(Yes I know you can use /32s with routing and stuff works fine…)
This is probably academic because I’m using private addressing, but anyway.
I came across this regarding using /31 masks on point to point links:
https://tools.ietf.org/html/rfc3021
The short story is, I used this between 2 physically connected local machines by setting a /31 address space (.0 and .1) on each end and it worked fine. For reference, I set the addresses on a vlan interface on the MikroTik and a vlan interface on the Juniper switch it’s attached to. Both can ping each other.
I have 2 MikroTik routers on the internet, and I’m doing transport mode (tunnel=no) ipsec between them. And a GRE tunnel using /30 bit netmasks on each end with OSPF routing, and it works fine.
However, if I change the GRE tunnel addresses from 30 bit masks to 31 bit, 10.30.0.0 and 10.30.0.1 to be precise, pings don’t work. I get a timeout on each end when I ping the other end.
But if I do a packet sniffer on the GRE interface, I can see the ping replies! What is wrong then? Seems like I shouldn’t get a timeout on the ping if I can see the reply in the traffic right?
I’ve read a few threads:
https://forum.mikrotik.com/viewtopic.php?f=14&t=32935&start=50
http://forum.mikrotik.com/t/scan-lists/45/1
