Can ping 8.8.8.8 but can not ping 8.8.4.4 , what gives?

RouterOS Beginner Basics
1

The following is my Network Diagram

Code below is executed on Mikrotik B Terminal

> tool traceroute 8.8.8.8
     ADDRESS                                    STATUS
   1     10.70.192.1 8ms 9ms 8ms 
   2     10.70.192.1 9ms 10ms 13ms 
   3    202.73.96.73 10ms 8ms 10ms 
   4    202.73.96.73 10ms 16ms 10ms 
   5    202.73.96.90 11ms 9ms 11ms 
   6  111.95.247.102 22ms 22ms 23ms 
   7  111.95.247.130 24ms 22ms 21ms 
   8  209.85.243.158 24ms 86ms 126ms 
   9  209.85.242.243 33ms 32ms 31ms 
                      mpls-label=739216 exp=4
  10  209.85.250.237 34ms 38ms 44ms 
  11   66.249.94.166 37ms 35ms 36ms 
  12         8.8.8.8 38ms 30ms 30ms 

> tool traceroute 8.8.4.4
     ADDRESS                                    STATUS
   1         0.0.0.0 timeout timeout timeout 
   2         0.0.0.0 timeout timeout timeout 
   3         0.0.0.0 timeout timeout timeout 
   4       (unknown) timeout timeout timeout

It should have been like this (Executed on Mikrotik A)

> tool traceroute 8.8.8.8
     ADDRESS                                    STATUS
   1     10.70.192.1 9ms 10ms 7ms 
   2     10.70.192.1 8ms 9ms 6ms 
   3    202.73.96.73 9ms 8ms 7ms 
   4    202.73.96.73 9ms 8ms 9ms 
   5    202.73.96.90 9ms 8ms 9ms 
   6  111.95.247.102 19ms 19ms 19ms 
   7  111.95.247.130 21ms 19ms 20ms 
   8  209.85.243.158 20ms 21ms 20ms 
   9  209.85.242.243 29ms 30ms 29ms 
                      mpls-label=761488 exp=4
  10  209.85.250.237 35ms 33ms 33ms 
  11   66.249.94.166 31ms 36ms 35ms 
  12         8.8.8.8 29ms 36ms 32ms 

> tool traceroute 8.8.4.4
     ADDRESS                                    STATUS
   1     10.70.192.1 8ms 12ms 7ms 
   2     10.70.192.1 8ms 15ms 8ms 
   3    202.73.96.25 8ms 8ms 8ms 
   4    202.73.96.25 7ms 8ms 8ms 
   5    202.73.96.90 11ms 9ms 8ms 
   6   111.95.247.98 19ms 19ms 19ms 
   7  111.95.247.130 21ms 21ms 21ms 
   8  209.85.243.156 21ms 25ms 19ms 
   9  209.85.242.233 31ms 37ms 28ms 
                      mpls-label=409728 exp=4
  10  209.85.242.125 32ms 62ms 27ms 
  11   66.249.94.126 33ms 36ms 36ms 
  12         8.8.4.4 36ms 33ms 28ms

All connection works perfectly well, I can ping the Mikrotik A and B from Home PC , Office PC #1 , Office PC #2 , Office Server
I can also access them using WinBox / Putty

The detailed problem are :
Mikrotik A , Home PC , TP Link Router (Everything before Mikrotik B) can PING / ACCESS any accessible address in the web (example 8.8.8.8, 8.8.4.4, ikt-global.com , ikt.co.id , google.com, yahoo.com ,etc)
Mikrotik B , Office PC #1 , Office PC #2 , Office Server , Router 3 (Everything after and including Mikrotik B) can only PING / ACCESS some of them (Example Only 8.8.8.8 , ikt-global.com , ikt.co.id ), while the other ALWAYS returned timeout

I am guessing that I might have something that need to be configured on Mikrotik B, but I am not sure what

Now to make it even more bizarre, I dont know why, but sometimes the problem resolved themselves O.o;
For example
4PM , ping google.com from Mikrotik B , it is not working
5PM , ping google.com from Mikrotik B , hey it works now (though some other site still timeout)

I have absolutely no Idea what caused this :frowning: , I have never experienced something like this before, the Internet Gateway (TP LINK) have NO firewall configured (I have factory reset the TP LINK for good measure)

Mikrotik A Configuration

> interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                        TYPE             MTU   L2MTU
 0  R  ether1                                      ether            1500  1600 
 1  R  wlan1                                       wlan             1500  2290 
 2  R  bridge1                                     bridge           1500  1600 

> ip address print
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE              
 0   10.11.11.10/24     10.11.11.0      10.11.11.255    ether1      

> ip dns print
                servers: 8.8.8.8
  allow-remote-requests: yes
    max-udp-packet-size: 512
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 5KiB

> ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0          10.11.11.10     10.11.11.1         1       
 1 ADC  10.11.11.0/24      10.11.11.10     bridge1            0

Mikrotik B has EXACTLY the same configuration (only differ in ip address)

> ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE              
 0   10.11.11.20/24     10.11.11.0      10.11.11.255    ether1

Please help… this is so bizarre, (it would be better if Mikrotik B cant ping anything, why it can ping 8.8.8.8 and not 8.8.4.4 is way beyond me)

Thanks a lot for your help (bookmarked this thread, will check back frequently) :slight_smile:

2

Updated my post with examples, screenshot and structured it around so that it is much more readable :slight_smile:

3

Okay , I have done a full check on all configuration, comparing the Mikrotik A and Mikrotik B

Mikrotik A - The one that is connected to the Internet Gateway 10.11.11.1 directly

> interface wireless print
Flags: X - disabled, R - running 
 0  R name="wlan1" mtu=1500 mac-address=00:0C:42:87:F4:5B arp=enabled 
      interface-type=Atheros 11N mode=station-pseudobridge 
      ssid="IKTcasablanca" frequency=5180 band=5ghz-onlyn channel-width=20mhz 
      scan-list=5050 wireless-protocol=nstreme wds-mode=disabled 
      wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes 
      default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 
      hide-ssid=no security-profile=default compression=no

Mikrotik B - The one that is connected to the Internet Gateway via Mikrotik A

> interface wireless print
Flags: X - disabled, R - running 
 0  R name="wlan1" mtu=1500 mac-address=00:0C:42:88:2A:2D arp=enabled 
      interface-type=Atheros 11N mode=bridge ssid="IKTcasablanca" 
      frequency=5050 band=5ghz-onlyn channel-width=20mhz scan-list=default 
      wireless-protocol=nstreme wds-mode=disabled wds-default-bridge=none 
      wds-ignore-ssid=no default-authentication=no default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=yes 
      security-profile=default compression=no

I can see the mode is different, but changing the Mikrotik B configuration from bridge mode into station-pseudobridge , cause the disconnection between Mikrotik A and B :frowning:


Now this is where I think the cause for my error
Mikrotik B

> ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic 
 #   ADDRESS         MAC-ADDRESS       INTERFACE                              
 0 D 10.11.11.101    00:27:19:F8:4D:32 bridge1                                
 1 D 10.11.11.1      00:0C:42:87:F4:5B bridge1

Please do note, the 10.11.11.101 is the ip for my router 3’s WAN#1 which indeed has a MAC ADDRESS 00:27:19:F8:4D:32
HOWEVER, the 10.11.11.1 is the ip for my TP LINK Router but the MAC-ADDRESS is my Mikrotik A address O.o;

Mikrotik A does report the right IP and MAC though

> ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic 
 #   ADDRESS         MAC-ADDRESS       INTERFACE                               
 0 D 10.11.11.1      94:0C:6D:FE:09:FD bridge1                                 
 1 D 10.11.11.101    00:27:19:F8:4D:32 bridge1

And yes the 94:0C:6D:FE:09:FD is my TP LINK Mac Address (10.11.11.1)

Now to further confirmed the strangeness , I also do the ARP Ping and the following are the result
Normal Ping for Mikrotik A

> ping 10.11.11.1
10.11.11.1 64 byte ping: ttl=64 time=1 ms
10.11.11.1 64 byte ping: ttl=64 time<1 ms
10.11.11.1 64 byte ping: ttl=64 time<1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0/0.3/1 ms

Normal Ping for Mikrotik B

> ping 10.11.11.1
10.11.11.1 64 byte ping: ttl=64 time=9 ms
10.11.11.1 64 byte ping: ttl=64 time=2 ms
10.11.11.1 64 byte ping: ttl=64 time=3 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 2/4.6/9 ms

ARP Ping for Mikrotik A

> ping arp-ping=yes interface=bridge1 10.11.11.1
10.11.11.1 with hw-addr 94:0C:6D:FE:09:FD ping time<1 ms
10.11.11.1 with hw-addr 94:0C:6D:FE:09:FD ping time<1 ms
10.11.11.1 with hw-addr 94:0C:6D:FE:09:FD ping time=1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0/0.3/1 ms

ARP Ping for Mikrotik B

> ping arp-ping=yes interface=bridge1 10.11.11.1
10.11.11.1 with hw-addr 00:0C:42:87:F4:5B ping time=1 ms
10.11.11.1 with hw-addr 00:0C:42:87:F4:5B ping time=2 ms
10.11.11.1 with hw-addr 00:0C:42:87:F4:5B ping time=2 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1/1.6/2 ms

Now the hw-addr is absolutely wrong with the ARP Ping for Mikrotik B
not only that, but sometimes the ARP List for Mikrotik B has no 10.11.11.1 at all
But usually only last for like 1 ~ 3 seconds, but it happened periodically

> ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic 
 #   ADDRESS         MAC-ADDRESS       INTERFACE                              
 0 D 10.11.11.101    00:27:19:F8:4D:32 bridge1

I think , I am on the right track for to find the solution for my problem..

But I dont know what to do :frowning: , all configuration for Mikrotik A and B is totally identical (a part from the Wireless setup and the IP address)

4

IP Scan on Mikrotik A (10.11.11.10)

> tool ip-scan interface=bridge1 address-range=10.11.11.0/24
Flags: D - dhcp 
  ADDRESS         MAC-ADDRESS       TIME  DNS              SNMP            NETBIOS           
  10.11.11.1      94:0C:6D:FE:09:FD 2ms                                                      
  10.11.11.2      6C:62:6D:3A:FF:94 6ms                                                      
  10.11.11.10                       1ms                                                      
  10.11.11.20     00:0C:42:88:2A:2C 8ms                                                      
  10.11.11.101    00:27:19:F8:4D:32 17ms

IP Scan on Mikrotik B (10.11.11.20)

> tool ip-scan interface=bridge1 address-range=10.11.11.0/24
Flags: D - dhcp 
  ADDRESS         MAC-ADDRESS       TIME  DNS        SNMP        NETBIOS       
  10.11.11.1      00:0C:42:87:F4:5B 8ms                                        
  10.11.11.20                       0ms                                        
  10.11.11.10     00:0C:42:87:F4:5B 4ms                                        
  10.11.11.2      00:0C:42:87:F4:5B 17ms                                       
  10.11.11.101    00:27:19:F8:4D:32 2ms

Again as we can see not only the 10.11.11.1 but also the 10.11.11.2 have the MAC Address of Mikrotik A (00:0C:42:87:F4:5B)
Perhaps, is this the cause for my problem??

Can anyone help

5

Okay the MAC Address give the cue :slight_smile:
The technician setted our bridges using a WET Bridge , with the tutorial from http://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks , I have successfuly change them into WDS Bridge instead … Problem Solved :smiley:

Hopefuly anyone who face same problem would be able to find the same solution here :slight_smile: