Logs show ospf: Discarding Database Descriptor packet on bridge1 too large mtu
mine - 1280
recevied - 1500
Just want to connect two routers with EOIP, from bridge1 on one, to bridge1 on the other.
Thanks, full description below.
Running RB1100x with 45.3 on two routers.
Location A and router A supports 10.0.0.1/24 with a number of servers on it.
Location B and router B is connected to by wireless routed connections across multiple router hops.
Both routers have an upstream internet port that is not bridged to any other port on either router.,
Both routers support many different subnets local only to those routers, on ports that are bridged to each other on bridge 1.
I wish to move servers one at a time from location A to location B without renumbering their IP numbers.
Thus both Router A and Router B must support 10.0.0.1/24 at the same time.
Solution: create 1 EOIP link on each router pointing to the other WITHOUT yet assigning any IP's to either EOIP interface.
Then add the EOIP interface to bridge 1 where the present servers are located on router A.
At that moment the OSPF crashes on router A and vanishes.
Can some one help me or point the way to RTFM.
Notice all firewalls are disabled except first two lines.
# model = 1100AHx2
# serial number = 5740042B9881
/interface bridge
add disabled=yes name=bridge-eoip
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment="Upstream to Spectrum" disabled=yes \
speed=100Mbps
set [ find default-name=ether2 ] comment=FVSW speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] comment="BONDED -> FVR" speed=100Mbps
set [ find default-name=ether10 ] comment="BONDED -> FVR" mac-address=\
4C:5E:0C:00:FA:09 speed=100Mbps
set [ find default-name=ether11 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether12 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether13 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface eoip
add allow-fast-path=no mac-address=02:D2:1A:69:A3:26 name=eoip-tunnel1 \
remote-address=10.16.0.81 tunnel-id=1
/interface bonding
add mode=802.3ad name=bonding1 slaves=ether10,ether9 transmit-hash-policy=\
layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pptp-pool ranges=10.16.42.10-10.16.42.250
/ppp profile
add idle-timeout=1h local-address=pptp-pool name=pptp-profile remote-address=\
pptp-pool session-timeout=1h use-compression=no use-encryption=no use-mpls=\
no
/routing bgp instance
set default as=65436 router-id=198.179.120.106
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-1 redistribute-static=\
as-type-1 router-id=10.16.0.1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 hw=no interface=bonding1
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether6
add bridge=bridge-eoip hw=no interface=ether7
add bridge=bridge1 disabled=yes interface=eoip-tunnel1
/ip firewall connection tracking
set enabled=yes tcp-established-timeout=1h
/ip settings
set secure-redirects=no send-redirects=no
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=yes
/ip address
add address=198.179.120.108/29 disabled=yes interface=ether1 network=\
198.179.120.104
add address=198.179.120.106/29 disabled=yes interface=ether1 network=\
198.179.120.104
add address=198.179.120.107/29 disabled=yes interface=ether1 network=\
198.179.120.104
add address=64.57.176.1/26 interface=bridge1 network=64.57.176.0
add address=64.57.176.9/29 interface=bridge1 network=64.57.176.8
add address=64.57.176.17/28 interface=bonding1 network=64.57.176.16
add address=64.57.176.33/27 interface=bridge1 network=64.57.176.32
add address=64.57.179.153/30 interface=bridge1 network=64.57.179.152
add address=64.57.184.1/24 interface=bridge1 network=64.57.184.0
add address=10.16.80.1/24 interface=bridge1 network=10.16.80.0
add address=172.16.176.33/27 interface=bridge1 network=172.16.176.32
add address=10.16.0.1/29 interface=bridge1 network=10.16.0.0
add address=64.57.176.97/28 interface=bridge1 network=64.57.176.96
add address=64.57.176.81/28 interface=bridge1 network=64.57.176.80
add address=10.110.1.1/24 interface=bridge1 network=10.110.1.0
add address=64.57.176.113/29 interface=bridge1 network=64.57.176.112
add address=64.57.182.9/29 disabled=yes interface=bridge1 network=64.57.182.8
add address=64.57.177.77/30 interface=bridge1 network=64.57.177.76
add address=10.16.42.1/24 interface=bridge1 network=10.16.42.0
add address=10.16.4.1/24 interface=eoip-tunnel1 network=10.16.4.0
add address=64.57.186.1/24 disabled=yes interface=bridge1 network=64.57.186.0
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h servers=64.57.176.24,8.8.8.8
/ip firewall address-list
add address=64.57.176.0/20 list=local
add address=10.0.0.0/8 list=local
/ip firewall filter
add action=accept chain=output protocol=ospf src-address=10.16.0.0/24
add action=drop chain=output disabled=yes protocol=ospf
add action=accept chain=input disabled=yes dst-port=1723 protocol=tcp
add action=accept chain=input disabled=yes protocol=gre
add action=drop chain=input disabled=yes dst-port=21 in-interface=ether1 \
protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=yes dst-port=22 in-interface=ether1 \
protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=yes dst-port=23 in-interface=ether1 \
protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input disabled=yes dst-port=53 in-interface=ether1 \
protocol=udp src-address=0.0.0.0/0
add action=jump chain=forward disabled=yes dst-port=53 in-interface=ether1 \
jump-target=FORDNS protocol=udp
add action=jump chain=forward disabled=yes dst-port=53 in-interface=ether1 \
jump-target=FORDNS protocol=tcp
add action=jump chain=forward disabled=yes dst-port=23 in-interface=ether1 \
jump-target=FORTELNET protocol=tcp
add action=jump chain=forward disabled=yes dst-port=25 in-interface=ether1 \
jump-target=FORMAIL protocol=tcp
add action=jump chain=forward disabled=yes dst-port=587 in-interface=ether1 \
jump-target=FORMAIL protocol=tcp
add action=jump chain=forward disabled=yes in-interface=ether1 jump-target=\
FORLOCK
add action=accept chain=FORDNS disabled=yes dst-address=64.57.176.2 \
in-interface=ether1
add action=accept chain=FORDNS disabled=yes dst-address=64.57.176.3 \
in-interface=ether1
add action=accept chain=FORDNS disabled=yes dst-address=64.57.176.6 \
in-interface=ether1
add action=accept chain=FORDNS disabled=yes dst-address=64.57.176.11 \
in-interface=ether1
add action=accept chain=FORDNS disabled=yes dst-address=64.57.176.12 \
in-interface=ether1
add action=accept chain=FORDNS disabled=yes in-interface=ether1 src-address=\
184.74.74.149
add action=drop chain=FORDNS disabled=yes in-interface=ether1
add action=drop chain=FORMAIL disabled=yes dst-address=64.57.176.4 \
in-interface=ether1
add action=drop chain=FORMAIL disabled=yes dst-address=64.57.176.6 \
in-interface=ether1
add action=drop chain=FORMAIL disabled=yes dst-address=64.57.184.20 \
in-interface=ether1
add action=drop chain=FORMAIL disabled=yes dst-address=64.57.176.20 \
in-interface=ether1
add action=drop chain=FORMAIL disabled=yes dst-address=64.57.176.10 \
in-interface=ether1
add action=drop chain=FORMAIL disabled=yes dst-address=64.57.176.13 \
in-interface=ether1
add action=drop chain=FORMAIL disabled=yes dst-address=64.57.176.80/28 \
in-interface=ether1
add action=return chain=FORMAIL disabled=yes in-interface=ether1
add action=drop chain=FORTELNET disabled=yes dst-address=64.57.180.1 \
in-interface=ether1
add action=drop chain=FORTELNET disabled=yes dst-address=64.57.180.10 \
in-interface=ether1
add action=drop chain=FORTELNET disabled=yes dst-address=64.57.180.14 \
in-interface=ether1
add action=return chain=FORTELNET disabled=yes in-interface=ether1
add action=drop chain=FORLOCK disabled=yes in-interface=ether1 src-address=\
86.138.214.84
add action=drop chain=FORLOCK disabled=yes in-interface=ether1 src-address=\
197.239.80.0/24
add action=drop chain=FORLOCK disabled=yes in-interface=ether1 src-address=\
66.70.162.161
add action=drop chain=FORLOCK disabled=yes dst-address=64.57.176.18 dst-port=\
111 in-interface=ether1 protocol=udp src-address-list=!local
add action=drop chain=FORLOCK disabled=yes dst-address=64.57.176.34 dst-port=\
111 in-interface=ether1 protocol=udp src-address-list=!local
/ip firewall nat
add action=src-nat chain=srcnat dst-address=0.0.0.0/0 out-interface=ether1 \
src-address=10.0.0.0/8 to-addresses=198.179.120.107
/ip route
add distance=1 gateway=10.16.0.4
add distance=1 dst-address=10.0.0.12/30 gateway=64.57.176.28
add distance=1 dst-address=10.2.0.0/16 gateway=64.57.176.23
add distance=1 dst-address=10.16.29.64/27 gateway=64.57.176.24
add disabled=yes distance=1 dst-address=10.17.0.0/24 gateway=64.57.176.23
add distance=1 dst-address=10.17.6.0/24 gateway=64.57.176.24
add distance=1 dst-address=10.17.42.0/24 gateway=10.16.80.13
add distance=1 dst-address=64.57.179.64/28 gateway=64.57.176.35
add distance=1 dst-address=64.57.179.80/28 gateway=64.57.176.34
add disabled=yes distance=1 dst-address=64.57.180.0/24 gateway=64.57.176.28
add distance=1 dst-address=64.57.182.8/29 gateway=64.57.176.39
add distance=1 dst-address=64.57.182.32/28 gateway=64.57.176.36
add distance=1 dst-address=64.57.182.48/29 gateway=64.57.176.39
add disabled=yes distance=1 dst-address=64.57.184.0/24 gateway=64.57.176.28
/ip service
set telnet address=64.57.176.0/20,10.0.0.0/8
set ftp address=64.57.176.0/20,10.0.0.0/8
set www address=64.57.176.0/20,10.0.0.0/8
set ssh address=64.57.176.0/20,10.0.0.0/8
set www-ssl address=64.57.176.0/20,10.0.0.0/8 disabled=no
set api address=64.57.176.0/20,10.0.0.0/8
set winbox address=64.57.176.0/20,10.0.0.0/8
set api-ssl address=64.57.176.0/20,10.0.0.0/8
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip traffic-flow
set enabled=yes
/ip traffic-flow target
add dst-address=10.16.36.247 version=5
/ppp secret
add name=homer password=hello profile=pptp-profile service=pptp
add name=sadams password=zipzap profile=pptp-profile service=pptp
/routing bgp network
add disabled=yes network=64.57.176.0/20 synchronize=no
add disabled=yes network=64.57.176.0/24 synchronize=no
add disabled=yes network=64.57.178.0/24 synchronize=no
add disabled=yes network=64.57.182.0/24 synchronize=no
add disabled=yes network=64.57.179.0/24 synchronize=no
add disabled=yes network=64.57.180.0/24 synchronize=no
add disabled=yes network=64.57.184.0/24 synchronize=no
add disabled=yes network=64.57.185.0/24 synchronize=no
add disabled=yes network=64.57.183.0/24 synchronize=no
add disabled=yes network=64.57.186.0/24 synchronize=no
add disabled=yes network=64.57.188.0/24 synchronize=no
add disabled=yes network=64.57.189.0/24 synchronize=no
add disabled=yes network=64.57.190.0/24 synchronize=no
add disabled=yes network=64.57.191.0/24 synchronize=no
add disabled=yes network=64.57.181.0/24 synchronize=no
add disabled=yes network=64.57.187.0/24 synchronize=no
/routing bgp peer
add disabled=yes name=peer1 remote-address=198.179.120.105 remote-as=11351 ttl=\
default
/routing ospf nbma-neighbor
add address=10.16.0.4 disabled=yes
/routing ospf network
add area=backbone
/snmp
set contact="607 277 0959" enabled=yes location=Fairview
/system clock
set time-zone-name=America/Denver
/system identity
set name=coremik
/system logging
set 0 topics=info,!dhcp
/system ntp client
set enabled=yes primary-ntp=64.57.176.3 secondary-ntp=64.57.176.3
/system ntp server
set enabled=yes
/system watchdog
set watchdog-timer=no
/tool graphing interface
add
add interface=ether1
/tool sniffer
set filter-interface=ether2 filter-ip-protocol=ospf \
filter-operator-between-entries=and
[homer@coremik] >
Thanks in advance,
Homer W Smith, CEO Lightlink Internet
-
-
homerwsmith
Member Candidate
- Posts: 166
- Joined:
- Location: Ithaca, NY
- Contact:
Re: EOIP breaks OSPF
Do not use EOiP unless it's the absolutely only possibility, it has a huge MTU overhead.
Sounds like using GRE in this case is better.
Sounds like using GRE in this case is better.
-
-
homerwsmith
Member Candidate
- Posts: 166
- Joined:
- Location: Ithaca, NY
- Contact:
Re: EOIP breaks OSPF
Yes thanks, EOIP is slow as sin however it is only for a limited time whle we are moving the servers. These are not high bandwidth servers.
During that time a common subnet MUST span both ends of the tunnel to avoid having to renumber the servers before they move one by one,
a political but unavoidable issue.
Can GRE do that?
Homer
During that time a common subnet MUST span both ends of the tunnel to avoid having to renumber the servers before they move one by one,
a political but unavoidable issue.
Can GRE do that?
Homer
-
-
homerwsmith
Member Candidate
- Posts: 166
- Joined:
- Location: Ithaca, NY
- Contact:
Re: EOIP breaks OSPF [SOLVED]
Make sure MTU is forced to 1500 on both the EOIP and the bridges they are joined to.
Then turn off STP on both bridge and EOIP.
Homer
Then turn off STP on both bridge and EOIP.
Homer
Who is online
Users browsing this forum: No registered users and 20 guests