Page 1 of 1

Default route intermittantly sends to wrong gateway IP

Posted: Thu Jan 14, 2010 11:03 am
by peterdcox
This is so simple a routing config I'm at a loss to come up an explanation other than a software bug?

Router - RB1000U
Firmware - 3.x

Ether1:
Subnet - 192.168.102.0/24
.252 - Mikrotik port IP
.253 - Sonicwall firewall port IP (NATs to public IP from this subnet)
.254 - Cisco router to Telstra private IP network

Ether2:
Subnet - 192.168.100.0/24
.253 - Mikrotik port IP
.106 - My Vista workstation - Gateway set to .253 the Mikrotik

Static Routes:
0.0.0.0/0 - 192.168.102.253 - the sonicwall
192.168.200.0/24 - 192.168.102.254 - remote subnet on the Telstra link

All routing protocols disable on the Mikrotik. We do not have access to the Cisco so it may be broadcasting route updates?

So any frame to an outside IP should be routed by the Mikrotik to the Sonicwall on 192.168.102.253 correct?

Well the Mikrotik mostly sends such frames to the Telstra Cisco on 192.168.102.254, but just occasionally it sends the frame to the correct gateway the Sonicwall on 192.168.102.253.

A tracert from my workstation goes:

192.168.100.253
192.168.102.254

most of the time.

Thoughts? Is there a bug in the 3.x firmware?

We are looking into firmware updates tomorrow. This is a first for us as with Mikrotik, up until recently we used Cisco kit.

Re: Default route intermittantly sends to wrong gateway IP

Posted: Thu Jan 14, 2010 10:48 pm
by SurferTim
Can you show the nat?
/ip firewall nat

ADD: Not in the Sonicwall, the nat in the Mikrotik router.
And those routes above are the only routes in the Mikrotik?

Since the NAT to the public ip is not in this router, you will need to
do a srcnat (masquerade) out ether1
OR
route the ether2 network (192.168.100.0/24) back to the Mikrotik router from the Sonicwall.

Re: Default route intermittantly sends to wrong gateway IP

Posted: Fri Jan 15, 2010 2:48 am
by peterdcox
The Mikrotik config segment prints are:

NAT:
admin@rtehckp001] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic

Routes:
[admin@rtehckp001] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/0 reachable 192.168.102.253 1 ether1
reachable ether1 ether1
1 ADC 172.17.191.0/24 172.17.191.253 0 Colo Private
2 ADC 192.168.100.0/24 192.168.100.253 0 ether3
3 ADC 192.168.102.0/24 192.168.102.252 0 ether1
4 A S 192.168.200.0/24 reachable 192.168.100.254 1 ether3
reachable ether3 ether3

So the NAT table is blank and the routes are what I expect.

Yes the Sonicwall does have a static route back to the 192.168.100.0 subnet so it knows where my workstation lives. I have always been able to ping the Sonicwall from my workstation.

I should also have mentioned that performing a ping or tracert on the Mikrotik (WinBox) it also tried to use the 192.168.102.254 (Telstra Cisco) as the default route most of the time, not always, occasionally it also went the via the correct gateway.

But I have fixed the problem, apparently. Last night whilst researching the v4.5 upgrade I noticed the mention of a bug fix for something to do with delete static routes?

When I origninally setup the Mikrotik the default route was directed to 192.168.102.254 which at that stage was the Sonicwall as the Cisco was not connected. Before I connected the Mikrotik to the production network I changed the Soincwall to .253 and EDITED the default route on the Mikrotik.

All I have done to apparently correct the problem is to DELETE the default route completely and ADD it back, no change in the actual settings. Everything now routes as expected?

Re: Default route intermittantly sends to wrong gateway IP

Posted: Fri Jan 15, 2010 2:57 am
by peterdcox
Nice try no chocolate frog!!!

The routing worked for about 20 minutes after the Delete / Add of the default route.

Now the Mikrotik is sending all outbound traffic to the Telstra Cisco not the Sonicwall again???? :(

Re: Default route intermittantly sends to wrong gateway IP

Posted: Fri Jan 15, 2010 5:08 am
by peterdcox
More info -

Firmware version = 3.23.

There is a wider default route problem with the Mikrotik which hopefully only exists at this firmware version and is corrected by v4.5 which we are about to test.

If I disconnect the Cisco from the network the Mikrotik no longer attempts to use the Cisco as its default route gateway. Have to suspect the Mikrotik is listening to route updates from the Cisco (it does have a default route configured) even though all routing protocols are disabled on the Mikrotik?

Now that the Cisco is out of the network we see a second problem - the Mikrotik randomly returns Destination Host Unreachable to outside IP addresses. That is-

Can get to outside public IPs A and B

Few minutes later can get to A but NOT B

Few minutes later can get to B and NOT A

Few minutes later can get to neither A or B

Few minutes later can get to BOTH A and B

This only happens for IPs that a routed via the Default Route static entry, NOT for IPs that are known by specific routes.

We are currently chasing this exact problem on another RB1000U running v3.23. This second RB1000 is only 5 days old, is in acompletely different network, is not routing outbound through a SonicWall it has one interface on a public IP, is routing only no NAT and no firewall configurations, has been set up by another engineer not me, is connected to a different ISP and displays EXACTLY the problem above.

See how we go with v4.5?