

10.10.10.2/31 covers 10.10.10.1 and 10.10.10.2
So change the IP from 3 to 1 or use /30

Eising · Wed Jun 24, 2009 1:48 pm

No.
10.10.10.1/31 covers 10.10.10.0-10.10.10.1.
You will get a nice no route to host error with 10.10.10.1-10.10.10.2 netmask 255.255.255.254

QpoX · Wed Jun 24, 2009 2:04 pm

No.
10.10.10.1/31 covers 10.10.10.0-10.10.10.1.
You will get a nice no route to host error with 10.10.10.1-10.10.10.2 netmask 255.255.255.254

my bad

changeip · Wed Jun 24, 2009 7:44 pm

A /31 isnt even valid is it ? Dont you need a subnet and broadcast address? TCP 101 ...

Eising · Wed Jun 24, 2009 8:19 pm

Normally true, but RFC3021 refers to a way of conserving addresses by using /31 networks on links that do not require the broadcast capability, ie. point-to-point links. If you to take two machines and connect them directly to each other, they do not need to broadcast to find each other, there are two addresses, one for each end of the cable.
This currently works with most network vendor equipment (cisco, juniper, foundry, etc.) as well as linux and BSDs, so I'm really wondering why it doesn't work with MikroTik.

changeip · Wed Jun 24, 2009 9:04 pm

i see...

what does RouterOS show as the network and broadcast when you do an /ip address print (terse) command ? Did it set the network and broadcast correctly? If not, if you set them manually, does that work?

Sam

Eising · Wed Jun 24, 2009 9:12 pm

address=10.10.10.2/31 network=10.10.10.2 broadcast=10.10.10.3 interface=ether3 actual-interface=ether3
Seems correct to me.

chapex · Wed Jun 24, 2009 10:09 pm

address=10.10.10.2/31 network=10.10.10.2 broadcast=10.10.10.3 interface=ether3 actual-interface=ether3
Seems correct to me.

try to force broadcast on 10.10.10.1 address (manually).

regards

Eising · Wed Jun 24, 2009 10:52 pm

No no, 10.10.10.1 is still in another subnet. Since it's a point-to-point network, there is no broadcast. The network 10.10.10.2/31 consists of 10.10.10.2-10.10.10.3. Please read the RFC if you've never dealt with /31's before... It's an easy read.
http://www.faqs.org/rfcs/rfc3021.html

eflanery · Fri Jun 26, 2009 4:00 am

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go.

This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple links on a router.

In your particular case:

R1: /ip add add interface=ether1 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether1 address=10.10.10.3/32 network=10.10.10.2

Will do the trick.

In a more complex hypothetical setup, with four routers connected to each other in a full-mesh of point-to-point ethernets:

R1: /ip add add interface=ether1-to-R2 address=10.10.10.1/32 network=10.10.10.2
R1: /ip add add interface=ether2-to-R3 address=10.10.10.1/32 network=10.10.10.3
R1: /ip add add interface=ether3-to-R4 address=10.10.10.1/32 network=10.10.10.4

R2: /ip add add interface=ether1-to-R1 address=10.10.10.2/32 network=10.10.10.1
R2: /ip add add interface=ether2-to-R3 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether3-to-R4 address=10.10.10.2/32 network=10.10.10.4

R3: /ip add add interface=ether1-to-R1 address=10.10.10.3/32 network=10.10.10.1
R3: /ip add add interface=ether2-to-R2 address=10.10.10.3/32 network=10.10.10.2
R3: /ip add add interface=ether3-to-R4 address=10.10.10.3/32 network=10.10.10.4

R4: /ip add add interface=ether1-to-R1 address=10.10.10.4/32 network=10.10.10.1
R4: /ip add add interface=ether2-to-R2 address=10.10.10.4/32 network=10.10.10.2
R4: /ip add add interface=ether3-to-R3 address=10.10.10.4/32 network=10.10.10.3

Would fully interconnect them, using only 4 addresses. In this particular case, we get 3 times the address utilization efficiency of /31 addressing.

In an 8 router full-mesh the efficiency is even more spectacular, with only 8 addresses needed for /32 addressing, while a whopping 56 addresses would be needed for /31 addressing.

--Eric

chapex · Fri Jun 26, 2009 7:12 am

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go.

This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple links on a router.

In your particular case:

R1: /ip add add interface=ether1 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether1 address=10.10.10.3/32 network=10.10.10.2

Will do the trick.

In a more complex hypothetical setup, with four routers connected to each other in a full-mesh of point-to-point ethernets:

R1: /ip add add interface=ether1-to-R2 address=10.10.10.1/32 network=10.10.10.2
R1: /ip add add interface=ether2-to-R3 address=10.10.10.1/32 network=10.10.10.3
R1: /ip add add interface=ether3-to-R4 address=10.10.10.1/32 network=10.10.10.4

R2: /ip add add interface=ether1-to-R1 address=10.10.10.2/32 network=10.10.10.1
R2: /ip add add interface=ether2-to-R3 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether3-to-R4 address=10.10.10.2/32 network=10.10.10.4

R3: /ip add add interface=ether1-to-R1 address=10.10.10.3/32 network=10.10.10.1
R3: /ip add add interface=ether2-to-R2 address=10.10.10.3/32 network=10.10.10.2
R3: /ip add add interface=ether3-to-R4 address=10.10.10.3/32 network=10.10.10.4

R4: /ip add add interface=ether1-to-R1 address=10.10.10.4/32 network=10.10.10.1
R4: /ip add add interface=ether2-to-R2 address=10.10.10.4/32 network=10.10.10.2
R4: /ip add add interface=ether3-to-R3 address=10.10.10.4/32 network=10.10.10.3

Would fully interconnect them, using only 4 addresses. In this particular case, we get 3 times the address utilization efficiency of /31 addressing.

In an 8 router full-mesh the efficiency is even more spectacular, with only 8 addresses needed for /32 addressing, while a whopping 56 addresses would be needed for /31 addressing.

--Eric

exelent!

Eising · Fri Jun 26, 2009 9:56 am

Interesting concept, quite a hack!
I'm pretty sure I can't use that when the other end of the device is a cisco router, so I'm still very much wanting real /31 support. But thanks for your suggestion, it's a really cool hack

Chupaka · Fri Jun 26, 2009 3:53 pm

on Cisco you should simply use it's /31, I think

eflanery · Fri Jun 26, 2009 11:47 pm

Interesting concept, quite a hack!
I'm pretty sure I can't use that when the other end of the device is a cisco router, so I'm still very much wanting real /31 support. But thanks for your suggestion, it's a really cool hack

While Ciscos won't allow /32 addressing on broadcasty interfaces, you _can_ use /31 on the Cisco side, and /32 on the MT side.

Cisco: ip address 10.10.10.2 255.255.255.254
MT: /ip add add int=foo add=10.10.10.3/32 network=10.10.10.2

The only problem you may run into is with routing protocols that expect matching subnet masks, such as OSPF. Static routing and BGP will be fine, don't know about other IGPs.

--Eric

Eising · Sat Jun 27, 2009 12:39 am

I'm relying on OSPF as IGP, as well as BGP and MPLS, so I'm not going to do this...
Would be nice if MikroTik fixed this. It shouldn't be that hard.

JR · Wed Jul 01, 2009 12:53 am

address=10.10.10.2/31 network=10.10.10.2 broadcast=10.10.10.3 interface=ether3 actual-interface=ether3
Seems correct to me.

Just change the address to .2/32 and network/brdcast to .3 manually.
ip ro pr = .3

All that's needed is a route to the other side!

sten · Sun Jul 12, 2009 5:58 am

For point-to-point interfaces this is a non-issue all together.
For a point-to-point interfaces there is no such thing as a subnet or subnet mask. Only IP addresses on both sides.
It is perfectly legal for tunnel terminator to only have one IP on the loopback which every ptp tunnel sees as the "servers IP".
In other words; Network masks smaller than /32 is a hack for limited stacks.

QpoX · Sun Jul 12, 2009 6:47 am

Can IPIP on top of a /30 be used as a solution?
Or does IPIP also need a broadcast and network? (i've never used it before) and is just a thought!

changeip · Mon Jul 13, 2009 4:54 am

the poster wasnt talking about true PPP... he's talking about two ethernet endpoints on a single ethernet wire basically.

ejmerkel · Mon Feb 14, 2011 10:28 pm

Has anyone got this working yet between an MT and a Cisco using OSPF as the IGP?

I can get both sides to ping using the /31 subnet mask and even get an adjacency formed but it doesn't seem to want to exchange routes.

Eric

eflanery · Wed Feb 16, 2011 7:01 pm

Not I.

For MT-MT, I use /32s, and rejoice that the vast majority of my network is extremely efficient address-use wise.
For Cisco-Cisco, /31s work great, and are only slightly depressing.
For MT-Cisco, /30s seems to be the longest common netmask that works properly with OSPF, so I go with it, and mourn the lost utility.

--Eric

danielillu · Sun Mar 27, 2011 9:03 pm

In a mikrotik-only network like the one eflanery showed:

Does OSPF and MPLS LDP works well?

sten · Mon Mar 28, 2011 9:07 am

I can't think of a reason why it wouldn't work right. Of course with /31 or /32 route's might require a different configuration than /30 subnets.
I'm pretty pleased MikroTik has added more flexible support/functionality. Their artificial software limitations used to be pretty close to ridicules.

maxxs · Mon Apr 08, 2013 5:03 pm

Not I.

For MT-MT, I use /32s, and rejoice that the vast majority of my network is extremely efficient address-use wise.
For Cisco-Cisco, /31s work great, and are only slightly depressing.
For MT-Cisco, /30s seems to be the longest common netmask that works properly with OSPF, so I go with it, and mourn the lost utility.

--Eric

For MT-Cisco i have done following config

cisco:
router ospf 1
log-adjacency-changes
area 172.16.0.1 stub no-summary
network 10.10.0.0 0.0.0.255 area 0.0.0.0
network 172.16.0.0 0.0.0.1 area 172.16.0.1
interface FastEthernet0/1
ip address 172.16.0.0 255.255.255.254
ip ospf network point-to-point
duplex auto
speed auto
end

MT:
[admin@MikroTik] >/ip address export compact
# jan/02/1970 04:17:14 by RouterOS 5.24
# software id = UR1Z-MBDA
#
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=eth2
add address=172.16.0.1/32 interface=ether1-gateway network=31.193.120.160
....

[admin@MikroTik] > routing ospf export compact

/routing ospf area
add area-id=172.16.0.1 default-cost=1 inject-summary-lsas=yes name=172.16.0.1 \
type=stub
/routing ospf instance
set [ find default=yes ] name=172.16.0.1 router-id=172.16.0.1
/routing ospf interface
add interface=ether1-gateway network-type=point-to-point
/routing ospf network
add area=172.16.0.1

OSPF adjacency FULL and traffic going well!!
Router#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 0 FULL/ - 00:00:31 172.16.0.1 FastEthernet0/1

and

[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADo 0.0.0.0/0 172.16.0.0 110
1 ADo 172.16.0.0/31 172.16.0.0 110
2 ADC 172.16.0.0/32 172.16.0.1 ether1-gateway 0
3 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0

PS
in Cisco log apper following
%OSPF-4-CONFLICTING_LSAID: Process 1 area 0.0.0.0: LSA origination prevented by LSA with same LSID but a different mask
Existing Type 3 LSA: LSID 172.16.0.0/31
New Destination: 172.16.0.0/32

pospanko · Wed Jul 31, 2013 5:02 pm

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go.

This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple links on a router.

In your particular case:

R1: /ip add add interface=ether1 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether1 address=10.10.10.3/32 network=10.10.10.2

Will do the trick.

In a more complex hypothetical setup, with four routers connected to each other in a full-mesh of point-to-point ethernets:

R1: /ip add add interface=ether1-to-R2 address=10.10.10.1/32 network=10.10.10.2
R1: /ip add add interface=ether2-to-R3 address=10.10.10.1/32 network=10.10.10.3
R1: /ip add add interface=ether3-to-R4 address=10.10.10.1/32 network=10.10.10.4

R2: /ip add add interface=ether1-to-R1 address=10.10.10.2/32 network=10.10.10.1
R2: /ip add add interface=ether2-to-R3 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether3-to-R4 address=10.10.10.2/32 network=10.10.10.4

R3: /ip add add interface=ether1-to-R1 address=10.10.10.3/32 network=10.10.10.1
R3: /ip add add interface=ether2-to-R2 address=10.10.10.3/32 network=10.10.10.2
R3: /ip add add interface=ether3-to-R4 address=10.10.10.3/32 network=10.10.10.4

R4: /ip add add interface=ether1-to-R1 address=10.10.10.4/32 network=10.10.10.1
R4: /ip add add interface=ether2-to-R2 address=10.10.10.4/32 network=10.10.10.2
R4: /ip add add interface=ether3-to-R3 address=10.10.10.4/32 network=10.10.10.3

Would fully interconnect them, using only 4 addresses. In this particular case, we get 3 times the address utilization efficiency of /31 addressing.

In an 8 router full-mesh the efficiency is even more spectacular, with only 8 addresses needed for /32 addressing, while a whopping 56 addresses would be needed for /31 addressing.

--Eric

Is this usable in production networks?
Where's the catch?

BR,
M

Muqatil · Wed Jul 31, 2013 6:47 pm

Using it in my production network without problems.
Of course, Only Mikrotik supports this. That's the only limitation

Is this usable in production networks?
Where's the catch?

BR,
M

n21roadie · Thu Aug 01, 2013 1:53 pm

Using it in my production network without problems.
Of course, Only Mikrotik supports this. That's the only limitation
Is this usable in production networks?
Where's the catch?

BR,
M

Does this tweak work with OSPF?

eflanery · Thu Aug 01, 2013 6:52 pm

Using it in my production network without problems.
Of course, Only Mikrotik supports this. That's the only limitation
Is this usable in production networks?
Where's the catch?

BR,
M
Does this tweak work with OSPF?

Yes, it works great with simple OSPF and LDP; but TE doesn't seem to work correctly with it, so we are moving away from it (sadly).

PtMP mode for OSPF seems to be by far the most stable with a configuration like this.

--Eric

pospanko · Fri Aug 02, 2013 9:13 am

What kind of problems you have with TE?

eflanery · Fri Aug 02, 2013 5:52 pm

What kind of problems you have with TE?

The problem wasn't so much directly with TE and /32 addressing, as it was with PtMP mode and CSPF.

For some reason, CSPF would never find a path through a PtMP segment, and broadcast or NBMA modes were less stable with /32 addressing.

It's been quite a while since I played with that though (early to mid 5.x), so things may have changed.

--Eric

spire2z · Tue Aug 06, 2013 3:52 am

If the subnet is /31 would you not need to use:

10.10.10.1/31 and 10.10.10.2/31

I have run into this because only two addresses are allowed it will expect the equal amount of Ips in the subnet 10.10.10.3/31 would belong with 10.10.10.4/31

eflanery · Tue Aug 06, 2013 6:09 pm

If the subnet is /31 would you not need to use:

10.10.10.1/31 and 10.10.10.2/31

I have run into this because only two addresses are allowed it will expect the equal amount of Ips in the subnet 10.10.10.3/31 would belong with 10.10.10.4/31

No, you need to stick to VLSM boundaries for /31s...

So, 10.10.10.0/31 pairs only with 10.10.10.1/31; 10.10.10.2/31 pairs only with 10.10.10.3/31; and 10.10.10.4/31 pairs only with 10.10.10.5/31.

That is, of course, _if_ they will work for your situation. Usefulness of /31s is limited on MT.

spire2z · Fri Aug 09, 2013 8:10 pm

Yes that's what i'm saying. The OP's example IPs were not in same subnet!

StubArea51 · Sat Aug 10, 2013 2:02 am

Using it in my production network without problems.
Of course, Only Mikrotik supports this. That's the only limitation
Is this usable in production networks?
Where's the catch?

BR,
M

Routing a /32 via another /32 has been used for years in Telco DSL networks on a multitude of vendor equipment like Cisco, Adtran, etc...

It's a very popular network design when using a PPPoE BRAS

pospanko · Sat Aug 10, 2013 8:41 pm

Using it in my production network without problems.
Of course, Only Mikrotik supports this. That's the only limitation
Is this usable in production networks?
Where's the catch?

BR,
M
Routing a /32 via another /32 has been used for years in Telco DSL networks on a multitude of vendor equipment like Cisco, Adtran, etc...

It's a very popular network design when using a PPPoE BRAS

Great.
But why isn't more used with Mikrotik. It's great IP saver. There's no examples with this kind of IP addressing.

CelticComms · Sun Aug 11, 2013 8:18 am

The technique that is being referred to in earlier posts really uses routing via interface rather than via a specific gateway IP. The method described causes RouterOS to place connected routes in the routing table for the remote IPs but a very similar arrangement with static routes can be achieved as follows:

Make an ARP capable layer 2 network available between 2 RouterOS devices - it can be an Ethernet, VLAN or whatever you can arrange.
Place a /32 IP number "IP A" on Router A.
Place a /32 IP number "IP B" on Router B.
Now add a route on Router A with IP B as the destination and the interface connecting Router A to Router B as the gateway.
Now add a route on Router B with IP A as the destination and the interface connecting Router B to Router A as the gateway.

Router A should now be able to ping Router B on IP B and vice versa should also work. IP A and IP B do not need to be IP numbers remotely close together. This approach works on plenty of routing engines from many suppliers.

It simply forces the routing engine to ARP for the destination IP on the relevant interface.

efaden · Sun Aug 11, 2013 6:57 pm

The technique that is being referred to in earlier posts really uses routing via interface rather than via a specific gateway IP. The method described causes RouterOS to place connected routes in the routing table for the remote IPs but a very similar arrangement with static routes can be achieved as follows:

Make an ARP capable layer 2 network available between 2 RouterOS devices - it can be an Ethernet, VLAN or whatever you can arrange.
Place a /32 IP number "IP A" on Router A.
Place a /32 IP number "IP B" on Router B.
Now add a route on Router A with IP B as the destination and the interface connecting Router A to Router B as the gateway.
Now add a route on Router B with IP A as the destination and the interface connecting Router B to Router A as the gateway.

Router A should now be able to ping Router B on IP B and vice versa should also work. IP A and IP B do not need to be IP numbers remotely close together. This approach works on plenty of routing engines from many suppliers.

It simply forces the routing engine to ARP for the destination IP on the relevant interface.

I tried the above but am running into an odd problem. Here is my config:

Router A

/ip address add address=172.16.0.1/32 network=172.16.0.1 interface=eoip-tunnel1
/ip address add address=10.0.0.1/24 network=10.0.0.0 interface=bridge-local
/ip route add dst-address=172.16.0.2/32 gateway=eoip-tunnel1
/ip route add dst-address=10.0.1.0/24 gateway=172.16.0.2

Router B

/ip address add address=172.16.0.2/32 network=172.16.0.2 interface=eoip-tunnel1
/ip address add address=10.0.1.1/24 network=10.0.1.0 interface=bridge-local
/ip route add dst-address=172.16.0.1/32 gateway=eoip-tunnel1
/ip route add dst-address=10.0.0.0/24 gateway=172.16.0.1

Anyone see anything wrong with this? I can ping the 172.16 addresses from both sides and it works fine, but the 10.0 addresses don't work. I have tried to use gateway=eoip-tunnel1 for the 10.0 routes also, but that doesn't work. Either way I set that up it says the network is unreachable.

How do I get it to route other networks (e.g. my 10.0.) over my EoIP tunnel with /32 addresses?

Also... I had them as /30s before and routing to 172.16... worked just fine, so there is something wrong with how I have the /32 set up.

-Eric

CelticComms · Sun Aug 11, 2013 10:06 pm

I think you are hitting a restriction on next hops not being resolvable via interface routes. I'm not sure what your overall aim is so not sure of best solution, however as a technical point note that if you make both the 10.x.x.x routes interface routes - i.e. set the EoIP tunnel interface as the gateway - and enable proxy-arp at both ends of the EoIP tunnel then you should be able to ping the 10.x.x.x addresses fine in both direction.

efaden · Sun Aug 11, 2013 10:30 pm

I think you are hitting a restriction on next hops not being resolvable via interface routes. I'm not sure what your overall aim is so not sure of best solution, however as a technical point note that if you make both the 10.x.x.x routes interface routes - i.e. set the EoIP tunnel interface as the gateway - and enable proxy-arp at both ends of the EoIP tunnel then you should be able to ping the 10.x.x.x addresses fine in both direction.

What I am trying to do is utilize a /32 for the end points for EoIP tunnels. I have three different routers at three different sites. My goal is to have each one have an address 172.16.0.1-3/32 and then setup EoIP tunnel (A-B, B-C, and A-C) such that A=172.16.0.1, B=172.16.0.2, and C=172.16.0.3. Each router also has its own private range A=10.0.0.0/24, B=10.0.1.0/24, and C=10.0.2.0/24. I would like to setup routes for each of these networks so that they are all routed through the EoIP tunnels with the /32 addresses.

What would you suggest is the best way to do it? Thanks.

-Eric

CelticComms · Sun Aug 11, 2013 11:42 pm

I'm not sure of the overall picture. Are these /32s public IPs you are assigning or /32s provided by an ISP at each location?

efaden · Sun Aug 11, 2013 11:50 pm

I'm not sure of the overall picture. Are these /32s public IPs you are assigning or /32s provided by an ISP at each location?

Private addresses... just assigning them to the inside of a tunnel.

CelticComms · Mon Aug 12, 2013 12:30 am

If they are RFC1918 addresses why do you want to do anything other than use a /30? Conservation of non-RFC1918 addresses is what drives people into /31 & /32 land usually.....

efaden · Mon Aug 12, 2013 12:36 am

If they are RFC1918 addresses why do you want to do anything other than use a /30? Conservation of non-RFC1918 addresses is what drives people into /31 & /32 land usually.....

I suppose mine was a theoretical experiment to learn about /32 addressing.

CelticComms · Mon Aug 12, 2013 12:56 am

If you add proxy-arp and use the eoip interface as the gateway(s) above then you will be able to ping those 10.x.x.x blocks both ways. However, whether that would be acceptable in a real world scenario might depend on a few other factors.

efaden · Mon Aug 12, 2013 1:54 am

If you add proxy-arp and use the eoip interface as the gateway(s) above then you will be able to ping those 10.x.x.x blocks both ways. However, whether that would be acceptable in a real world scenario might depend on a few other factors.

Gotcha. Thanks for the info.

janisk · Fri Aug 16, 2013 4:33 pm

it is easy to set up addresses using /32 addresses.

on router1 you set up

/ip address add address=10.10.10.10/32 interface=ether2 network=11.11.11.11

on router2 you set up mirror of that:

/ip address add address=11.11.11.11/32 interface=ether2 network=10.10.10.10

now you can manage routing or whatever you want to achieve via this. Key part is to set correct network address.

If you check PPPoE, it is working this way, so you can give out to customers real IP addresses but have a local address on the server (same for all tunnels)

Also, RouterOS do accept any other network mask there is(/30 /31), just you have to configure it properly. So if your main goal is to save addresses nothing is more efficient as /32 addressing.

StubArea51 · Sun Aug 18, 2013 6:23 pm

If they are RFC1918 addresses why do you want to do anything other than use a /30? Conservation of non-RFC1918 addresses is what drives people into /31 & /32 land usually.....

Agreed....public Class A/B/C is the only reason I would mess with /32 and /31 routing. If you're using 1918 space only, then do yourself a favor and use a /29. I very rarely provision /30 anymore in the private space between routers because you don't have to redesign or configure if you want to use an IP in that subnet for troubleshooting or add a node.

pixitha · Thu Jan 15, 2015 11:32 am

Thanks for posting on this topic guys, we use /31s all the time and i was really pulling my hair out trying to figure out why the MT wasn't able to use them like other network gear. using the /32 on the MT solves it perfectly!

tomstorey · Wed Feb 04, 2015 12:12 pm

using the /32 on the MT solves it perfectly!

I want to suggest that actually this doesnt solve the problem. Its a work around.

To solve it properly, /31 should be supported.

StubArea51 · Wed Feb 04, 2015 7:22 pm

I could go either way on that...it would be nice to have, but given all the development features requested of MikroTik , I'd rather see MPLS fast reroute or BGP ECMP before /31 addresses.

nicktc · Mon Jul 25, 2016 1:09 am

Sorry if I'm reviving a really old thread, however..

Using 10.0.0.A/32 to link router A-B-C together things that work great:
- OSPF
- MPLS
- LDP
- VPLS (point to point between A-B or B-C)

Things that do not work correctly
- VPLS (between A-C no data RX on either router)

Adding an additional loopback address and using it as a transport address seems to "fix" the problem.

This is on 6.36

Anyone else seeing the same issue?

asy · Tue Feb 27, 2018 1:20 pm

Are there any plans to support RFC 3021 in RouterOS now ?

JimmyNyholm · Tue Feb 27, 2018 5:46 pm

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go.

This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple links on a router.

In your particular case:

R1: /ip add add interface=ether1 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether1 address=10.10.10.3/32 network=10.10.10.2

Will do the trick.

In a more complex hypothetical setup, with four routers connected to each other in a full-mesh of point-to-point ethernets:

R1: /ip add add interface=ether1-to-R2 address=10.10.10.1/32 network=10.10.10.2
R1: /ip add add interface=ether2-to-R3 address=10.10.10.1/32 network=10.10.10.3
R1: /ip add add interface=ether3-to-R4 address=10.10.10.1/32 network=10.10.10.4

R2: /ip add add interface=ether1-to-R1 address=10.10.10.2/32 network=10.10.10.1
R2: /ip add add interface=ether2-to-R3 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether3-to-R4 address=10.10.10.2/32 network=10.10.10.4

R3: /ip add add interface=ether1-to-R1 address=10.10.10.3/32 network=10.10.10.1
R3: /ip add add interface=ether2-to-R2 address=10.10.10.3/32 network=10.10.10.2
R3: /ip add add interface=ether3-to-R4 address=10.10.10.3/32 network=10.10.10.4

R4: /ip add add interface=ether1-to-R1 address=10.10.10.4/32 network=10.10.10.1
R4: /ip add add interface=ether2-to-R2 address=10.10.10.4/32 network=10.10.10.2
R4: /ip add add interface=ether3-to-R3 address=10.10.10.4/32 network=10.10.10.3

Would fully interconnect them, using only 4 addresses. In this particular case, we get 3 times the address utilization efficiency of /31 addressing.

In an 8 router full-mesh the efficiency is even more spectacular, with only 8 addresses needed for /32 addressing, while a whopping 56 addresses would be needed for /31 addressing.

--Eric

This is the way I have tried this with routing protocols ospf and bgp and mpls it all works so my definite recommendation MT<->MT scenario is /32 and use the same IP for all local interfaces on one router. this eliminates the need for loopback interface as the router is the same IP to all interfaces. As MT doesn't work well with /31's the only way to interconnect MT<->OtherVendor is by /30's

asy · Tue Feb 27, 2018 8:36 pm

I read about MT-MT with /32.

As MT doesn't work well with /31's the only way to interconnect MT<->OtherVendor is by /30's

But I need this. I linked MT(/32) - Linux(/31) but I can't run OSPF over it (with Quagga). I tried nbma, broadcast
and point-to-point settings for OSPF but all unsuccessful. The best that I reach (with nbma, from log of Quagga):

OSPF: Packet 172.16.64.58 [Hello:RECV]: NetworkMask mismatch on eth2:172.16.64.59 (configured pref
ix length is 31, but hello packet indicates 32).

eth2/Linux: 172.16.64.59/31

RouterOS:
/ip address
add address=172.16.64.58 interface=ether1 network=172.16.64.59

So, does no way to run OSPF without /30 ?

mrz · Wed Feb 28, 2018 11:36 am

Linux support /32 so switch to /32 and OSPF will work.

asy · Wed Feb 28, 2018 3:33 pm

Linux support /32 so switch to /32

True. I switched "ip address add 172.16.64.59/31 ..." to "ip address add 172.16.64.59/31 peer 172.16.64.59 ..." and link continued to work. Ok.

and OSPF will work.

But this not. Quagga isn't up neighbor with error (with nbma):

OSPF: interface eth2:172.16.64.59: ospf_read network address is not same [172.16
.64.58]

I attempted to switch ospf configuration to point-to-point. This gave some result: I can see neighbor in Quagga now:

172.16.64.58 1 Init/DROther 37.334s 172.16.64.58 eth2:172.16.64.59 0 0 0

but I doesn'ot see neighbor in RouterOS.

mrz · Wed Feb 28, 2018 3:38 pm

show your quagga configuration

asy · Wed Feb 28, 2018 4:48 pm

Sorry, I forgot about default firewall after reset configuration on MT. It works, thanks.

Linux:

ip address add 172.16.64.59/32 peer 172.16.64.58 dev eth2

Quagga:

!
  interface eth2
  ip ospf network point-to-point
! 
 router ospf
  ospf router-id 10.10.10.10
!
  network 172.16.64.58/31 area 0.0.0.112
!
  area 0.0.0.112 stub
!

MT (6.41.2)

/ip address
add address=172.16.64.58 interface=ether1 network=172.16.64.59
/routing ospf area
set [ find default=yes ] disabled=yes
add area-id=0.0.0.112 default-cost=1 inject-summary-lsas=yes name=stub-area1 type=stub
/routing ospf interface
add interface=ether1 network-type=point-to-point
/routing ospf network
add area=stub-area1 network=172.16.64.58/31

mrz · Wed Feb 28, 2018 5:16 pm

change to
network 172.16.64.58/32 area 0.0.0.112

asy · Thu Mar 01, 2018 9:08 am

change to
network 172.16.64.58/32 area 0.0.0.112

It seems more accurate but it not works: Quagga is not sending OSPF hello.

indnti · Fri Jul 20, 2018 2:48 am

Is there any fundamental reason why mikrotik does not support RFC 3021, so it is compatible with other vendors (cisco) without problems?

schadom · Sat Sep 29, 2018 3:07 pm

Is there any fundamental reason why mikrotik does not support RFC 3021, so it is compatible with other vendors (cisco) without problems?

Same as with many other things here...
Hundreds of requests by many customers over years and they simple ignore it

dcosta · Tue Nov 27, 2018 1:33 pm

Hello,
Now that Mikrotik addressed the service providers segment with CCR routers, when does Mikrotik plan to support /31 networks?
The majority of routers used by service providers supports /31, so it will be hard to migrate from a previous /31 configuration to Mikrotik CCR routers.
Thanks,
David

indnti · Fri Sep 20, 2019 12:39 pm

Hi

Any News for this?

chillisock7 · Fri Jan 31, 2020 9:28 pm

Brilliant

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go.

This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple links on a router.

In your particular case:

R1: /ip add add interface=ether1 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether1 address=10.10.10.3/32 network=10.10.10.2

Will do the trick.

In a more complex hypothetical setup, with four routers connected to each other in a full-mesh of point-to-point ethernets:

R1: /ip add add interface=ether1-to-R2 address=10.10.10.1/32 network=10.10.10.2
R1: /ip add add interface=ether2-to-R3 address=10.10.10.1/32 network=10.10.10.3
R1: /ip add add interface=ether3-to-R4 address=10.10.10.1/32 network=10.10.10.4

R2: /ip add add interface=ether1-to-R1 address=10.10.10.2/32 network=10.10.10.1
R2: /ip add add interface=ether2-to-R3 address=10.10.10.2/32 network=10.10.10.3
R2: /ip add add interface=ether3-to-R4 address=10.10.10.2/32 network=10.10.10.4

R3: /ip add add interface=ether1-to-R1 address=10.10.10.3/32 network=10.10.10.1
R3: /ip add add interface=ether2-to-R2 address=10.10.10.3/32 network=10.10.10.2
R3: /ip add add interface=ether3-to-R4 address=10.10.10.3/32 network=10.10.10.4

R4: /ip add add interface=ether1-to-R1 address=10.10.10.4/32 network=10.10.10.1
R4: /ip add add interface=ether2-to-R2 address=10.10.10.4/32 network=10.10.10.2
R4: /ip add add interface=ether3-to-R3 address=10.10.10.4/32 network=10.10.10.3

Would fully interconnect them, using only 4 addresses. In this particular case, we get 3 times the address utilization efficiency of /31 addressing.

In an 8 router full-mesh the efficiency is even more spectacular, with only 8 addresses needed for /32 addressing, while a whopping 56 addresses would be needed for /31 addressing.

--Eric

StubArea51 · Sat Feb 01, 2020 5:52 pm

Just a warning on using two /32 addresses as a workaround for the /31 problem.

We've had a number of problems with OSPF stability using this approach if you're planning on using OSPF for a dynamic routing protocol.

jw1 · Wed May 06, 2020 12:54 am

Working on switching up some /30 to /32 in order to free up some addresses. So far haven't noticed stability issues, but path selection seems a bit odd.
Here's the rundown:
R1 is connected to R2. R1 interface to R2 has a /32 address, for example, 1.1.1.1/32 with network 2.2.2.2. R2 facing R1 is 2.2.2.2/32 with network 1.1.1.1. Connectivity seems OK, but in the routing table on R1, 2.2.2.2 shows up as directly connected, distance 0, but 1.1.1.1 doesn't show up at all. No big deal, just a little odd.
Add R3 and R4. R1 -> R2 -> R3 -> R4 -> back to R1 and add OSPF. Now on the R1 routing table 1.1.1.1 shows up, but as an OSPF route with a distance of 110. Looking in OSPF routes, 1.1.1.1 has a path cost of 20 with a gateway of 2.2.2.2. Odd that a local address would have a path cost of 20, but things still seem to be working, so OK.
Here's the potential gotcha - On R4 routing table the path to 1.1.1.1 has equal preference between going directly from R4-R1 and R4-R3-R2-R1. In the OSPF routes, both options have a path cost of 30 even though 1 path is 1 hop away and the other is 3. All the individual path costs are 10. A traceroute from R4 to 1.1.1.1 chooses the R4-R3-R2-R1 path. To be honest, I doubt I will be needing to connect to the IP address of a PTP link, and the path selection for the loopback address of R1 seems normal, but it is making me wonder if I want to proceed with more switching to /32s. I am thinking about tinkering with a static route on R1 to 1.1.1.1 to see what happens.

(FWIW, these aren't the actual IPs I was using and haven't tested it with these. Also, I doubt if it matters, but the lowest router id for path selection is R3, R4, R2, and then R1)

jw

chakphanu · Fri Jun 26, 2020 5:26 pm

Cisco /31 - MT/31 BFD not work
Cisco /31 - MT/32 BFD Work

next111 · Fri Jul 03, 2020 10:23 pm

serves the / 31 here in Italy is widely used on wan

Sat Aug 01, 2020 2:04 am

/31 network between two mikrotik devices - here is how you do it

First thing - you do not actually use a /31 in the IP address ( this is important )

Here is how you use a /31 network of only two IP address to get two Mikrotik devices to talk to each other.

I am going to demonstrate 192.168.168.0/31 ( This /31 has only two IP address which are 192.168.168.0 and 192.168.168.1 )
Mikrotik #1
- Configure IP address 192.168.168.0 on your first Mikrotik ( example 192.168.168.0 ( no / after IP address ) will be on ether2 )
- Add the route 192.168.168.1 out interface ether2 ( use the interface name not an IP address )

Mikrotik #2
- Configure IP address 192.168.168.1 on your second Mikrotik ( example 192.168.168.1 ( no / after IP address ) will be on ether2 )
- Add the route 192.168.168.0 out interface ether2 ( use the interface name not an IP address )

Thats it , the two mikrotiks can ping each other and pass traffic

So , why burn up 4 IPv4 address on a link with only two Mikrotiks on the link. Each /30 link between two Mikrotik devices can now be used for two different /31 links ( twice as many link using the same number of IP address ).

North Idaho Tom Jones

CZFan · Mon Aug 03, 2020 1:02 am

@TomjNorthidaho, some creative thinking there, I might pop your balloon though

That method is called point to point addressing and but should work

Mon Aug 03, 2020 5:26 pm

@TomjNorthidaho, some creative thinking there, I might pop your balloon though
That method is called point to point addressing and but should work

One thing I have not tested is a /31 between a Mikrotik and a Cisco , or between a Mikrotik and a PfSense virtual router/firewall.

North Idaho Tom Jones

StubArea51 · Tue Aug 04, 2020 6:52 pm

/31 network between two mikrotik devices - here is how you do it

First thing - you do not actually use a /31 in the IP address ( this is important )

Here is how you use a /31 network of only two IP address to get two Mikrotik devices to talk to each other.

I am going to demonstrate 192.168.168.0/31 ( This /31 has only two IP address which are 192.168.168.0 and 192.168.168.1 )
Mikrotik #1
- Configure IP address 192.168.168.0 on your first Mikrotik ( example 192.168.168.0 ( no / after IP address ) will be on ether2 )
- Add the route 192.168.168.1 out interface ether2 ( use the interface name not an IP address )

Mikrotik #2
- Configure IP address 192.168.168.1 on your second Mikrotik ( example 192.168.168.1 ( no / after IP address ) will be on ether2 )
- Add the route 192.168.168.0 out interface ether2 ( use the interface name not an IP address )

Thats it , the two mikrotiks can ping each other and pass traffic

So , why burn up 4 IPv4 address on a link with only two Mikrotiks on the link. Each /30 link between two Mikrotik devices can now be used for two different /31 links ( twice as many link using the same number of IP address ).

North Idaho Tom Jones

The main issue that i've run into with this method is routing protocol instability. I've had intermittent issues with OSPF adjacency instability on a number of networks that used this addressing method. As soon as we migrated to /30 or larger prefix, the issues went away.

Wed Aug 05, 2020 12:26 am

/31 network between two mikrotik devices - here is how you do it

First thing - you do not actually use a /31 in the IP address ( this is important )

Here is how you use a /31 network of only two IP address to get two Mikrotik devices to talk to each other.

I am going to demonstrate 192.168.168.0/31 ( This /31 has only two IP address which are 192.168.168.0 and 192.168.168.1 )
Mikrotik #1
- Configure IP address 192.168.168.0 on your first Mikrotik ( example 192.168.168.0 ( no / after IP address ) will be on ether2 )
- Add the route 192.168.168.1 out interface ether2 ( use the interface name not an IP address )

Mikrotik #2
- Configure IP address 192.168.168.1 on your second Mikrotik ( example 192.168.168.1 ( no / after IP address ) will be on ether2 )
- Add the route 192.168.168.0 out interface ether2 ( use the interface name not an IP address )

Thats it , the two mikrotiks can ping each other and pass traffic

So , why burn up 4 IPv4 address on a link with only two Mikrotiks on the link. Each /30 link between two Mikrotik devices can now be used for two different /31 links ( twice as many link using the same number of IP address ).

North Idaho Tom Jones

The main issue that i've run into with this method is routing protocol instability. I've had intermittent issues with OSPF adjacency instability on a number of networks that used this addressing method. As soon as we migrated to /30 or larger prefix, the issues went away.

I wish that Mikrotik would support a /31 natively on a /31 network between any two Mikrotiks.
With IPv4 exhausted and no more new IPv4 blocks available, it is becoming increasingly important-urgent-required to natively support /31 networks , without the need to do any fancy work-arounds.
I've run into several problems with peer-connections where a remote party is wanting to use a /31 ( a /31 network for BGP peering ). I gave up trying to make it work and had to fight to use a /30 for BGP peering - what a friggen nightmare that was !

North Idaho Tom Jones

sjwrick · Fri Aug 07, 2020 5:23 pm

So I am on the verge of setting up a BGP with my 1st peer and he mentioned using a /31. I am going to assume he is using a Cisco. I am a Mikrotik shop.

You are saying that Cisco and Mikrotik are not able to use BGP on a /31?

Rick

Fri Aug 07, 2020 6:27 pm

So I am on the verge of setting up a BGP with my 1st peer and he mentioned using a /31. I am going to assume he is using a Cisco. I am a Mikrotik shop.

You are saying that Cisco and Mikrotik are not able to use BGP on a /31?

Rick

When I was adding a second BGP peer, I was given one IP address from a /31. I had a Mikrotik ( I don't know what the upstream BGP router was ). I tried and tried and tried using a /31 and at the time I could not get it to even ping his /31 IP address. This was my first attempt at trying to use a /31.
As a test, I switched to a Cisco router and the /31 worked , but I wanted to use a Mikrotik router for my BGP. I was finally able to get the BGP peering network changed from a /31 to a /30 and suddenly everything started working on my Mikrotik router.

Sooo , although it might be possible to make a Mikrotik function on a /31 network for BGP peering, I suggest using a traditional /30 network for BGP peering. A /30 network for BGP peering will give you the ability to change your Mikrotik BGP peering router to any other BGP peering router. If you setup a /31 network for BGP peering , then you might get stuck to only being able to use routers which natively support /31 networks for BGP peering.

So , IMO - for BGP peering , I suggest using existing traditional tried-and-true /30.

North Idaho Tom Jones

pe1chl · Fri Aug 07, 2020 7:59 pm

Of course when you have only a simple peering with some other world where they are using /31, you can just change your own side to be a /30 or even larger to
make your side contain the addresses from the /31 and neither of them being the "network" or "broadcast" address on that subnet.
This will make some addresses unreachable, but when the /31 is from a range that is just used for such peerings, that usually does not matter.

When you want to setup your local shop using /31 and have a mix of routers that allow that and MikroTiks that don't, this could be more of a problem because there
is more risk fo connectivity issues in that case.

turnip · Wed Jul 14, 2021 9:52 am

Any movement on this? Every IP Transit provider I've looked at provides a /31.

Wed Jul 14, 2021 10:04 am

turnip, this should resolve all issues: viewtopic.php?f=14&t=32935#p772755

DarkNate · Wed Jul 14, 2021 11:18 am

turnip, this should resolve all issues: viewtopic.php?f=14&t=32935#p772755

Normis, it seems /31 works fine on RouterOS v6 stable/long-term though? I've seen many ASNs doing it just fine?

Cablenut9 · Wed Jul 14, 2021 4:12 pm

Normis, it seems /31 works fine on RouterOS v6 stable/long-term though?

/32 really cuts down on addresses though, and it follows the philosophy of "hosts have IP addresses, not interfaces"

pe1chl · Wed Jul 14, 2021 4:44 pm

Tricks with /32 (or even /31) work OK for point-to-point traffic like static routing or BGP peers, but they fail when you use protocols that expect to be able to use broadcast over a link, like OSPF. You may need additional configuration, you may encounter bugs, etc.
As long as you know that, it should be fine.

Cablenut9 · Wed Jul 14, 2021 11:45 pm

but they fail when you use protocols that expect to be able to use broadcast over a link, like OSPF.

This partially untrue, as OSPF has PtP mode which eliminates address broadcasts, making /32 addresses the absolute simplest and easiest option, but only for PtP mode OSPF.

turnip · Thu Jul 15, 2021 8:46 am

turnip, this should resolve all issues: viewtopic.php?f=14&t=32935#p772755

Thanks Normis
I'd tried this in a lab and it worked fine with static routing, but the network manager at my ISP reported that they couldn't get it to work with BGP. I haven't tested it myself as I don't have an ASN yet.
They use Cisco routers and have a client with a Mikrotik CCR.
These guys are flexible enough to offer a /30 or whatever we need, but other providers mightn't be.

pe1chl · Thu Jul 15, 2021 11:02 am

but they fail when you use protocols that expect to be able to use broadcast over a link, like OSPF.
This partially untrue, as OSPF has PtP mode which eliminates address broadcasts, making /32 addresses the absolute simplest and easiest option, but only for PtP mode OSPF.

That is what I say, you may need additional configuration. And I have also seen people reporting problems with that.
But I have no personal experience with it, I do not use /31 or /32 in the network.

itmethod · Fri Jul 22, 2022 8:40 pm

I'm relying on OSPF as IGP, as well as BGP and MPLS, so I'm not going to do this...
Would be nice if MikroTik fixed this. It shouldn't be that hard.

Set OSPF to PTP instead of broadcasting on the Mikrotik. for this interface.