Manual:Metarouter

Manual:Metarouter
Applies to RouterOS: v3, v4

Overview
MetaRouter is a new feature in RouterOS 4.0 beta 1 and RouterOS v3.21 Currently MetaRouter can be used on RB400, RB700 series, RB900 series, RB2011 boards Listed PPC boards: RB1000, RB1100, RB1100AH and RB800.

Requirements
Each Metarouter instance uses the same amount of resources as a stand-alone RouterOS installation. It means that you need a minimum of 16MB of RAM for each RouterOS virtual machine plus memory for the MetaROUTER host itself. It is suggested to have more than 16MB memory available for each Metarouter. Upcoming RouterOS versions will have ability to run virtual machines with less than 16MB per machine.
Note: It is possible to run other virtual machines with less than 16MB RAM per machine if the virtual operating system is OpenWRT. The 16MB limitation is only for virtual RouterOS installations.

Currently on one host you can create up to 8 virtual machines and up to 8 virtual interfaces. Workaround to have more than 8 interfaces in total is to use VLANs. In future versions it will be possible to add up to 16 virtual machines. Also it is not possible to use external storage devices (Store) in the metarouter virtual devices.

Where it can be used?

The MetaRouter function is useful for allowing clients or lower-privilege users access to their own 'router' and config to configure as they like, without the need for a complete second router, or giving them access to the main router configuration. For example; a WISP can create a virtual router for the clients ethernet port allowing them to define their own firewall settings, while leaving the WISP's wireless settings untouched.

Creating a Metarouter
[admin@RB_Meta] /metarouter> add name=mr0 memory-size=32 disk-size=32000 [admin@RB_Meta] /metarouter> print Flags: X - disabled # 0 NAME mr0 MEMORY-SIZE DISK-SIZE 16MiB 0kiB USED-DISK 377kiB STATE running disabled=no

As you can see, creating virtual router is quite easy, you just have to specify name of the router, how many RAM will be allocated for it and disk size that will be used by virtual router. Explanations of all other properties are available in reference manual. Note: * be careful when using dynamic HDD size for metarouters, a proxy could fill up all your hosts storage!

Manual:Metarouter Example with no settings If you will add a new metarouter without specifying any parameters, it will be added with Dynamic HDD size, and 16MiB of RAM: [admin@RB_Meta] /metarouter> add name=mr1 [admin@RB_Meta] /metarouter> print Flags: X - disabled # NAME MEMORY-SIZE DISK-SIZE 1 mr1 16MiB 0kiB

USED-DISK 3kiB

STATE running

OpenWRT as virtual machine

Starting from v3.24 and v4.0beta3 MetaROUTER has the ability to import custom built images. As an example we will show how to patch and use OpenWRT as the virtual machine.

Importing image
If you don't have any specific needs, you can import our prebuilt OpenWRT image, which is downloadable MIPS image [1], PPC image [2]. Upload openwrt image to the router and import it by import-image command: [admin@MikroTik] /metarouter> import-image file-name=openwrt-mr-mips-rootfs.tgz imported: 100% [admin@MikroTik] /metarouter> print Flags: X - disabled # NAME MEMORY-SIZE DISK-SIZE 0 mr1 16MiB unlimited

USED-DISK 7383kiB

STATE running

As you can see OpenWRT is running, now you can start configuration process, which is explained in sections below.

Building your own OpenWRT image

If you are not satisfied with our prebuilt version of OpenWRT, then you can build and use your own image. First step is to install svn and get the latest source code from openwrt.org
Note: Patch 1.2 was made against older kernel then in current trunk and some extra steps should be taken to apply it to OpenWRT. For example r29684 can be used without modifications

svn checkout -r 29684 svn://svn.openwrt.org/openwrt/trunk/ Now you have to path downloaded source with our patch [3]
Note: Patch v1.2 adds newer kernel support which makes it possible to compile with latest OpenWRT revisions. This patch also adds PowerPC support (ability to run OpenWRT image on RB1000 and RB1100).

cd trunk/ wget http://www.mikrotik.com/download/metarouter/openwrt-metarouter-1.2.patch

Manual:Metarouter patch -p0 <openwrt-metarouter-1.2.patch When source is patched, you have to set up configuration options make menuconfig Go to Target System menu and choose Mikrotik MetaROUTER MIPS or Mikrotik MetaROUTER PowerPC from the list depending for which platform you are building the image.

Other options depends on what is your requirements (include for example IPv6 and ppp support or not), you can also stick with defaults. If you see any error messages while trying to launch menuconfig, like Build dependency: Please install ncurses. (Missing libncurses.so or ncurses.h) It means that required libraries are not installed, check the output and install all required libraries. When you are done with build configuration, type make It will take a while to build everything so you can go and have a cup of tea. After the build process is done, upload newly built image to the router and import it as described in section above. For more options and build instructions look in OpenWRT's documentation [4]

Adding Interfaces
First, you need to add a new interface to your virtual router. This is done in the interface menu. The interface command has the following options: [admin@MikroTik] /metarouter> interface add comment disabled dynamic-mac-address copy-from dynamic-bridge static-interface Description of each option can be found in reference manual. Let's add one interface:

type vm-mac-address

virtual-machine

Manual:Metarouter [admin@MikroTik] /metarouter> interface add virtual-machine=mr1 type=dynamic On the host physical router the interface appears as a virtual interface: [admin@MikroTik] > /interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE 8 R ether9 ether 9 R test bridge 10 DR vif1 vif

MTU 1500 1500 1500

Connecting to the virtual machine

To connect to your virtual machine, use the console command: /metarouter console 0 You will see your newly added virtual interface here: [admin@mr0] > interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE 0 R ether1 ether

MTU 1500

To disconnect from the metarouter virtual machine console, hit CTRL + A and then Q to Quit back to your Host console (if you are using minicom, hit CTRL + A twice): [admin@MikroTik] > [Q - quit connection] [A - send Ctrl-A prefix] Q Welcome back!

[B - send break] [R - autoconfigure rate]

Configuring a virtual network

Right now you saw that the virtual interface is visible in the Host Interfaces menu as vif1 and also in the metarouter interfaces menu as ether1. You can add an IP address on both interfaces, and set up networking. Creating a bridge between the virtual interface and a physical interface allows traffic to pass.

Configuration examples
Creating isolated Metarouter for client
This Example will show how to use Metarouter feature to create a isolated router on top of the WISP client site router. The setup for the example is shown on the diagram below: 1. Adding a Metarouter for client:
[admin@RouterGW] /metarouter> add name=client1 memory-size=32 [admin@RouterGW] /metarouter> print Flags: X - disabled # NAME MEMORY-SIZE DISK-SIZE USED-DISK STATE

Manual:Metarouter
0 client1 32MiB 0kiB 189kiB running

[admin@RouterGW] /metarouter>

2. Adding Metarouter Interfaces for the new created Metarouter:

[admin@RouterGW] /metarouter interface> add virtual-machine=client1 [admin@RouterGW] /metarouter interface> add virtual-machine=client1 [admin@RouterGW] /metarouter interface> print Flags: X - disabled, A - active # VIRTUAL-MACHINE TYPE VM-MAC-ADDRESS

0 A client1 1 A client1 [admin@RouterGW] /metarouter interface>

dynamic 02:49:E8:55:8E:E8 dynamic 02:16:16:90:EF:0E

3. Creating a Bridge Interface for bridging metarouter interface together with ethernet interface where the client is physically connected:
[admin@RouterGW] /interface bridge> add [admin@RouterGW] /interface bridge> print Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

[admin@RouterGW] /interface bridge port> add interface=ether2 bridge=bridge1 [admin@RouterGW] /interface bridge port> add interface=vif2 bridge=bridge1 [admin@RouterGW] /interface bridge port> print Flags: X - disabled, I - inactive, D - dynamic # 0 1 INTERFACE ether2 vif2 BRIDGE bridge1 bridge1 PRIORITY PATH-COST 0x80 0x80 10 10 HORIZON none none

4. Adding IP configuration for the new Metarouter interface which will be used for connecting between Metarouter and Metarouter Host system:
[admin@RouterGW] /ip address> add address=10.0.1.1/24 interface=vif1 [admin@RouterGW] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK 10.5.8.0 10.0.1.0 BROADCAST 10.5.8.255 10.0.1.255 INTERFACE ether1 vif1

0 D 10.5.8.68/24 1 10.0.1.1/24

[admin@RouterGW] /ip address>

5. Connecting to Metarouter using the Console [admin@RouterGW] /metarouter> console client1 [Ctrl-A is the prefix key] Starting... Starting services...

Manual:Metarouter

MikroTik 3.21 MikroTik Login: admin Password: [admin@MikroTik] > /sys identity set name=Client1 6. Configuring Metarouter to make it easy for client to understand the configuration:
[admin@Client1] /interface ethernet> p Flags: X - disabled, R - running, S - slave # 0 R 1 R NAME ether1 ether2 MTU 1500 1500 MAC-ADDRESS ARP

02:49:E8:55:8E:E8 enabled 02:16:16:90:EF:0E enabled

[admin@Client1] /interface ethernet> set 0 name=public [admin@Client1] /interface ethernet> set 1 name=local [admin@Client1] /interface ethernet> print Flags: X - disabled, R - running, S - slave # 0 R 1 R NAME public local MTU 1500 1500 MAC-ADDRESS ARP

02:49:E8:55:8E:E8 enabled 02:16:16:90:EF:0E enabled

[admin@Client1] /interface ethernet>

[admin@Client1] /ip address> add address=10.0.1.2/24 interfae=public [admin@Client1] /ip address> add address=10.0.2.1/24 interface=local [admin@Client1] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # 0 1 ADDRESS 10.0.1.2/24 10.0.2.1/24 NETWORK 10.0.1.0 10.0.2.0 BROADCAST 10.0.1.255 10.0.2.255 INTERFACE public local

[admin@Client1] /ip route> add gateway=10.0.1.1 [admin@Client1] /ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # 0 A S 1 ADC 2 ADC DST-ADDRESS 0.0.0.0/0 10.0.1.0/24 10.0.2.0/24 10.0.1.2 10.0.2.1 PREF-SRC G GATEWAY r 10.0.1.1 DISTANCE INTERFACE 1 0 0 public public local

[admin@Client1] /ip route>

[admin@Client1] /ip firewall nat> add action=masquerade out-interface=public chain=srcnat

Manual:Metarouter

Reference
General
Sub-menu: /metarouter Menu specific commands:
Property console (console <vm-id>) import-image (import-image file-name=<image-file>) reboot (reboot <vm-id>) shut-down (shut-down <vm-id>) start (start <vm-id>) Description connect to specified virtual machine's console import custom built image (available starting from v3.24 and v4.0b3) reboot specified virtual machine shut down specified virtual machine boot up specified virtual machine

Configurable properties:
Property disk-size (unlimited|0..4294967295[kiB] ; Default: unlimited) memory-size (16..256[MiB] ; Default: 16) Description Disk size that will be allocated by virtual router.

Amount of memory that will be allocated by virtual router. Name of the virtual machine.

name (string ;)

Read only properties:

Property used-disk (integer[kiB] ;) disk-reads (integer;) disk-writes (integer;) state (booting|running|rebooting|shutting-down|stopped|disabled;) Description currently used disk space by virtual router. number of disk reads number of disk writes current state of virtual machine

Interface
Sub-menu: /metarouter interface Configurable properties:
Property dynamic-bridge (string;) Description name of the bridge where to assign virtual interface as a port. Useful if interface type is dynamic mac address of dynamically created interface static interface that virtual interface will be bound to

dynamic-mac-address (mac;) static-interface (none|name-of-iface;) type (dynamic|static;) virtual-machine (string;) vm-mac-address (mac;)

specifies whether interface is static or dynamic specifies to which virtual machine this interface will be bound interface mac address that appears in VM

Manual:Metarouter

Known Issues
MIPS-BE
Issues and possible workarounds for MetaROUTER feature on RouterBOARDs with MIPS-BE architecture Random freezing Only listed routers are affected by this issue: RB450G, RB750G, RB435G, RB493G Certain RouterBOARD products tend to become unresponsive for some amount of time, after a while becoming available on the network. Similar problem is - that only guest becomes unresponsive and after a while continues to perform as expected. If watchdog is enabled on the router - router will be restarted by it instead of becoming available on its own. Other routers from this architecture are believed to not to suffer from this issue. Other issues that do not fit the description most probably are caused by RouterOS misconfiguration and does not have common denominator and have to be checked case by case. As alternatives listed boards can be used instead: RB2011, RB433AH or any other from these series

PPC
Issues and possible workarounds for MetaROUTER feature on RouterBOARDs with PPC architecture Not enough resources Only listed routers are affected: RB1100AH When attempt is made to create MetaROUTER guest on the router error message is given that there is not enough resources on the router to create guest. This problem is resolved in 5.12 and later RouterOS releases. If you are using newer release and still encounter problem on the router you have to reinstall router using Netinstall tool. RouterBOARD RB1100AHx2 reports similar message, but MetaROUTER feature is not currently supported on this router. All other routers form this architecture that support MetaROUTER feature are not affected. Other issues that do not fit the description most probably are caused by RouterOS misconfiguration and does not have common denominator and have to be checked case by case.

References
[1] [2] [3] [4] http:/ / www. mikrotik. com/ download/ metarouter/ openwrt-mr-mips-rootfs. tgz http:/ / www. mikrotik. com/ download/ metarouter/ openwrt-mr-ppc-rootfs. tgz http:/ / www. mikrotik. com/ download/ metarouter/ openwrt-metarouter-1. 2. patch http:/ / kamikaze. openwrt. org/ docs/ openwrt. html#x1-410002. 1. 1

Article Sources and Contributors

Article Sources and Contributors

Manual:Metarouter Source: http://wiki.mikrotik.com/index.php?oldid=25828 Contributors: Janisk, Marisb, Nickshore, Normis, Omega-00, Uldis

Image Sources, Licenses and Contributors

Image:Version.png Source: http://wiki.mikrotik.com/index.php?title=File:Version.png License: unknown Contributors: Normis Image:Icon-note.png Source: http://wiki.mikrotik.com/index.php?title=File:Icon-note.png License: unknown Contributors: Marisb, Route image:snapshot2.png Source: http://wiki.mikrotik.com/index.php?title=File:Snapshot2.png License: unknown Contributors: Marisb