Hi All,
I have been having some weird OSPF issues, and as I dig into this more, it seems like I am having more issues.
Here is a sample debug:
ospf-v4 { version: 2 router-id: 172.30.255.1 } Backbone { 0.0.0.0 } interface { p2p 172.30.255.1%VPLS } neighbor { router-id: 172.30.255.2 state: Full } received useless LS Ack for external 147.104.120.0 172.30.255.1 0x80000002 expecting 0x80000002
In this case, I have 2 routers, and the primary router (.1) is exporting the BGP tables as well as internal routes to the .2 router.
What I am seeing is that the OSPF is randomly timing out. With a 10/40 (default) set for timeouts.
This debug was pulled from the .1 router, and it looks like .2 sent back an Ack for a network that seems accurate, but says it's useless.
If anyone has any ideas I have gone through virtually everything I can think of?
Thanks!
Please, provide an export of your routers configuration. It will let us study your full configuration
Also I have a ping going across the link and it restarted the ospf 20 mins ago, during that time we have had no ping drops and 600us per ping packet.
I can't upload attachments, so do you want me to email them?
Thanks!
Type export file=name, then download that file and paste it here
Please find the recipe how to paste configuration here:
Hello and welcome to the Mikrotik forum
# 2026-05-26 22:16:57 by RouterOS 7.22.3
# software id = RSVZ-7ARR
#
# model = CCR2116-12G-4S+
# serial number = removed
/interface bridge
add name=Loopback protocol-mode=none
add name=br-mgmt-4001 pvid=4001 vlan-filtering=yes
add name=br-static-130 pvid=130 vlan-filtering=yes
/interface vlan
add interface=sfp-sfpplus2 name=CGNAT-30 vlan-id=30
add interface=sfp-sfpplus2 name=Mgmt-4001 vlan-id=4001
add comment="Link to Highway 5" interface=sfp-sfpplus1 name=VPLS vlan-id=1150
add interface=sfp-sfpplus2 l3-hw-offloading=no name=vlan-130 vlan-id=130
/interface list
add name=int-vlan4001
add name=int-vlan202
add name=WAN
add name=LAN
/ip pool
add name=dhcp_pool0 ranges=100.64.2.10-100.64.2.254
add name=dhcp_pool1 ranges=172.31.2.10-172.31.2.254
add name=dhcp_pool2 ranges=192.168.88.50-192.168.88.100
add name=CGNat-30-dhcppool ranges=100.64.30.10-100.64.30.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=br-mgmt-4001 lease-time=1d30m name=dhcp2
add address-pool=CGNat-30-dhcppool interface=CGNAT-30 lease-time=1d30m name=CGNat-30-dhcpserver
/ipv6 dhcp-server option
add code=23 name=dns value="'2620:fe::fe''2620:fe::9'"
/ipv6 pool
add name=CGNat-30-ip6pool prefix=2605:6fc0:1010::/48 prefix-length=56
/routing id
add disabled=no id=172.30.255.2 name=ospf-id select-dynamic-id=""
/routing ospf instance
add disabled=no name=ospf-v4 redistribute=connected router-id=ospf-id routing-table=main
add disabled=no name=ospf-v6 redistribute=connected,static router-id=ospf-id routing-table=main version=3
/routing ospf area
add disabled=no instance=ospf-v4 name=Backbone
add disabled=no instance=ospf-v6 name=Backbone-3
/system logging action
set 0 memory-lines=10000
/ip smb
set enabled=no
/interface bridge port
add bridge=*1A interface=*15 pvid=202
add bridge=br-mgmt-4001 interface=Mgmt-4001 pvid=4001
add bridge=*1C interface=*13 pvid=2002
add bridge=*1D interface=*14 pvid=100
add bridge=*1F interface=VPLS pvid=1150
add bridge=br-static-130 interface=*24 pvid=130
add bridge=br-static-130 interface=vlan-130 pvid=130
add bridge=*1A interface=int-vlan202 pvid=202
add bridge=br-mgmt-4001 interface=int-vlan4001 pvid=4001
/interface ethernet switch l3hw-settings
set autorestart=yes
/ip firewall connection tracking
set tcp-established-timeout=12h udp-timeout=10s
/interface list member
add interface=ether9 list=int-vlan4001
add interface=ether10 list=int-vlan4001
add interface=ether11 list=int-vlan4001
add interface=ether12 list=int-vlan4001
add interface=VPLS list=WAN
add interface=CGNAT-30 list=LAN
add interface=br-static-130 list=LAN
add interface=br-mgmt-4001 list=LAN
/interface ovpn-server server
add mac-address=FE:41:76:6D:81:DD name=ovpn-server1
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether13 network=192.168.88.0
add address=172.31.2.1/24 interface=br-mgmt-4001 network=172.31.2.0
add address=172.30.255.2/30 interface=VPLS network=172.30.255.0
add address=100.64.30.1/24 interface=CGNAT-30 network=100.64.30.0
add address=23.143.80.225/28 interface=br-static-130 network=23.143.80.224
add address=172.16.0.2 interface=Loopback network=172.16.0.2
/ip dhcp-server
add address-pool=dhcp_pool0 interface=*1A lease-time=1d30m name=dhcp1
/ip dhcp-server network
add address=100.64.2.0/24 dns-server=1.1.1.2,149.112.112.112 gateway=100.64.2.1
add address=100.64.30.0/24 dns-server=1.1.1.2,149.112.112.112 gateway=100.64.30.1
add address=172.31.2.0/24 gateway=172.31.2.1
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set servers=1.1.1.2,9.9.9.9
/ip firewall address-list
add address=100.64.2.0/24 list=CGNat1
add address=192.168.88.0/24 list=Management
add address=172.31.2.0/24 list=Vlan4001
add address=23.143.80.224/28 list=static-pcri
/ip firewall filter
add action=accept chain=input src-address=172.30.255.0/30
add action=accept chain=input protocol=ospf
add action=accept chain=output dst-address=172.30.255.0/30
add action=accept chain=output protocol=ospf
add action=accept chain=forward protocol=ospf
add action=drop chain=forward connection-state=invalid
add action=accept chain=input protocol=ospf
add action=drop chain=input connection-state=invalid log=yes log-prefix="INPUT-DROP: "
add action=accept chain=input comment="Allow Chris to Manage" src-address=23.143.80.226
add action=accept chain=forward disabled=yes dst-address-list=static-pcri src-address-list=Vlan4001
add action=drop chain=input comment="Drop all other management traffic" disabled=yes dst-address-list=Vlan4001
add action=accept chain=forward disabled=yes in-interface=VPLS log=yes out-interface=CGNAT-30
add action=accept chain=forward disabled=yes in-interface=CGNAT-30 log=yes out-interface=VPLS
# no interface
# no interface
add action=drop chain=forward comment="Disable SMTP for CGNat" dst-port=25 in-interface=*1A log=yes log-prefix=NAT-SMTP-BLOCK protocol=tcp
add action=accept chain=forward comment="SMTP for Mgmt Network" disabled=yes dst-port=25 in-interface=br-mgmt-4001 protocol=tcp
add action=drop chain=input dst-address-list=Management src-address-list=Vlan4001
add action=drop chain=input dst-address-list=CGNat1 src-address-list=Vlan4001
add action=accept chain=input src-address-list=Vlan4001
add action=accept chain=input src-address=192.168.88.0/24
add action=accept chain=input src-address=204.83.156.110
add action=accept chain=input src-address=24.143.80.226
add action=accept chain=input src-address=204.83.156.96/28
add action=accept chain=input src-address=100.64.2.0/24
add action=accept chain=input connection-state=established
add action=drop chain=input connection-state=new
add action=accept chain=forward connection-state=new src-address=192.168.88.0/24
add action=accept chain=forward connection-state=new disabled=yes src-address=100.64.2.0/24
add action=accept chain=forward connection-state=new src-address=204.83.156.96/28
add action=accept chain=forward connection-state=related
add action=accept chain=forward connection-state=established
# no interface
# no interface
add action=accept chain=forward connection-state=new in-interface=*1C
add action=accept chain=input dst-port=22 protocol=tcp src-address=23.143.80.226
/ip firewall raw
add action=notrack chain=prerouting protocol=ospf
add action=notrack chain=output protocol=ospf
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ipv6 route
add disabled=no dst-address=::/0 gateway=2607:f4a8:10:52bc::1 routing-table=main suppress-hw-offload=no
add comment="Static to Test1" disabled=no distance=20 dst-address=2605:6fc0:1020:1100::/56 gateway=fe80::226d:31ff:fe41:339c%br-static-130@*2 pref-src="" \
routing-table=*2 scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=br-static-130
add comment="Routing to Test2" disabled=no distance=1 dst-address=2605:6fc0:1020:1500::/56 gateway=2605:6fc0:1020:1000::230%br-static-130@*2 pref-src="" \
routing-table=*2 scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=br-static-130
add comment="Static to Test1" disabled=no distance=25 dst-address=2605:6fc0:1020:1100::/56 gateway=2605:6fc0:1020:1000::226%br-static-130@*2 pref-src="" \
routing-table=*2 scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=br-static-130
/ip service
set ftp disabled=yes
set ssh address=23.143.80.226/32
set telnet disabled=yes
set www address=204.83.156.110/32,192.168.88.0/24
set winbox address=192.168.88.0/24,204.83.156.110/32,23.143.80.226/32
set api address=204.83.156.110/32,192.168.88.0/24
set api-ssl address=204.83.156.110/32,192.168.88.0/24 tls-version=only-1.2
/ip traffic-flow
set active-flow-timeout=1h enabled=yes interfaces=*15,*14
/ipv6 address
add address=2605:6fc0:1010::1/48 advertise=no interface=CGNAT-30
add address=2605:6fc0:1020:1000::1/52 advertise=no interface=br-static-130
add address=2605:6fc0:1000:4001::1 advertise=no interface=br-mgmt-4001
add address=2605:6fc0:ffff:ffff::2 interface=VPLS
/ipv6 dhcp-server
add dhcp-option=dns interface=*1A lease-time=1w name=cgnat1-dhcp prefix-pool=cgnat1-ip6
add dhcp-option=dns interface=CGNAT-30 lease-time=4w2d name=CGNat-30-dhcp prefix-pool=CGNat-30-ip6pool
/ipv6 firewall address-list
add address=2605:6fc0:1000::/40 comment="Full Subnet" list=lan_subnets
add address=2605:6fc0:1000:4001::/64 comment=Management-Pool list=lan_subnets
add address=2605:6fc0:1020:1100::/56 comment="Manage from Chris" list=lan_mgmt
add address=2605:6fc0:1020::/48 comment="Static IP to allow SMTP" list=allow_smtp
add address=2605:6fc0:1000:4001::/64 comment=Management-Pool list=allow_smtp
add address=fe80::/10 comment=Link-local list=lan_subnets
add address=2605:6fc0:ffff:ffff::/64 comment="Peering with Transit upstream " list=ospf_peers
add address=::/3 comment="IPv6 invalids" list=not_in_internet
add address=4000::/3 comment="IPv6 invalids" list=not_in_internet
add address=6000::/3 comment="IPv6 invalids" list=not_in_internet
add address=8000::/3 comment="IPv6 invalids" list=not_in_internet
add address=a000::/3 comment="IPv6 invalids" list=not_in_internet
add address=c000::/3 comment="IPv6 invalids" list=not_in_internet
add address=e000::/4 comment="IPv6 invalids" list=not_in_internet
add address=f000::/5 comment="IPv6 invalids" list=not_in_internet
add address=f800::/6 comment="IPv6 invalids" list=not_in_internet
add address=fc00::/7 comment="IPv6 invalids" list=not_in_internet
add address=fe00::/9 comment="IPv6 invalids" list=not_in_internet
add address=fec0::/10 comment="IPv6 invalids" list=not_in_internet
add address=2001::/23 comment="IPv6 invalids" list=not_in_internet
add address=2001:2::/48 comment="IPv6 invalids" list=not_in_internet
add address=2001:10::/28 comment="IPv6 invalids" list=not_in_internet
add address=2001:db8::/32 comment="IPv6 invalids" list=not_in_internet
add address=2002::/16 comment="IPv6 invalids" list=not_in_internet
add address=3ffe::/16 comment="IPv6 invalids" list=not_in_internet
add address=2000::/3 list="global_unicast_prefix(es)"
add address=fe80::/10 list=allowed
add address=ff02::/16 comment=multicast list=allowed
add address=fe80::/10 comment="defconf: RFC6890 Linked-Scoped Unicast" list=no_forward_ipv6
add address=ff00::/8 comment="defconf: multicast" list=no_forward_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=2001::/23 comment="defconf: RFC6890" list=bad_ipv6
add address=::/128 comment="defconf: unspecified" list=bad_dst_ipv6
add address=::/128 comment="RAW Filtering" list=bad_src_ipv6
add address=ff00::/8 comment="RAW Filtering" list=bad_src_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="Accept Winbox TCP" dst-port=65000 protocol=tcp src-address-list=lan_mgmt
add action=accept chain=input comment="Accept API TCP" dst-port=8728 protocol=tcp src-address-list=lan_mgmt
add action=accept chain=input comment="Accept API UDP" dst-port=8728 protocol=udp src-address-list=lan_mgmt
add action=accept chain=input comment="Accept SNMP for internal use" dst-port=161 protocol=udp src-address-list=lan_mgmt
add action=accept chain=input comment="Accept RADIUS UDP" dst-port=1700,1812,1813 protocol=udp src-address-list=lan_mgmt
add action=accept chain=input comment="Accept RADIUS TCP" dst-port=1700,1812,1813 protocol=tcp src-address-list=lan_mgmt
add action=accept chain=input comment="allow allowed addresses" src-address-list=allowed
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall raw
add action=drop chain=prerouting comment="Drop packets with extension header types 0, 43" headers=hop,route:contains
add action=accept chain=prerouting comment="defconf: RFC4291, section 2.7.1" dst-address=ff02::1:ff00:0/104 icmp-options=135:0-255 protocol=icmpv6 src-address=::/128
add action=drop chain=prerouting comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 in-interface-list=!LAN protocol=icmpv6
add action=drop chain=prerouting comment="drop port 25 to prevent spam" dst-address-list=!allow_smtp log-prefix=PRE-DROP-25 port=25 protocol=tcp src-address-list=\
!allow_smtp
add action=drop chain=prerouting comment="drop port 25 to prevent spam" port=25 protocol=udp src-address-list=!allow_smtp
add action=drop chain=prerouting comment="drop port 23" port=23 protocol=tcp
add action=accept chain=prerouting comment="Accept all ICMPv6 traffic from BGP peers (Required for LL<>GUA packets)" icmp-options=!154:4-5 in-interface-list=WAN \
protocol=icmpv6 src-address-list=ospf_peers
add action=drop chain=prerouting comment="Drop invalids from WAN" dst-address-list="global_unicast_prefix(es)" in-interface-list=WAN src-address-list=not_in_internet
add action=drop chain=prerouting comment="Drop forwarded invalids from WAN" dst-address-list=not_in_internet in-interface-list=WAN src-address-list=\
"global_unicast_prefix(es)"
add action=drop chain=prerouting comment="Drop invalids from LAN" dst-address-list="global_unicast_prefix(es)" in-interface-list=LAN src-address-list=not_in_internet
add action=drop chain=prerouting comment="Drop forwarded invalids from LAN" dst-address-list=not_in_internet in-interface-list=LAN src-address-list=lan_subnets
add action=drop chain=prerouting comment="Drop spoofed traffic from LAN going towards Global Unicast" dst-address-list="global_unicast_prefix(es)" in-interface-list=\
LAN src-address-list=!lan_subnets
add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes
add action=drop chain=prerouting comment="defconf: drop bogon IP's" src-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop bogon IP's" dst-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad src ipv6" src-address-list=bad_src_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_dst_ipv6
add action=accept chain=prerouting comment="defconf: accept local multicast scope" dst-address=ff02::/16
add action=drop chain=prerouting comment="defconf: drop other multicast destinations" dst-address=ff00::/8
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 protocol=udp
add action=drop chain=prerouting comment="defconf: drop bad TCP" port=0 protocol=tcp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" jump-target=icmpv6 protocol=icmpv6
add action=notrack chain=output comment="Reduce load on conn_track" out-interface-list=LAN
add action=notrack chain=prerouting comment="Reduce load on conn_track" in-interface-list=LAN
add action=notrack chain=prerouting comment="Reduce load on conn_track" dst-address-list=lan_subnets in-interface-list=WAN
add action=accept chain=prerouting comment="defconf: accept everything else from LAN" in-interface-list=LAN
add action=accept chain=prerouting comment="defconf: accept everything else from WAN" in-interface-list=WAN
add action=accept chain=prerouting comment="Accept local traffic to self" src-address-type=local
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=icmpv6 comment="Drop FMIPv6 HI + FMIPv6 HAck - Deprecated (RFC5568)" icmp-options=154:4-5 protocol=icmpv6
/ipv6 nd
set [ find default=yes ] advertise-dns=yes disabled=yes
add interface=VPLS
add interface=br-static-130
add interface=br-mgmt-4001
add advertise-dns=yes dns=2620:fe::fe,2620:fe::9 interface=CGNAT-30 managed-address-configuration=yes other-configuration=yes
/routing ospf interface-template
add area=Backbone disabled=no interfaces=VPLS networks=172.30.255.0/30 type=ptp
add area=Backbone disabled=no interfaces=Loopback networks=172.16.0.2/32 passive
add area=Backbone disabled=no interfaces=CGNAT-30 networks=100.64.30.0/24 passive
add area=Backbone disabled=no interfaces=br-static-130 networks=23.143.80.225/28 passive
add area=Backbone-3 disabled=no interfaces=VPLS networks=2605:6fc0:ffff:ffff::/64 type=ptp
add area=Backbone disabled=no networks=172.31.2.0/24 passive
add area=Backbone-3 disabled=no networks=2605:6fc0:1000::/40
/routing ospf static-neighbor
add address=2605:6fc0:ffff:ffff::1%VPLS area=Backbone-3 disabled=no
/system clock
set time-zone-name=Canada/Saskatchewan
/system identity
set name=hwy-11-edge
/system logging
add disabled=yes topics=ospf,!raw
/system ntp client
set enabled=yes
/system ntp client servers
add address=ca.pool.ntp.org
/system scheduler
add interval=52w1d name="Reboot Once" on-event="/system reboot\t" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2026-05-23 \
start-time=03:00:00
/tool graphing interface
add interface=CGNAT-30
add interface=VPLS
add interface=br-static-130
/tool graphing resource
add
/tool sniffer
set file-name=ospf-225.pcap filter-interface=VPLS filter-ip-address=172.30.255.1/32 filter-operator-between-entries=and memory-limit=1000KiB
/tool traffic-generator port
add interface=*1A name=port1
add interface=*13 name=port2
/tool traffic-monitor
add interface=*1A name=tmon1
ChrisY:
interface-t
Do you have the configuration of the other router (.1) ?
I can see that you are adding a VLAN interface to the BRIDGE. It is not the recommended way to do it ( Layer2 misconfiguration - RouterOS - MikroTik Documentation )
Not sure if it can be the reason of your disconnects: we have only a partial picture of your network.
I can look at removing the bridge piece I guess... but given that the interface we are having an issue with is not bridged, not sure if it would be causing the problem.
ChrisY
May 27, 2026, 2:46pm
10
I am sure I put in both of them. I will go repost r1
ChrisY
May 27, 2026, 2:47pm
11
# 2026-05-26 22:33:08 by RouterOS 7.22.3
# software id = GST1-YZBA
#
# model = CCR2116-12G-4S+
# serial number = removed 2
/interface bridge
add name=Loopback protocol-mode=none
add name=br-cgnat1 port-cost-mode=short
add name=br-cgnat2 port-cost-mode=short
add name=br-ext-flex port-cost-mode=short protocol-mode=none
add name=br-ext-sasktel port-cost-mode=short protocol-mode=none
add name=br-mgmt port-cost-mode=short
add name=br-static port-cost-mode=short
/interface vlan
add comment="VLAN to Highway 11" interface=sfp-sfpplus1 name=VPLS vlan-id=\
1150
add interface=sfp-sfpplus4 name=vl-cgnat1 vlan-id=200
add interface=sfp-sfpplus4 name=vl-cgnat2 vlan-id=201
add interface=sfp-sfpplus4 name=vl-mgmt vlan-id=4000
add interface=sfp-sfpplus4 name=vl-static vlan-id=150
/ip pool
add name=dhcp_mgmt ranges=192.168.88.100-192.168.88.200
add name=dhcp_cgnat1 ranges=100.64.3.10-100.64.3.254
add name=dhcp_cgnat2 ranges=100.64.4.10-100.64.4.254
add name=dhcp_internal ranges=172.31.3.100-172.31.3.200
/ip dhcp-server
# Interface not running
add address-pool=dhcp_mgmt interface=ether13 lease-time=1d name=mgmt-dhcp1
add address-pool=dhcp_cgnat1 interface=br-cgnat1 lease-time=1d name=\
dhcp-cgnat1
add address-pool=dhcp_cgnat2 interface=br-cgnat2 lease-time=1d name=\
dhcp-cgnat2
add address-pool=dhcp_internal interface=br-mgmt lease-time=1d name=\
dhcp-internal
/ipv6 dhcp-server option
add code=23 name=dns value="'2620:fe::fe''2620:fe::9'"
/ipv6 pool
add name=CGNat-1-ip6pool prefix=2605:6fc0:2:100::/56 prefix-length=64
add name=CGNat-2-ip6pool prefix=2605:6fc0:2:200::/56 prefix-length=64
add name=CGNat-1-ip6pool1 prefix=2605:6fc0:1110::/48 prefix-length=56
add name=CGNAT-2-ip6pool1 prefix=2605:6fc0:1111::/48 prefix-length=56
/routing bgp instance
add as=1085 disabled=no name=bgp-instance-1 router-id=23.143.80.1
add as=1085 disabled=no name=bgp-instance-2 router-id=23.143.80.1
add as=1085 disabled=no name=bgp-instance-3 router-id=23.143.80.1
add as=1085 disabled=no name=bgp-instance-4 router-id=23.143.80.1
/routing bgp template
set default as=1085 disabled=no routing-table=main
/routing id
add disabled=no id=172.30.255.1 name=ospf_id select-dynamic-id=""
/routing ospf instance
add disabled=no name=ospf-v4 redistribute=connected,bgp router-id=ospf_id \
routing-table=main
add disabled=no name=ospf-v6 redistribute=connected,static,bgp router-id=\
ospf_id version=3
/routing ospf area
add disabled=no instance=ospf-v4 name=Backbone
add disabled=no instance=ospf-v6 name=Backbone-3
/system logging action
set 0 memory-lines=10000
/interface bridge port
add bridge=br-cgnat1 interface=vl-cgnat1 internal-path-cost=10 path-cost=10
add bridge=br-cgnat2 interface=vl-cgnat2 internal-path-cost=10 path-cost=10
add bridge=br-static interface=vl-static internal-path-cost=10 path-cost=10
add bridge=br-mgmt interface=vl-mgmt internal-path-cost=10 path-cost=10
add bridge=br-ext-sasktel interface=sfp-sfpplus1 internal-path-cost=10 \
path-cost=10
add bridge=br-ext-flex interface=sfp-sfpplus2 internal-path-cost=10 \
path-cost=10
add bridge=br-cgnat1 interface=ether1 internal-path-cost=10 path-cost=10
add bridge=br-cgnat1 interface=ether2 internal-path-cost=10 path-cost=10
add bridge=br-cgnat2 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=br-cgnat2 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=br-static interface=ether5 internal-path-cost=10 path-cost=10
add bridge=br-static interface=ether6 internal-path-cost=10 path-cost=10
add bridge=br-mgmt interface=ether7 internal-path-cost=10 path-cost=10
add bridge=br-mgmt interface=ether8 internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/interface ovpn-server server
add mac-address=FE:CA:34:83:BA:7F name=ovpn-server1
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether13 network=\
192.168.88.0
add address=204.83.188.74/30 interface=br-ext-sasktel network=204.83.188.72
add address=64.203.65.162/30 interface=br-ext-flex network=64.203.65.160
add address=100.64.3.1/24 interface=br-cgnat1 network=100.64.3.0
add address=100.64.4.1/24 interface=br-cgnat2 network=100.64.4.0
add address=172.31.3.1/24 interface=br-mgmt network=172.31.3.0
add address=23.143.80.1/24 interface=br-static network=23.143.80.0
add address=23.143.80.241/28 interface=br-static network=23.143.80.240
add address=198.169.253.1/24 interface=br-static network=198.169.253.0
add address=172.16.0.1 interface=Loopback network=172.16.0.1
add address=172.30.255.1/30 interface=VPLS network=172.30.255.0
/ip dhcp-server network
add address=100.64.3.0/24 comment=CGNat1 dns-server=1.1.1.2,149.112.112.112 \
gateway=100.64.3.1 netmask=25
add address=100.64.4.0/24 comment=CGNat2 dns-server=1.1.1.2,149.112.112.112 \
gateway=100.64.4.1 netmask=25
add address=192.168.88.0/24 comment=Mgmt-Port dns-server=\
9.9.9.9,149.112.112.112 gateway=192.168.88.1 netmask=24
/ip dns
set servers=8.8.8.8,4.2.2.4
/ip firewall address-list
add address=192.168.88.0/24 list=local-mgmt
add address=204.83.156.110 list=yeo-home
add address=100.64.0.0/10 comment="All CGNat" list=all-cgnat
add address=172.31.3.0/24 list=internal-mgmt
add address=23.143.80.0/24 list=AllPublicIPv4s
add address=204.83.188.73 list=sasktel-router
add address=64.203.65.161 list=flex-router
add address=172.31.2.0/24 list=management-hwy11
add address=198.169.253.0/24 list=AllPublicIPv4s
add address=172.30.255.0/24 list=internal-mgmt
add address=224.0.0.5 list=MulticastOSPF
add address=224.0.0.6 list=MulticastOSPF
/ip firewall filter
add action=accept chain=input protocol=ospf
add action=accept chain=output protocol=ospf
add action=accept chain=input src-address-list=MulticastOSPF
add action=accept chain=input dst-address-list=MulticastOSPF
add action=accept chain=output src-address-list=MulticastOSPF
add action=accept chain=output dst-address-list=MulticastOSPF
add action=drop chain=forward connection-state=invalid
add action=drop chain=input connection-state=invalid
add action=accept chain=input src-address=172.30.255.0/30
add action=accept chain=output dst-address=172.30.255.0/30
add action=drop chain=input comment="Block SMTP Traffic from CGNAT" dst-port=\
25 log=yes log-prefix=CGNAT-SMTP protocol=tcp src-address-list=all-cgnat
add action=accept chain=input src-address-list=local-mgmt
add action=accept chain=input src-address-list=sasktel-router
add action=accept chain=input src-address-list=internal-mgmt
add action=accept chain=input src-address-list=management-hwy11
add action=accept chain=input src-address-list=flex-router
add action=accept chain=input comment="Mgmt from Yeo" src-address-list=\
yeo-home
add action=accept chain=input src-address-list=AllPublicIPv4s
add action=accept chain=input connection-state=established
add action=drop chain=input connection-nat-state="" connection-state=""
add action=accept chain=forward connection-state=new src-address-list=\
all-cgnat
add action=accept chain=forward src-address-list=internal-mgmt
add action=accept chain=forward src-address-list=management-hwy11
add action=accept chain=forward src-address-list=AllPublicIPv4s
add action=accept chain=forward src-address-list=local-mgmt
add action=accept chain=forward connection-state=related
add action=accept chain=forward connection-state=established
add action=accept chain=forward connection-state=new in-interface=\
br-ext-sasktel
/ip firewall nat
/ip firewall raw
add action=notrack chain=prerouting protocol=ospf
add action=notrack chain=prerouting dst-address=172.30.255.0/24 src-address=\
172.30.255.0/24
add action=notrack chain=output protocol=ospf
add action=notrack chain=output dst-address=172.30.255.0/24 src-address=\
172.30.255.0/24
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ipv6 route
add comment="Static for AA" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1400::/56 gateway=2605:6fc0:1120:1000::248 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for RF" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1200::/56 gateway=2605:6fc0:1120:1000::246 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for IC" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1300::/56 gateway=2605:6fc0:1120:1000::247 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for KG" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1500::/56 gateway=2605:6fc0:1120:1000::249 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for RJ" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1600::/56 gateway=2605:6fc0:1120:1000::250 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for JM" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1700::/56 gateway=2605:6fc0:1120:1000::251 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for BR" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1800::/56 gateway=2605:6fc0:1120:1000::252 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for SK" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1900::/56 gateway=2605:6fc0:1120:1000::253 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for JC" disabled=no distance=1 dst-address=\
2605:6fc0:1120:1a00::/56 gateway=2605:6fc0:1120:1000::254 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Static for KK" disabled=no dst-address=\
2605:6fc0:1120:1b00::/56 gateway=2605:6fc0:1120:1000::244 pref-src="" \
routing-table=main suppress-hw-offload=no
/ip service
set ftp disabled=yes
set telnet disabled=yes
set www-ssl disabled=no tls-version=only-1.2
/ip traffic-flow
set enabled=yes interfaces=br-cgnat1,br-cgnat2,br-static
/ipv6 address
add address=2607:f4a8:2ffe:10a::2/126 advertise=no interface=br-ext-sasktel
add address=2605:6fc0::1/32 advertise=no interface=br-static
add address=2605:6fc0:2:100::1/56 advertise=no interface=br-cgnat1
add address=2605:6fc0:2:200::1/56 advertise=no interface=br-cgnat2
add address=2604:e440:0:100::13/126 advertise=no interface=br-ext-flex
add address=2605:6fc0:1100:4001::1 advertise=no interface=br-mgmt
add address=2605:6fc0:1120:1000::1/52 advertise=no interface=br-static
add address=2605:6fc0:ffff:ffff::1 interface=VPLS
add address=2605:6fc0:1111::1/48 advertise=no interface=br-cgnat2
add address=2605:6fc0:1110::1/48 advertise=no interface=br-cgnat1
/ipv6 dhcp-server
add dhcp-option=dns disabled=yes interface=br-cgnat1 lease-time=1w name=\
CGNat-1-dhcpserver prefix-pool=CGNat-1-ip6pool
add dhcp-option=dns disabled=yes interface=br-cgnat2 lease-time=1w name=\
CGNat-2-dhcpserver prefix-pool=CGNat-2-ip6pool
add dhcp-option=dns interface=br-cgnat1 lease-time=4w2d name=CGNAT-1-ip6dhcp \
prefix-pool=CGNat-1-ip6pool1
add dhcp-option=dns interface=br-cgnat2 lease-time=4w2d name=CGNat-2-ip6dhcp \
prefix-pool=CGNAT-2-ip6pool1
/ipv6 firewall address-list
add address=2605:6fc0::/32 list=AllPublicIPv6s
/ipv6 nd
set [ find default=yes ] advertise-dns=yes
add advertise-dns=yes interface=br-cgnat1
/routing bgp connection
add as=1085 disabled=no input.filter=BGP-in-Sasktel instance=bgp-instance-2 \
local.role=ebgp name=01-sasktel-ip4-bgp output.network=AllPublicIPv4s \
remote.address=204.83.188.73/32 .as=803 routing-table=main templates=\
default vrf=main
add as=1085 disabled=no input.filter=BGP-in-Alvin instance=bgp-instance-3 \
local.role=ebgp name=flex-ip4-bgp output.network=AllPublicIPv4s \
remote.address=64.203.65.161/32 .as=19523 routing-table=main templates=\
default vrf=main
add as=1085 disabled=no input.filter=BGP-in-Sasktel instance=bgp-instance-1 \
local.role=ebgp name=01-sasktel-ip6-bgp output.network=AllPublicIPv6s \
remote.address=2607:f4a8:2ffe:10a::1/128 .as=803 routing-table=main \
templates=default vrf=main
add as=1085 disabled=no input.filter=BGP-in-Alvin instance=bgp-instance-4 \
local.role=ebgp name=flex-ip6-bgp output.network=AllPublicIPv6s \
remote.address=2604:e440:0:100::12/128 .as=19523 routing-table=main \
templates=default vrf=main
/routing filter rule
add chain=BGP-IN-prepend disabled=no rule=\
"if ( protocol connected ) { set bgp-path-peer-prepend 2; \
\naccept }"
add chain=BGP-in-Alvin disabled=yes rule=\
"if (dst in 198.169.253.0/24) {set distance -1; accept}"
add chain=BGP-in-Alvin disabled=no rule=\
"if (bgp-path-len == 1) {set distance 11; accept}"
add chain=BGP-in-Alvin disabled=no rule=\
"if (bgp-path-len == 2) {set distance 21; accept}"
add chain=BGP-in-Alvin disabled=no rule=\
"if (bgp-path-len == 3) {set distance 31; accept}"
add chain=BGP-in-Alvin disabled=no rule=\
"if (bgp-path-len == 4) {set distance 41; accept}"
add chain=BGP-in-Alvin disabled=no rule=\
"if (bgp-path-len >= 5) {set distance 51; accept}"
add chain=BGP-in-Sasktel disabled=yes rule=\
"if (dst in 198.169.253.0/24) {set distance 30; accept} else {accept}"
add chain=BGP-in-Sasktel disabled=no rule=\
"if (bgp-path-len == 1) {set distance 10; accept}"
add chain=BGP-in-Sasktel disabled=no rule=\
"if (bgp-path-len == 2) {set distance 20; accept}"
add chain=BGP-in-Sasktel disabled=no rule=\
"if (bgp-path-len == 3) {set distance 30; accept}"
add chain=BGP-in-Sasktel disabled=no rule=\
"if (bgp-path-len == 4) {set distance 40; accept}"
add chain=BGP-in-Sasktel disabled=no rule=\
"if (bgp-path-len >= 5) {set distance 50; accept}"
/routing ospf interface-template
add area=Backbone disabled=no interfaces=VPLS networks=172.30.255.0/30 \
priority=200 type=ptp
add area=Backbone disabled=no interfaces=Loopback networks=172.16.0.1/32 \
passive
add area=Backbone-3 disabled=no networks=2605:6fc0:1100::/40
add area=Backbone-3 disabled=no interfaces=VPLS networks=\
2605:6fc0:ffff:ffff::/64 type=ptp
/system clock
set time-zone-autodetect=no time-zone-name=Canada/Saskatchewan
/system identity
set name=highway-5
/system logging
add disabled=yes topics=ospf,!raw,!packet
/system ntp client
set enabled=yes
/system ntp client servers
add address=ca.pool.ntp.org
/system scheduler
add interval=52w1d name="Reboot Once" on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2026-05-23 start-time=02:55:00
/tool graphing interface
add interface=br-cgnat1
add interface=br-cgnat2
add interface=br-ext-flex
add interface=br-ext-sasktel
add interface=br-static
add interface=VPLS
/tool graphing resource
add
/tool sniffer
set file-name=ospf.pcap filter-interface=VPLS filter-ip-address=\
172.30.255.2/32 filter-ip-protocol=icmp filter-operator-between-entries=\
and memory-limit=1000KiB
That would have been my doing.
Why do you have a bridge br-ext-sasktel on highway-5 with only sfp-sfpplus1?
You define your VLAN called VPLS over sfp-sfpplus1, but this interface is slave of br-ext-sasktel.
IMO not a good practice and not sure if it can be the reason of your disconnection. Suggest to remove the bridge and use sfp-sfpplus1 maybe it become more stable.
I'll try later to study carefully your configuration.
ChrisY
May 28, 2026, 1:39pm
14
br-ext-sasktel = Way back when when I was deploying that unit I made bridges for everything in order to be able to do some testing with the ethernet ports. Which based on your previous link is the wrong thing to do. But that's why it's there.
sfp-sfpplus1 has one of our internet connections on one vlan and our virtual connecting to router 225 on another vlan.
From a stability point of view...
sent=40103 received=40103 packet-loss=0% min-rtt=544us avg-rtt=571us max-rtt=48ms55us
This is 11 hours of ping from 172.30.255.2 to 172.30.255.1, so from a stability point of view, that's pretty rock solid, not that ping is the best indication of a problem.
During this time, both the OSPF2 and OSPF3 instances forced a reconvergence based on this:
ospf-v4 { version: 2 router-id: 172.30.255.2 } Backbone { 0.0.0.0 } interface { p2p 172.30.255.2%VPLS } neighbor { router-id: 172.30.255.1 state: Full } timeout
ospf-v4 { version: 2 router-id: 172.30.255.2 } Backbone { 0.0.0.0 } interface { p2p 172.30.255.2%VPLS } neighbor { router-id: 172.30.255.1 state: Full } state change to Down
Now based on what I understand, in order to reach this point, we would have to have missed 4 timeouts that are 10 seconds each, which based on the ping packets, would mean I should see at least 40 dropped packets.
I have copied your config to a lab in GNS3. Both routers have established adjacency. 30 minutes and no state change.
Everything looks good. The only thing I always recommend, I don't know if it can be part of the problem, is to use LOOPBACK IP Address as Router-ID.
Also, look the interface sfp-sfpplus1 and VLAN named VPLS if it flaps (go down and up)
Sorry, but no other advices.
ChrisY
May 28, 2026, 3:45pm
16
Thanks @jprietove earlier today when I did the previous update, it was 9.5 hrs that the adjacency had been up, and we are at 11:45 right now.
Yesterday, the adjacency flapped 6 times, sometimes as short as 30 mins.
The last link down for the VPLS was 2026-05-26 17:43:42 (r1) and 2026-05-27 00:08:12 (r225). Which was because of a power outage on r1 and reboot on r225.
What I have noticed is that in this case, is when r1 is down and comes back up, the adjacency flaps more frequently, and after I reboot r225 it slowly gets into a stable position. I expect in the next few days it will stop flapping.
The original log file excerpt that I had included was related to getting a response that it didn't think was proper. Currently I have ~23k LS retransmits on OSPF2 and ~3k on OSPF3.
The original question was:
Why would I be getting a 'useless LS Ack' when it is getting what I think it expects? This should get rid of the retransmits.
I can add to this:
What can I enable on logging in order to try to capture what is going on with the adjacency since that just seems wrong?
ChrisY
May 28, 2026, 3:47pm
17
What I think might be happening with the adjacency is that the LS retransmits hits a 'top level' counter and then it resets the connection because of that.
ChrisY
May 30, 2026, 9:21pm
18
Ok, so here is the update...
OSPFv3 -> 1 day ago reset the adjacency
OPSFv2 -> 2 days and 17 hrs reset the adjacency
Now for the sake of argument, if there was a timeout that affected one of the OSPF instances, it's odd that it wouldn't affect the other.
ospf-v6 { version: 3 router-id: 172.30.255.2 } Backbone-3 { 0.0.0.0 } interface { p2p fe80::1afd:74ff:fe7d:2937%VPLS } neighbor { router-id: 172.30.255.1 state: Full } timeout
ChrisY
June 1, 2026, 2:54am
19
Ok, just had another issue...
ospf-v4 { version: 2 router-id: 172.30.255.1 } Backbone { 0.0.0.0 } interface { p2p 172.30.255.1%VPLS } neighbor { router-id: 172.30.255.2 state: Full } sequence mismatch
This needs to be investigated further.
If it's possible, upgrade to 7.23 and see if this problem persists.