IPv4 Addresses Change Interfaces

gbr · June 8, 2016, 9:13am

or interfaces adopt addresses.

I have searched the forum and asked Google, but am unable to come up with any references to this.

This has happened on a number of devices, both RB450G and RB850Gx2, currently running 6.35.2. I use these as gateway/firewall/routers for home and small business networks. The most recent occurrence was this evening, when I found that traffic wasn’t routeing from a web server in the DMZ to a database server in the internal zone.

The correct addressing is as follows:

[admin@acheron] >> /ip address print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=10.2.0.1/24 network=10.2.0.0 interface=ether2-internal-LAN 
     actual-interface=ether2-internal-LAN 

 1   address=10.2.1.1/24 network=10.2.1.0 interface=ether3-internal-wireless 
     actual-interface=ether3-internal-wireless 

 2   address=10.2.30.1/24 network=10.2.30.0 interface=vlan-wireless-guest 
     actual-interface=vlan-wireless-guest 

 3   address=172.16.0.1/24 network=172.16.0.0 interface=ether4-internal-DMZ 
     actual-interface=ether4-internal-DMZ 

 4   address=192.168.1.2/24 network=192.168.1.0 interface=ether1-external-gateway 
     actual-interface=ether1-external-gateway

What happened this time was that the 172.16.0.0 subnet appeared on ether2-internal-LAN as well as the 10.2.0.0 subnet..

Please note that I looked at and fixed this in Winbox, so have no record of the value of actual-interface when the fault appeared.

Has anyone ever observed something like this and, if so, can you point me at any possible solutions?

Regards
Graeme

BartoszP · June 8, 2016, 9:45am

Is any of these interfaces slave of other interface ?

gbr · June 8, 2016, 9:53am

No. In Winbox they all show MAster Port: none. Hope this helps answer your question:

[admin@acheron] > /interface print detail 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="ether1-external-gateway" default-name="ether1" type="ether" mtu=150>
       actual-mtu=1500 l2mtu=1580 max-l2mtu=1580 mac-address=4C:5E:0C:0F:A2:C3 
       fast-path=no last-link-up-time=may/15/2016 08:52:51 link-downs=0 

 1  R  name="ether2-internal-LAN" default-name="ether2" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1580 max-l2mtu=1580 mac-address=4C:5E:0C:0F:A2:C4 
       fast-path=no last-link-up-time=may/15/2016 08:52:53 link-downs=0 

 2  R  name="ether3-internal-wireless" default-name="ether3" type="ether" 
       mtu=1500 actual-mtu=1500 l2mtu=1580 max-l2mtu=1580 
       mac-address=4C:5E:0C:0F:A2:C5 fast-path=no 
       last-link-up-time=may/15/2016 08:52:51 link-downs=0 

 3  R  name="ether4-internal-DMZ" default-name="ether4" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1580 max-l2mtu=1580 mac-address=4C:5E:0C:0F:A2:C6 
       fast-path=no last-link-up-time=may/15/2016 08:52:53 link-downs=0 

 4  X  name="ether5-unused" default-name="ether5" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1580 max-l2mtu=1580 mac-address=4C:5E:0C:0F:A2:C7 
       fast-path=no link-downs=0 

 5  X  name="bridge-local" type="bridge" mtu=auto mac-address=00:0C:42:E2:0C:A6 
       link-downs=0 

 6  R  name="vlan-wireless-guest" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=157>
       mac-address=4C:5E:0C:0F:A2:C5 fast-path=no 
       last-link-up-time=may/15/2016 08:52:52 link-downs=0

karlisi · June 8, 2016, 10:01am

Perhaps interfaces ether2 to ether4 are in bridge-local?

gbr · June 8, 2016, 10:08am

I don’t think so. bridge-local shows as disabled above.

Is there anywhere else I should look?

[admin@acheron] > /interface bridge print detail 
Flags: X - disabled, R - running 
 0 X  name="bridge-local" mtu=auto arp=enabled mac-address=00:0C:42:E2:0C:A6 protocol-mode=rstp priority=0x8000 auto-mac=no admin-mac=00:0C:42:E2:0C:A6 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

gbr · October 12, 2016, 9:23pm

Still no real clues, and it happened again this morning. Looking at the log I see:

oct/13 05:34:07 ovpn,info TCP connection established from a.b.c.d 
oct/13 05:34:08 ovpn,debug,error,53248,41444,41444,debug,l2tp,28848,warning,22784,
30416,28896,0,firewall,129,1024,9752,debug duplicate packet, dropping 
oct/13 05:34:09 ovpn,info : using encoding - BF-128-CBC/SHA1 
oct/13 05:34:09 ovpn,info,account graeme logged in, e.f.g.h 
oct/13 05:34:09 ovpn,info <ovpn-graeme>: connected 
oct/13 05:34:25 firewall,info drop external input: in:ether1-external-gateway out:
(none), src-mac 30:91:8f:91:2c:da, proto 2, 0.0.0.0->224.0.0.1, len 32 
oct/13 05:34:58 system,info,account user admin logged in from e.f.g.h via winbox
oct/13 05:35:19 system,info pool dhcp changed 
oct/13 05:35:19 system,info address changed            <<============ This appears to be all that is logged
oct/13 05:35:55 system,info,account user admin logged out from 10.3.10.2 via winbox 
oct/13 05:36:30 firewall,info drop external input: in:ether1-external-gateway out:
(none), src-mac 30:91:8f:91:2c:da, proto 2, 0.0.0.0->224.0.0.1, len 32 
oct/13 05:38:32 firewall,info drop external input: in:ether1-external-gateway out:
(none), src-mac 30:91:8f:91:2c:da, proto TCP (ACK,FIN,PSH), 158.85.58.112:443->192.168.1.2:50796, len 143 
oct/13 05:38:35 firewall,info drop external input: in:ether1-external-gateway out:
(none), src-mac 30:91:8f:91:2c:da, proto 2, 0.0.0.0->224.0.0.1, len 32 
oct/13 05:38:52 script,info UpdateDynDNS starts. 
oct/13 05:39:04 info fetch: file "dyndns.checkip.html" downloaded 
oct/13 05:39:05 script,info UpdateDynDNS: No dyndns update needed

All I did was log in, check the RouterOS version, and log out again, and didn’t touch anything else. In other cases the change has happened without any external connection to the box, so I don’t think the OpenVPN connection is the trigger.
.
v6.37.1 on a RB850Gx2.

The effect was that the wireless network address range switched from interface ether3, where it belongs, to ether2. I only noticed when the Unifi APs stopped reporting to their controller. Hopefully the client didn’t notice as they should have been asleep at that time! I’m in a different time zone…

Scanning back through the log I don’t see any significant events.

It has happened a couple of times recently on another RB850Gx2 and a RB450G.

Can anyone suggest any diagnostics I can enable to try and trap the cause of this?

Thanks
Graeme

gbr · October 18, 2016, 9:20am

[Edit: Fixed stupid tyop.]

And here’s another one from a RB450G v6.37.1:

22:01:38 system,info pool dhcp changed 
22:01:38 system,info address changed

The only possible change to the pool would be the Used Addresses, and I’m blowed if I can see why this should mess with how addresses are assigned to interfaces!

Again I ask, can anyone suggest any diagnostics that might help get to the bottom of this?

Since no one else is reporting this is is probably something stupid I’ve done in the configuration.