Scan but no ARP?

troy · June 20, 2017, 9:26pm

CCR1036-8G-2S+, 6.36.3. No, we’ll not be updating it for something this stupid.

Trying to add a host on the subnet. It can see every other host on the subnet, every other host can see it.

The address does not show up in the arp table, though every other address in the subnet does, even those not being used. It does, however, show up when running an ip-scan.

/ip address
add address=xx.yy.zz.1/28 interface=vlan.23 network=xx.yy.zz.0

[me@my_router] > /ip route print where dst-address in xx.yy.zz.0/28
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  xx.yy.zz.0/28     xx.yy.zz.1     vlan.23                   0

I’m pretty sure that rebooting (or upgrading and rebooting) will resolve this issue, but that’s a very silly thing to have to reboot a router for.

Thoughts? Suggestions?

Van9018 · June 21, 2017, 5:26am

There are two arp tables.

IP > ARP are the arp resolutions that the RouterOS needs to communicate with hosts. Entries get added here when:

A host sends packet outside of the LAN (ie: to the internet)
A device communicates with the Mikrotik (ie: if the Mikrotik is the DNS server on the LAN)
If any function on the Mikrotik is invoked, like an ip scan.

Switch > Hosts (or FDB) are where the device maintains a list of arp resolutions needed to route ethernet packets around on the LAN. So a host to host on connection on the same lan will cause entries to be added here. These entries are learned from traffic passing through the layer 2 switch.

In both cases, arp entries will expire and disappear if a host is not idle and not communicating with anything. This is normal behaviour of how Layer 2 Ethernet works.

What’s the overall issue? Connectivity issues?

troy · June 22, 2017, 12:09am

I guess you can say that. ROS is refusing to see that one IP address in the middle of the subnet. It can see every other IP address I put on the target host, just not that one.

So given a /28 subnet, .0 is the network address, .15 is the broadcast address. .1 is my gateway (on the MT). That leaves 2-14 for my hosts. Every single one of those IP addresses works except for .8. As illustrated by my screen capture, .8 shows up when running an ip scan, but it doesn’t show up in the arp table, even as incomplete.

What I’m looking for, is something that explains why this is happening. In over 20 years of networking, I’ve never seen this particular behavior before, and I’m very curious as to why it’s happening, perhaps even how it’s even possible.