Limitation on number of IP addresses

RouterOS General
1

We are attempting to add roughly 1000 addresses in contiguous public IP space to a single ethernet interface so that we can port forward traffic from each public IP address to a server hosted on corresponding private IPs.

We are adding the addresses via an SSH session within SecureCRT using the following syntax (actual ips changed but netmasks are correct) :

ip address add address=123.45.32.1/22 broadcast=123.45.35.255 comment=“” disabled=no interface=PUBLIC network=123.45.32.0

ip address add address=123.45.32.2/22 broadcast=123.45.35.255 comment=“” disabled=no interface=PUBLIC network=123.45.32.0

ip address add address=123.45.32.254/22 broadcast=123.45.35.255 comment=“” disabled=no interface=PUBLIC network=123.45.32.0

ip address add address=123.45.33.1/22 broadcast=123.45.35.255 comment=“” disabled=no interface=PUBLIC network=123.45.32.0

We can add as many addresses as we like in this manner until we get about halfway through the second Class C network (after aproximately 350 IP addresses or so). At that stage, the router still accepts additional IP address assignments, however upon reboot it appears as if the router configuration becomes corrupted. The local console and winbox become very slow (“interface ethernet print” takes up to a minute to display the interfaces rather then a second or two), and we can no longer access the internet through the router’s WAN interface. It appears as if the router configuration becomes corrupted and we have to restore from backup to restore internet connectivity.

When this happens the mikrotik creates a file called autosupout.rif, 33 bytes in size however that only contains “–BEGIN ROUTEROS SUPOUT SECTION” with no additional text. If we try to dump the config into plain test using /export file=xxx - it fails to complete the export, and generates errors such as :

#error exporting //interface vlan
#error exporting //queue simple

#error exporting //ip ipsec manual-sa

Are there any known limitations as to the number of IP addresses that can be assigned to an ethernet interface? Or a limit to the overall size of the router’s configuration file? Any other thoughts?

2

What kind of hardware are you using?

3

ASUS P4P800-SE Motherboard (Hyperthreading disabled)
Intel Pentium 4 2.8GHZ Prescott
512MB DDR 400mhz RAM
Routerboard 4 port 10/100 Network card
Geforce2 MX 64MB
Mikrotik Disk-On-Module

We are running Mikrotik version 3.0b, but the problem also seemed to exist in version 2.9

4

I wouldn’t add any of those addresses to the router. By simply adding dst-nat’s using those IPs you can listen for traffic and forward it. (as long as your router has at least 1 IP on that interface)

If you still choose to add all those IPs, add any secondary IPs on the same subnet with a /32, not the original /22.

Sam

5

When we just added dst-nat rules, it worked when connecting from behind the mikrotik - but it would not work from the WAN side unless we routed all those IPs to the mikrotik WAN interface from our perimeter router. Certainly a way to do it, just not exactly what we were looking for.

This issue turned out to be a combination of two things.

  1. There was an IP address conflict with another device on the network. Neither the Mikrotik nor the other device reported an ip conflict.

  2. We were unknowingly running the routing-test package. We purchased a DOM module preloaded with 2.9.39 and apperantly thats how it came.

By removing the IP address conflict AND reverting from the “routing-test” package to the “routing” package, we were able to sucessfully bind 4 class C networks to the WAN port and the router is functioning normally.