Not sure in which forum this would belong, so General it is.
Hello everyone
My situation: Mikrotik CCR 1016-12G, ROS 6.39.1, two WAN interfaces. First WAN is “plain vanilla“, static public IP. Second one has static IP also, but since ISP insists on traffic tagging, WAN has VLAN interface as well.
/interface ethernet
set [ find default-name=ether1 ] comment=“ether1 - WAN interface - ISP1” l2mtu=1590 name=EXT-A rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] comment=“ether2 - WAN interface - ISP2” l2mtu=1590 name=EXT-B rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether11 ] comment=“ether11 - LAN interface 192.168.1.* (LAN)” l2mtu=1590 name=INT-A
/interface vlan
add comment=“VLAN1 - ether2, ISP2, WAN” interface=EXT-B loop-protect=on name=VLAN1 vlan-id=3999
/ip address
add address=192.168.1.1/24 comment=“port ETH 11, INT-A, LAN - 192.168.1.* (LAN)” interface=INT-A network=192.168.1.0
add address=217.65.198.209/30 comment=“port ETH 2, VLAN1, WAN - ISP2” interface=VLAN1 network=217.65.198.208
add address=178.22.220.16/27 comment=“port ETH 1, EXT-A, WAN - ISP1” interface=EXT-A network=178.22.220.0
LAN → WAN → Internet traffic uses both WANs, through load balancing, everything works just fine (couple of sites, using https or vpn of some sort, have problem with load balancing so I’m routing their traffic through specific WAN interface only).
Issue I’m talking about sometimes happens when external connection attempts (Internet → WAN2 → LAN) are being made. Input, as well as forward traffic and WAN2 seem completely unresponsive. Telnet/web/winbox, none of them can reach the device. Forward traffic (email/VPN) does not go through as well. Ping to WAN2 public IP does not work. At the same time LAN → Internet traffic (part which router directs via WAN2 is of interest here, of course) goes as always. If I try accessing router via WAN1, at that same time, everything works as it should. Incoming WAN1 forward traffic goes as well. There are no errors in the log, failed external WAN2 connection attempts (both input nor forward) are not logged, like they never happened.
And now for the weird part: quick disable/re-enable of WAN2s VLAN interface straightens everything out!?
After that I can access router again, VPNs go through, everything is ok. Correct operation lasts sometimes hour or two, sometimes for the whole week. But, eventually, blackout happens again.
Issue is not related to ROS 6.39.1, this was happening from the day 1. Also tried relocating WAN2 to different physical port, no change. HW seems to be OK.
Any ideas, maybe?