dedicated server isp subnet 255.255.255.255 problem

Survival8164 · December 31, 2022, 6:27pm

Hello all.
first of all best wishes for 2023.
I am typing this message in Dutch and have translated it with google translate into English.
because I can read and understand English, but writing / speaking is not going well for me.

and now for a problem.
I have installed proxmox on my dedicated server at strato.
under proxmox i installed mikrotik routeros 6.48.
and so far everything went just fine.
now I manage that the mikrotik router gets its external ip address and gateway settings from the provider because I have cloned the mack address from the host to the router, and have also set the hoste so that it does not have an ip address Lake.
now one gets mikrotik router ip address: 85.214.62.188/32
and the gateway of one hosting provider is: 85.214.48.1
so the way you are now the gateway is outside the subnet of the host.
whatever I try so far I can’t manage to do a ping or trace from the mikrotik routers to any ip address on the internet.
the question now is whether and if so how can I ensure that I get internet working.
I have already seen subnet mask 255.255.240.0 pass by with a nailed configuration, but if I can use that subnet mask then I can say on my stomach that it works.

Hopefully someone can and will help me further and we can get it working

greetings: peter
ps: my hosting provider is strato

sindy · December 31, 2022, 9:51pm

There is nothing wrong about having a gateway IP address outside the subnet of the own address as such, but the rest of the configuration must correspond to that.

What is the output of /ip dhcp-client print detail and of /ip address print on the Mikrotik?

Can you ping the 85.214.48.1 from the router? If not, what does ping 85.214.48.1 arp-ping=yes interface=ether1 count=3 show?

Survival8164 · December 31, 2022, 11:57pm

thanks for the reply.

the commands return the following

[admin@MikroTik] > /ip dhcp-client print detail

Flags: X - disabled, I - invalid, D - dynamic

0 interface=ether1 add-default-route=yes default-route-distance=1 use-peer-dns=yes use-peer-ntp=yes dhcp-options=hostname,clientid status=bound address=85.214.62.188/32 gateway=85.214.48.1

dhcp-server=85.214.7.21 primary-dns=81.169.163.106 secondary-dns=85.214.7.22 expires-after=23h49m55s

[admin@MikroTik] > ip address print

Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 D 85.214.62.188/32 85.214.48.1 ether1

1 192.168.200.1/24 192.168.200.0 ether2

and a ping to 85.214.48.1 returns
0 timeout
1 timeout
2 85.214.62.188 time 982 replay 78 ttl 64 host unreachable

sindy · January 1, 2023, 8:04am

Was it mere ping or the ARP ping as I’ve suggested (ping 85.214.62.188 arp-ping=yes interface=ether1)?

Survival8164 · January 1, 2023, 8:52am

sorry my mistake.
I didn’t check the box for arp ping.
in the meanwhile done and an arp ping to both 85.214.62.188 and to 85.214.48.1.
both give a timeout.

sindy · January 1, 2023, 9:06am

It is OK that an ARP ping to an own IP address gives a timeout. But if even an ARP ping to the IP address of the gateway gives a timeout, something is wrong with the network.

Please elaborate on the “I have cloned the mack address from the host to the router”:

do you use x86 (bare metal) or CHR on some virtualization platform?
if a virtualization platform, which one in particular?
why do you need to clone the MAC address, is the public IP address assignment bound to it?

Survival8164 · January 1, 2023, 9:56am

as far as I know the host os should be x86 (64 bit).
with the following specifications.
Intel® Xeon® E3-1230v6 (Kaby Lake)
4 x 3.5 GHz (max turbo 3.9 GHz)
32 GB DDR4 ECC RAM
2 x 4TB HDD

on the boste running as virtualization software proxmox 7.6.4

the mack address has been cloned because the provider’s dhcp server distributes the ip address on the basis of this.
The provider does allow you to set your IP address as a static address.
However, the mack address of which the internet traffic is known must be known to them anyway, so if I let proxmox assign a mac address then things will simply be blocked.
Now that I’m writing this like this I get a hunch in 1x.
could it be that your internet connection is not working properly because your provider sees the same mack address several times?

then just about the mack address clonded piece.
with proxmox you can manually assign a mack address to a virtual network interface.
I have therefore assigned the mack address to interface1 in my virtual machine (the mikrotik routeros), as is the mack address of the host interface at my provider.
for convenience I will from now on just use the name of my provider because it is easier for me to write.
one hosting provider is strato.

If desired, I can also create an account so that the configuration can be viewed on the host and on the router.
nothing special is running on the host right now.

sindy · January 1, 2023, 10:28am

I’m not familiar with Proxmox, but in general you cannot have multiple interfaces with the same MAC address in an L2 network as the bridges/switches dynamically learn through which port a given MAC address is reachable - once they receive a frame from a given MAC address, they send frames for that MAC address only through that port. If multiple devices use the same MAC address, the table in the bridge is constantly updated and only the last device to talk receives further responses. Only when a destination MAC address is not associated with any port, they send frames for that MAC address through all ports except the one through which they come in. Plus the bridge in Proxmox may prevent forwarding frames with a MAC address of a physical Ethernet port to its virtual ports.

So you have the following possibilities:

to exclusively dedicate the physical Ethernet interface to the CHR if Proxmox allows that, to avoid bridging in Proxmox
to assign some other MAC address to the ether1 of your CHR and tell Strato to link the public IP address to it
to assign that other MAC address to the physical Ethernet port of the server and keep the original one of that interface on ether1 of the CHR

Regardless whether you assign the other MAC address to the CHR or to the physical server, it has to be unique in its L2 segment. Since you cannot know what else is connected there, plus something new may get connected there in future, I’d recommend to use a real MAC address of some device at your home, rather than a “locally administered” one.

Survival8164 · January 1, 2023, 10:59am

thank you very much for your response.
I’m going to eat first and after dinner I’m going to see if I can adjust some mack adressern to addresses of devices at my home.
Once I’ve done that I’ll let you know what the result was.

Survival8164 · January 1, 2023, 11:54am

YES it works. apparently the double mack address was the problem.
thanks a lot for the help and tips.
now let’s see if I can convert it to a static address so that I can also assign my 2nd ip address because it wants the same mac address as the primary address.
but I am convinced that I will get a lot further now and otherwise I will start another topic with the problems I am experiencing at that moment.

thanks a lot again

sindy · January 1, 2023, 12:12pm

I would avoid that - if for some reason Strato changes the IP address they want to assign, you will lose connectivity if the CHR won’t adjust to that.

There’s nothing wrong about having multiple IP addresses attached to an interface. In today’s networks, nobody uses a lookup of IP address for a known MAC address - only the reverse, lookung up a MAC address for a known IP address, is used. So just add the other address as a /32 one to ether1, just set the network parameter to the same value as the address parameter (without the /32).

Survival8164 · January 1, 2023, 1:44pm

thank you very much again.
in the meantime I am behind that I can just manually add a 2nd ip in mikrotik router while the primary address just comes from strato’s dhcp server.
in other words I did not convert it to static ip address and only added a 2nd ip address.
so by coincidence I had already followed your advice