IP Unnumberred: ARP not sourced by pref.source in route (Workarond found)

Dmitriy34 · February 9, 2018, 5:48am

simple setup:

/interface bridge add name=loop1 protocol-mode=none
/interface vlan add interface=sfp-sfpplus1 name=vlan996 vlan-id=996
/ip address add address=192.168.16.1/24 interface=loop1
/ip route add distance=1 dst-address=192.168.16.2/32 gateway=vlan996 pref-src=192.168.16.1

/tool sniffer stop
/tool sniffer
set filter-interface=vlan996 filter-mac-protocol=arp filter-operator-between-entries=and
memory-limit=1000KiB streaming-enabled=yes streaming-server=10.60.249.21
/tool sniffer start

On 10.60.249.21:
$ ./trafr -s | tcpdump -ennr -
reading from file -, link-type EN10MB (Ethernet)
10:24:49.111032 6c:3b:6b:ed:83:85 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.16.2 tell 1.1.48.79, length 28

1.1.48.79 - IP address on another interface (maybe first interface in system)

Why ARP sourced by 1.1.48.79, not by 192.168.16.1 ?
Cisco routers drops this packet.

Checked on CCR1009 with 6.40.2, CCR1036 with 6.39.3, CCR1072 with 6.41.1, RB750 with 6.39.1

Is it possible to fix them?

cdiedrich · February 9, 2018, 7:17am

1.1.48.79 is most likely the lowest IP address in your system - which is then taken by default if no other address matches.
I can totally understand the ARP request.

From the config portion you posted it looks like there’s no IP address assigned to lan996 - so the ARP request can’t formulate a valid reply address.

-Chris

pe1chl · February 9, 2018, 9:01am

That setup may be simple, but unfortunately it is invalid.
You must either make the VLAN interface a member of the bridge, or you must assign an IP address to it.
In this case you could try assigning it the same address as the bridge, this is not forbidden on RouterOS.

Dmitriy34 · February 9, 2018, 9:54am

I need to restict IP addresses usage for concrete client. One conrete IP address for one vlan where is one concrete client.

pe1chl · February 9, 2018, 9:59am

When you use ethernet as a point-to-point network with ARP, you need an IP address at both ends.
As I already wrote, you can often re-use the IP address that you already used for loopback.

Dmitriy34 · February 9, 2018, 10:24am

Ok, thank you, I will try that.

sup5 · February 9, 2018, 12:57pm

you need to assign the ip-address of your loopback-bridge also to your ip-unnumbered interface:

example

loopback: address=1.2.3.4/32 network=1.2.3.4

ether1: address=1.2.3.4/32 network=5.6.7.8

this way arps asking for 5.6.7.8 will be sent out on ether1

if you want to route 2.3.4.5/24 to 5.6.7.8 add an interface route with destination interface (not ip) pointing to ether1

Dmitriy34 · March 6, 2018, 10:43am

Thank you! Works fine.

But static route (for example /24) must be routed to ip address (5.6.7., otherwise ARP is sent.