Community discussions

MikroTik App
 
marklodge
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Sun Jun 21, 2009 6:15 pm

A strange routing issue, works if OSPF is disabled

Fri Apr 03, 2020 10:23 pm

Here is a diagram of the network, basically its just two routers with a wireless PtP link between them.
MAP1.jpg
So, the address of this side of the link is: 10.200.0.4/29 and the remote side is: add address=10.200.0.1/29
The issue is that if I disable the following I can access the remote pppoe clients.But if I enable it, I can not even ping the remote clients.
/routing ospf interface
add disabled=[b]yes[/b] interface=ether6 network-type=point-to-point
/routing ospf network
add area=backbone disabled=[b]yes [/b]network=10.200.0.0/29
The strange thing is, whether I enable or disable the OSPF interface, the route is of the remote client is still going to through to the same gateway IP

So, the route with the OSPF interface enabled looks like this: (when its like this I cannot ping the remote client)

 0 A S  dst-address=0.0.0.0/0 gateway=10.200.0.1 
        gateway-status=10.200.0.1 reachable via  ether6 check-gateway=ping 
        distance=1 scope=30 target-scope=10 
		
		
816 ADo  dst-address=10.6.0.4/32 gateway=10.200.0.1 
        gateway-status=10.200.0.1 reachable via  ether6 distance=110 scope=20 
        target-scope=10 ospf-metric=30 ospf-type=inter-area 
		
		
Without OSPF, the following route is removed and then I can reach the remote client:
816 ADo  dst-address=10.6.0.4/32 gateway=10.200.0.1 
        gateway-status=10.200.0.1 reachable via  ether6 distance=110 scope=20 
        target-scope=10 ospf-metric=30 ospf-type=inter-area 

So, with OSPF or without, to reach the ip: 10.6.0.4 it goes through 10.200.0.1.
But why is it unreachable when the more specific route is added? [dst-address=10.6.0.4/32 gateway=10.200.0.1 ] Is it because of the Target scope? if so, why?



Full relevant config below:
# apr/03/2020 20:20:17 by RouterOS 6.45.8

/interface bridge
add fast-forward=no name=LoopBack
add fast-forward=no name=Management-Bridge
add fast-forward=no name=Sector-Bridge
add name=Ytower-Internal-Home
/interface ethernet
set [ find default-name=ether1 ] comment="<-- Sector 1 " speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] comment="LAB -->" speed=100Mbps
set [ find default-name=ether4 ] comment="<-- Xtower" speed=100Mbps
set [ find default-name=ether5 ] comment=LAB-PTP-Ytower speed=100Mbps
set [ find default-name=ether6 ] comment="New Link Ytower PtP Xtower" speed=\
    100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
	
/interface vlan
add interface=ether2 name=Management-VLAN vlan-id=10
add interface=ether1 name=Managment-Sector-1 vlan-id=10
add comment="For Ytower Internet" interface=ether10 name=\
    Ytower-Internal-Internet-VLAN vlan-id=101
add disabled=yes interface=ether6 name=vlan58 vlan-id=58
add interface=ether6 name=Ytower-ptp-Xtower vlan-id=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=Ytower-Tower-Core
/ip pool
add name=PPPoE-Pool ranges=10.35.0.2-10.35.0.200
/ppp profile
add dns-server=10.31.31.105,8.8.8.8 local-address=10.35.0.1 name=\
    PPPoE-Profile only-one=yes remote-address=PPPoE-Pool

	
/routing ospf area
add area-id=10.0.0.0 name=external
/routing ospf instance
set [ find default=yes ] mpls-te-area=backbone mpls-te-router-id=LoopBack \
    router-id=10.255.255.2
/snmp community
set [ find default=yes ] name=techt


/interface bridge port
add bridge=Ytower-Internal-Home interface=Ytower-Internal-Internet-VLAN
add bridge=Management-Bridge interface=Managment-Sector-1
add bridge=Management-Bridge interface=Management-VLAN
add bridge=Management-Bridge interface=Ytower-ptp-Xtower
/interface pppoe-server server
add default-profile=PPPoE-Profile disabled=no interface=Sector-Bridge \
    service-name=Clients
add default-profile=PPPoE-Profile disabled=no interface=ether1 \
    one-session-per-host=yes service-name=service1
add default-profile=PPPoE-Profile disabled=no interface=ether2 \
    one-session-per-host=yes service-name=service2
add default-profile=PPPoE-Profile disabled=no interface=Ytower-Internal-Home \
    one-session-per-host=yes service-name=service3
/ip address
add address=10.255.255.2 interface=LoopBack network=10.255.255.2
add address=10.200.0.4/29 interface=ether6 network=10.200.0.0
add address=10.58.58.1/29 interface=vlan58 network=10.58.58.0
/ip cloud
set update-time=no


/ip dns
set allow-remote-requests=yes servers=10.31.31.105,8.8.8.8
/ip firewall address-list
add address=10.2.1.243 comment=SpLBL_152-154 list=SpLBL_blocked
/ip firewall filter
add action=drop chain=forward dst-port=25 log-prefix=SPAM protocol=tcp
add chain=forward comment="Splynx Blocking Rules - begin" disabled=yes
add action=jump chain=forward comment=SpBlockingRule-70429330 \
    dst-address-list=!splynx-white-resources jump-target=splynx-blocked \
    src-address-list=SpLBL_blocked
add action=jump chain=forward comment=SpBlockingRule-57910545 \
    dst-address-list=!splynx-white-resources jump-target=splynx-blocked \
    src-address-list=SpLBL_new
add action=jump chain=forward comment=SpBlockingRule-2153807803 \
    dst-address-list=!splynx-white-resources jump-target=splynx-blocked \
    src-address-list=Reject_0
add action=jump chain=forward comment=SpBlockingRule-4150742829 \
    dst-address-list=!splynx-white-resources jump-target=splynx-blocked \
    src-address-list=Reject_1
add action=jump chain=forward comment=SpBlockingRule-1852710551 \
    dst-address-list=!splynx-white-resources jump-target=splynx-blocked \
    src-address-list=Reject_2
add action=jump chain=forward comment=SpBlockingRule-426323457 \
    dst-address-list=!splynx-white-resources jump-target=splynx-blocked \
    src-address-list=Reject_3
add action=jump chain=forward comment=SpBlockingRule-2265824162 \
    dst-address-list=!splynx-white-resources jump-target=splynx-blocked \
    src-address-list=Reject_4
add action=accept chain=splynx-blocked comment=SpBlockingRule-3053659851 \
    dst-limit=2,0,src-address/1m40s dst-port=53 protocol=udp
add action=reject chain=splynx-blocked comment=SpBlockingRule-3070586937 \
    dst-limit=10,0,src-address/1m40s reject-with=icmp-admin-prohibited
add action=drop chain=splynx-blocked comment=SpBlockingRule-496360353
add chain=forward comment="Splynx Blocking Rules - end" disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether6
/ip route
add check-gateway=ping distance=1 gateway=10.200.0.1


add distance=1 dst-address=196.250.54.62/32 gateway=10.200.0.1 scope=10


/mpls ldp
set enabled=yes lsr-id=10.255.255.2 transport-address=10.255.255.2
/mpls ldp interface
add interface=LoopBack
add interface=ether6
add interface=ether3
/ppp aaa
set use-radius=yes

/routing ospf interface
add disabled=yes interface=ether6 network-type=point-to-point
/routing ospf network
add area=backbone network=10.255.255.2/32
add area=backbone disabled=yes network=10.200.0.0/29
add area=external network=10.3.0.0/22
add area=external network=10.2.0.0/22
add area=external network=10.4.0.0/22
add area=external network=10.5.0.0/22
add area=external network=10.6.0.0/22
add area=external network=10.7.0.0/22
add area=external network=10.8.0.0/22
add area=external network=10.9.0.0/22
add area=external network=10.10.0.0/22
add area=external network=10.16.0.0/22
add area=external network=10.17.0.0/24


/system clock
set time-zone-autodetect=no time-zone-name=Africa/Johannesburg
/system identity
set name=Ytower-1
/system ntp client
set enabled=yes primary-ntp=156.38.0.155 secondary-ntp=41.223.244.123
/system package update
set channel=long-term

/tool graphing interface
add
add
/tool graphing queue
add
add
/tool romon
set enabled=yes
You do not have the required permissions to view the files attached to this post.
 
User avatar
macsrwe
Forum Guru
Forum Guru
Posts: 1007
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: A strange routing issue, works if OSPF is disabled

Sat Apr 04, 2020 1:10 am

You may be looking for the problem on the wrong unit. OSPF should be constructing reciprocal routes on the other unit, and those may be wrong.

Torch the interface at 10.6.0.4 to see if your requests from 10.200.0.4 are arriving and departing. Torch the interface at 10.200.0.1 and I suspect you will see them arriving but not departing. Examine the return routing inside 10.200.0.1 to find a potential problem.
 
marklodge
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Sun Jun 21, 2009 6:15 pm

Re: A strange routing issue, works if OSPF is disabled

Tue Apr 07, 2020 12:14 am

You may be looking for the problem on the wrong unit. OSPF should be constructing reciprocal routes on the other unit, and those may be wrong.

Torch the interface at 10.6.0.4 to see if your requests from 10.200.0.4 are arriving and departing. Torch the interface at 10.200.0.1 and I suspect you will see them arriving but not departing. Examine the return routing inside 10.200.0.1 to find a potential problem.
Firstly, my map was incorrect, please find correct map below. I apologias for this.
correctedmap.jpg
Anyway I have done as advised,
Torch the interface at 10.6.0.4 to see if your requests from 10.200.0.4 are arriving and departing.
Result: Without OSPF:
Src: 10.6.0.4 Dst: 10.100.100.10 (XTower interface)
Works

Result: With OSPF:

Src: 10.6.0.4 Dst: 10.200.0.4
Does not work

So, when OSPF is enabled, the Router(ZTower) tries to reply directly to 10.200.0.4, instead of going via RouterX. Or whats happening and how will I solve it?
You do not have the required permissions to view the files attached to this post.
 
User avatar
macsrwe
Forum Guru
Forum Guru
Posts: 1007
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: A strange routing issue, works if OSPF is disabled

Tue Apr 07, 2020 12:24 am

Your new figure contains nearly no IP address labels, so I can't follow your explanation.

If you have determined that return routing of messages from 10.6.0.4 is failing with OSPF enabled, then run a traceroute from 10.6.0.4 to the original origin of the message, examine the results with OSPF disabled and enabled, and determine where in the path OSPF is breaking the routing, then why.
 
marklodge
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Sun Jun 21, 2009 6:15 pm

Re: A strange routing issue, works if OSPF is disabled

Tue Apr 07, 2020 1:48 am

Your new figure contains nearly no IP address labels, so I can't follow your explanation.

If you have determined that return routing of messages from 10.6.0.4 is failing with OSPF enabled, then run a traceroute from 10.6.0.4 to the original origin of the message, examine the results with OSPF disabled and enabled, and determine where in the path OSPF is breaking the routing, then why.
Here is the map with IPs
newmap.jpg
Right now, I changed the 10.200.0.0/29 network in OSPF to another area, External area which I had created previously (Client CPEs are on the external area)
So this is a temporary workaround, as it gives me the routes required so that I can access the CPEs on YRouter but it does not receive specific routes for all other CPEs on the network, yet it can reach them as it only has one gateway, and that is to XRouter (core)

But I would like to peruse this issue to get to the bottom of it and increase my knowledge
You do not have the required permissions to view the files attached to this post.
 
User avatar
macsrwe
Forum Guru
Forum Guru
Posts: 1007
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: A strange routing issue, works if OSPF is disabled

Tue Apr 07, 2020 1:59 am

I have already told you the most straightforward way to pursue this issue. Let me know when you have performed it.
 
marklodge
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Sun Jun 21, 2009 6:15 pm

Re: A strange routing issue, works if OSPF is disabled

Tue Jun 23, 2020 5:44 am

I have already told you the most straightforward way to pursue this issue. Let me know when you have performed it.
Thank you very much, you helped me by pointing out the torch function.
The issue was a firewall rule that was dropping invalid connections (default mikrotik firewall)
Once that was disabled it worked fine.

Who is online

Users browsing this forum: loloski and 18 guests