What happens internally on router when packet sniffer is enabled?

gunther01 · October 27, 2023, 1:48am

We have an MPLS/VPLS network. This particular segment is a V7 RC2 2004, to a 1016 V6.49.8 box. That in turn bridges in to a 1016 Access concentrator over vlans which is another 1016 with V6 on it.

We have a very strange issue where this new segment won’t load cpe radio web pages. We can ping those cpe’s at full 1492 pings. We have tried to double check all links in between and make sure our MTU’s are correct, etc.. OTHER segments that route and terminate to this AC over vpls work just fine. (except none of them use V7)

Now, when we enable packet sniffer on the access concentrator to see what is going on. The web pages load fine. When we disable it, the pages won’t load any more.. This AC “box” does nothing but route and do PPPoE server. No nat, no firewall rules, not even any mangles or raw.. Nothing but pppoe.

What in the world would cause those packets to flow differently, or properly once packet sniffer is turned on?

mkx · October 27, 2023, 5:04am

Enabling packet sniffer disables fasttrack/fastpath. So you need to check with your config why any of these two break your data streams (and fasttrack is prime suspect).

gunther01 · October 27, 2023, 12:40pm

Is there a bug with Fast track somewhere that breaks packets.. Any other info would be great (links, etc..) This has had me messed up for weeks.

Turning off Fast track DID solve this issue.. So, WTH LOL…

Znevna · October 27, 2023, 1:15pm

Ask your network administrator to take a look at your config looking for settings incompatible with fasttrack.

mkx · October 27, 2023, 1:16pm

I’m not aware of fasttrack messing with individual packets. But it does mess with certain firewall features. One of them is mangling.

Amm0 · October 27, 2023, 1:23pm

I actually thought it was mention in docs, but I don’t see it directly mentioned. But fasttrack has long bypassed the sniffer.

One subtle feature is the using a firewall mangle rule to sniff traffic. So depending on what you’re trying to sniff, you can create a rule with “sniff-tzsp” action to stream to a remote Wireshark. This is useful if your looking at specific protocol like SIP etc.

gunther01 · October 27, 2023, 1:31pm

That’s just it. There are zero firewall, nat, mangle, rules on this router at all. All it does is PPPoE, and route packets. With that said, there are automatically generated queues that come with pppoe. I have a script that deletes them all every 5 minutes since we use an external QOE box. And don’t want to use MT’s queuing.

What I find perplexing, is out of the 7 vpls tunnels that come in to the router before it. Only the one that is running v7, has clients that we couldn’t get in to. Turn on sniffer on this Access concentrator router, and it works fine.. Turned off fast track on this router, it now works fine.. So, it seems like it’s this router causing the issue. If it is indeed fast track causing that, how??

mkx · October 27, 2023, 1:35pm

Post the config of router so we can see what exactly is configured. Without it, we can only guess. And that ain’t fun to me.

gunther01 · October 27, 2023, 10:33pm

I have of course removed some names and IP’s

/interface bridge
add comment=ROUTER-ID mtu=1500 name=LOOPBACK
add disabled=yes name=bridge1
/interface ethernet
set [ find default-name=sfpplus1 ] auto-negotiation=no comment=
“TRUNK TO CORE SWITCH (PORT9)”
/interface vlan
add comment=“To FireWall1” interface=sfpplus1 name=vlan12 vlan-id=12
add comment=“To QOE In to FW1 (core switch P/14)” interface=sfpplus1 name=
vlan17 vlan-id=17
add comment=Management interface=sfpplus1 name=vlan20 vlan-id=20
add comment=“C-VLAN 311 - C” interface=sfpplus1 mtu=1508 name=vlan311
vlan-id=311
add comment=WESTON interface=sfpplus1 mtu=1508 name=vlan312 vlan-id=312
add comment=“C-VLAN 313 - A” interface=sfpplus1 mtu=1508 name=vlan313
vlan-id=313
add comment=“C-VLAN 314 - S” interface=sfpplus1 mtu=1508 name=vlan314
vlan-id=314
add comment=“C-VLAN 315 - ST” disabled=yes interface=sfpplus1 name=vlan315
vlan-id=315
add comment=“C-VLAN 316 - ME” interface=sfpplus1 mtu=1508 name=
vlan316 vlan-id=316
add comment=“C-VLAN- COL” interface=sfpplus1 mtu=1508 name=vlan325 vlan-id=
325
add comment=“CVLAN- CO” interface=sfpplus1 mtu=1508 name=vlan332
vlan-id=332
add comment=“WES” disabled=yes interface=sfpplus1 name=vlan334
vlan-id=334
add comment=“C-VLAN STR” interface=sfpplus1 mtu=1508 name=vlan399 vlan-id=
399
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/ppp profile
set *0 dns-server=208.67.222.222,208.67.220.220 local-address=x.x.x.2
/queue type
set 9 pfifo-limit=50
/routing ospf area
set [ find default=yes ] disabled=yes
/routing ospf instance
set [ find default=yes ] disabled=yes
add name=OSPF-100 redistribute-connected=as-type-1 redistribute-static=
as-type-1 router-id=10.255.250.11
/routing ospf area
add instance=OSPF-100 name=BACKBONE
/ip settings
set allow-fast-path=no max-neighbor-entries=16384
/ipv6 settings
set max-neighbor-entries=16384
/interface pppoe-server server
add disabled=no interface=vlan314 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=S
add disabled=no interface=vlan316 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=Me
add disabled=no interface=vlan311 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=Cr
add disabled=no interface=vlan315 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=Str
add disabled=no interface=vlan313 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=A
add disabled=no interface=vlan325 max-mru=1500 max-mtu=1500 mrru=1600
one-session-per-host=yes service-name=CO
add disabled=no interface=vlan332 max-mru=1500 max-mtu=1500 mrru=1500
service-name=COO
add disabled=no interface=vlan312 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=W
add disabled=no interface=vlan334 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=“Wes”
add disabled=no interface=vlan399 max-mru=1500 max-mtu=1500 mrru=1500
one-session-per-host=yes service-name=ST
/ip address
add address=10.100.1.2/24 disabled=yes interface=sfp1 network=10.100.1.0
add address=10.255.250.11 comment=LOOPBACK interface=LOOPBACK network=
10.255.250.11
add address=x.x.x.246/30 comment=AC1-FW1 interface=vlan12 network=
x.x.x.244
add address=192.168.160.1/24 comment=“Test IP " disabled=yes
interface=vlan316 network=192.168.160.0
add address=192.168.159.1/24 comment=“Test IP S” disabled=yes
interface=vlan314 network=192.168.159.0
add address=10.125.25.1/24 disabled=yes interface=vlan325 network=10.125.25.0
add address=x.x.x.221/30 comment=“To QOE” interface=vlan17 network=
x.x.x.220
/ip dhcp-client
add disabled=no interface=sfp11
/ip route
add disabled=yes distance=1 gateway=x.x.x.222
add comment=“Framed route…” distance=1 dst-address=x.x.x.190/32
gateway=x.x.x.211
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh address=x
set api disabled=yes
set api-ssl disabled=yes
/mpls ldp
set lsr-id=10.255.250.10 transport-address=10.255.250.10
/ppp aaa
set interim-update=5m use-radius=yes
/radius
add address=x.x.x.x secret=X service=ppp src-address=x.x.x.246
timeout=3s
add address=x.x.x.x secret=X service=ppp src-address=x.x.x.246
timeout=3s
add address=10.0.200.6 disabled=yes secret=x service=ppp src-address=
10.255.250.11 timeout=3s
add address=10.0.200.8 disabled=yes secret=x service=ppp src-address=
10.255.250.11 timeout=3s
add address=x.x.x.x secret= timeout=3s
/radius incoming
set accept=yes
/routing ospf interface
add cost=40 dead-interval=4s hello-interval=1s interface=vlan12
retransmit-interval=1s
add dead-interval=4s hello-interval=1s interface=vlan17 retransmit-interval=1s
/routing ospf network
add area=BACKBONE network=10.255.250.11/32
add area=BACKBONE network=10.255.244.0/22
add area=BACKBONE comment=“Feed from FW1” network=x.x.x.244/30
add area=BACKBONE comment=“QOE Link” network=x.x.x.220/30
/system clock
set time-zone-name=America/Chicago
/system identity
set name=xxxx
/system logging
add disabled=yes topics=pppoe
/system ntp client
set enabled=yes primary-ntp=x.x.x.x
/system package update
set channel=long-term
/system scheduler
add interval=5m name=“Remove Queues” on-event=”/queue simple remove [find]"
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-date=aug/22/2023 start-time=12:25:55

mkx · October 28, 2023, 8:22am

Indeed your config doesn’t contain anything that fasttrack might be affecting.

Fastpath is another thing. I see you’re setting slightly larger-than-standard MTU on VLAN interfaces … what are MTU and L2MTU settings on underlying physical interface (sfpplus1)? Make sure they are both large enough to carry 1500byte+PPPoE+VLAN packets including overhead. While vlan interface settings should do the trick (for L3 MTU at least), fastpath might be cutting a corner too many here.

gunther01 · October 30, 2023, 2:10pm

1500 for MTU, 1600 or higher for L2MTU across the whole path. We use 1560 on our MPLS interface settings to accommodate any tagging we do internal to VPLS tunnels.

The only one I can’t seem to set any higher is the bridge group on the far side for the VPLS. It maxes out at 1500 and 1504..