Two MT gateways

mangot · December 24, 2010, 5:11pm

Hi, I have a basic problem…

I have a first MT router, let’s say R1, working fine as a gateway between my LAN and Internet, with DHCP and hotspot service.

I have added a second MT router, R2, connected to a second internet access, that finally will be used as a backup (I plan to try vrpp configuration).

But for now, I only want to use R2 as a gateway for some hosts on the LAN.

The problem is that the presence of R2 spoils the arp table of R1 on the LAN interface, and some hosts appear in this table with the the MAC address of R2 instead of their own. To avoid this I need to configure the arp on the LAN interface of R2 as reply-only, with static arp for the hosts I want to connect to it.

I lookeed around arp-proxy configration, but found nothig till now.

Is this behaviour normal ? I would like to understand this first step before increasing the dificulty of the configuration to vrpp and virtual routers.

Thanks for any help,

Olivier

fewi · December 24, 2010, 5:41pm

That makes no sense in a default ARP reply-only deployment. The routers would not interfere at all.

Post your interface, ARP, and IP address configuration here.

mangot · December 24, 2010, 7:14pm

Hi Fewi,

arp on local interface of R1 is enabled, and arp on on local interface of R2 needs to be reply-only. If enabled, that troubles the arp table of R1.

Here are the configurations :

R1 configuration

[admin@AhoraNet R0031] /interface ethernet> print detail
Flags: X - disabled, R - running, S - slave
0 R name="local" mtu=1500 mac-address=00:50:DA:1F:6D:5C arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps

1 R name="public" mtu=1500 mac-address=00:80:5A:62:82:13 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps

2 R name="empresa" mtu=1500 mac-address=00:80:5A:67:4F:68 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps
[admin@AhoraNet R0031] /interface ethernet>

[admin@AhoraNet R0031] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.0.2/24 192.168.0.0 192.168.0.255 public
1 192.168.100.1/24 192.168.100.0 192.168.100.255 local
2 ;;; hotspot network
192.168.100.2/24 192.168.100.0 192.168.100.255 local
3 80.33.103.20/25 80.33.103.0 80.33.103.127 public
4 10.0.0.1/8 10.0.0.0 10.255.255.255 local
5 11.0.0.1/8 11.0.0.0 11.255.255.255 empresa
[admin@AhoraNet R0031] /ip address>

R2 configuration

[admin@MikroTik] /interface ethernet> print detail
Flags: X - disabled, R - running, S - slave
0 R name="local" mtu=1500 mac-address=00:04:23:1C:F8:0D arp=reply-only
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=10Mbps

1 R name="spare2" mtu=1500 mac-address=00:80:5A:68:F2:81 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps

2 R name="backup" mtu=1500 mac-address=00:22:F7:15:A3:B4 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps

3 R name="spare1" mtu=1500 mac-address=00:80:5A:68:C7:D9 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps
[admin@MikroTik] /interface ethernet>

[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 10.0.0.2/8 10.0.0.0 10.255.255.255 local
1 192.168.1.2/24 192.168.1.0 192.168.1.255 backup
2 192.168.200.1/24 192.168.200.0 192.168.200.255 local
3 D 83.52.20.31/32 192.168.153.1 0.0.0.0 torre-pppoe2
4 192.168.0.2/24 192.168.0.0 192.168.0.255 spare2
5 11.0.0.1/8 11.0.0.0 11.255.255.255 spare1
[admin@MikroTik] /ip address>

The problem : if we configure the R2 local interface arp to 'enabled', we find in the arp table of R1 IPs of LAN hosts with the MAC of local interface R2.

Here is the regular arp table of R1 :

[admin@AhoraNet R0031] /ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic

ADDRESS MAC-ADDRESS INTERFACE

0 D 11.0.2.5 00:09:6B:F1:49:F6 empresa
1 D 80.33.103.2 00:1D:20:0A:9E:0C public
2 D 10.0.2.3 00:21:97:00:BF:08 local
3 D 11.0.2.2 00:0D:87:AB:76:B6 empresa
4 D 11.0.2.1 00:0D:87:AF:78:13 empresa
5 D 10.0.4.1 00:16:36:19:A8:09 local
6 D 10.1.1.1 00:20:A6:55:98:DC local
7 D 11.0.2.4 00:13:8F:6E:6D:49 empresa
8 D 10.1.4.4 00:22:F7:0D:0A:0C local
9 D 10.1.5.1 00:20:A6:59:ED:F1 local
10 D 10.120.1.1 00:15:6D:64:B0:BE local
11 D 10.100.4.4 00:80:5A:4B:1C:47 local
12 D 10.0.4.4 00:0F:1F:94:02:A2 local
13 D 10.1.1.3 00:12:17:6B:68:CB local
14 D 10.122.1.1 00:A0:C5:6C:DB:DE local
15 D 10.100.5.2 00:40:F4:95:BA:30 local
16 D 10.1.5.4 00:22:F7:0D:0A:0C local
17 D 10.119.1.1 00:15:6D:64:B0:BE local
18 D 10.100.5.4 00:80:5A:4B:1C:47 local
19 D 10.118.1.1 00:12:17:70:FE:D0 local
20 D 10.116.1.1 00:16:B6:95:15:1C local
21 D 10.0.0.2 00:04:23:1C:F8:0D local
[admin@AhoraNet R0031] /ip arp>

And here the arp table once local interface of R2 is arp-enabled (it takes several minutes for the MAC addresses to change) :

[admin@AhoraNet R0031] /ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic

ADDRESS MAC-ADDRESS INTERFACE

0 D 11.0.2.5 00:09:6B:F1:49:F6 empresa
1 D 80.33.103.2 00:1D:20:0A:9E:0C public
2 D 10.0.2.3 00:21:97:00:BF:08 local
3 D 11.0.2.2 00:0D:87:AB:76:B6 empresa
4 D 11.0.2.1 00:0D:87:AF:78:13 empresa
5 D 10.0.4.1 00:16:36:19:A8:09 local
6 D 10.1.1.1 00:20:A6:55:98:DC local
7 D 11.0.2.4 00:13:8F:6E:6D:49 empresa
8 D 10.1.4.4 00:22:F7:0D:0A:0C local
9 D 10.0.0.2 00:04:23:1C:F8:0D local
10 D 10.0.4.9 00:1E:64:3A:19:1C local
11 D 10.0.4.10 00:17:C4:60:14:1F local
12 D 10.0.4.4 00:0F:1F:94:02:A2 local
13 D 10.0.0.3 00:0C:42:2F:6E:32 local
14 D 192.168.100.112 00:23:12:21:9E:38 local
15 D 10.119.1.1 00:15:6D:64:B0:BE local
16 D 10.120.1.1 00:04:23:1C:F8:0D local
17 D 192.168.100.194 00:1D:4F:FA:D7:91 local
18 D 192.168.100.196 00:23:4D:A7:72:3E local
19 D 10.1.1.3 00:04:23:1C:F8:0D local
20 D 10.122.1.1 00:04:23:1C:F8:0D local
21 D 10.100.5.2 00:40:F4:95:BA:30 local
22 D 10.100.5.4 00:80:5A:4B:1C:47 local
23 D 10.1.5.4 00:04:23:1C:F8:0D local
24 D 10.118.1.1 00:04:23:1C:F8:0D local
[admin@AhoraNet R0031] /ip arp>

We can see that the hosts with IP 10.120.1.1, 10.1.1.3, 10.122.1.1, 10.1.5.4, and 10.118.1.1 have now thet MC address of R2 (10.0.0.2).

This seems basic, but I'm stucked !

Thanks in advance,

Olivier

Two MT gateways

Here are the configurations : R1 configuration

ADDRESS NETWORK BROADCAST INTERFACE

ADDRESS NETWORK BROADCAST INTERFACE

ADDRESS MAC-ADDRESS INTERFACE

ADDRESS MAC-ADDRESS INTERFACE

Here are the configurations :

R1 configuration