Community discussions

MikroTik App
 
bugtoodd
just joined
Topic Author
Posts: 10
Joined: Thu Jun 29, 2017 5:54 pm

Regression on OSPF passive-interface behaviour

Sat Jun 05, 2021 6:23 pm

Hello evertbody
while playing with 6.48.2 and 6.48.3 for a completely non-related scenario, I've found what I believe is a regression in the behaviour of the ospf-passive option.

Please consider this following minimal scenario:

R1:
/interface bridge
add name=loopback protocol-mode=none
/ip address
add address=10.255.153.41 interface=loopback network=10.255.153.41
add address=10.1.1.1/30 interface=ether5 network=10.1.1.0
add address=10.2.2.1/30 interface=ether6 network=10.2.2.0
/routing ospf interface
add passive=yes
add dead-interval=10s hello-interval=2s interface=ether5 network-type=broadcast \
retransmit-interval=1s
add dead-interval=10s hello-interval=2s interface=ether6 network-type=broadcast \
retransmit-interval=1s
/routing ospf network
add area=backbone network=10.255.153.41/32
add area=backbone network=10.2.2.0/30
add area=backbone network=10.1.1.0/30

R2:
/interface bridge
add name=loopback protocol-mode=none
/ip address
add address=10.255.153.42 interface=loopback network=10.255.153.42
add address=10.1.1.2/30 interface=ether5 network=10.1.1.0
add address=10.2.2.2/30 interface=ether6 network=10.2.2.0
/routing ospf interface
add passive=yes
add dead-interval=10s hello-interval=2s interface=ether5 network-type=broadcast \
retransmit-interval=1s
add dead-interval=10s hello-interval=2s interface=ether6 network-type=broadcast \
retransmit-interval=1s
/routing ospf network
add area=backbone network=10.255.153.42/32
add area=backbone network=10.2.2.0/30
add area=backbone network=10.1.1.0/30

These two routers are connected between each other on ether5 and ether6.

This configuration produces the following routing table in R1:
[admin@R1] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE

2 ADC 10.1.1.0/30 10.1.1.1 ether5 0
4 ADC 10.2.2.0/30 10.2.2.1 ether6 0
5 ADo 10.255.153.42/32 10.2.2.2 110
10.1.1.2
6 ADC 10.255.153.41/32 10.255.153.41 loopback 0

If I enable passive-interface in R2 ether5 or ether6, the route to 10.255.153.42 (R2 loopback) disappears for a few seconds before getting reinstalled with the remaining active path:

[admin@R1] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
2 ADC 10.1.1.0/30 10.1.1.1 ether5 0
4 ADC 10.2.2.0/30 10.2.2.1 ether6 0
5 ADC 10.255.153.41/32 10.255.153.41 loopback 0

...wait a few seconds:

[admin@R1] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
2 ADC 10.1.1.0/30 10.1.1.1 ether5 0
4 ADC 10.2.2.0/30 10.2.2.1 ether6 0
5 ADo 10.255.153.42/32 10.2.2.2 110
6 ADC 10.255.153.41/32 10.255.153.41 loopback 0

This causes packet loss while waiting for the route to be installed.

If at this point I remove the "passive-interface" from ether5 on R1 (re-enable OSPF on the interface), I see that the route to 10.255.153.42 (R2 loopback) disappears again for a few seconds and then reappears with both paths, causing packet loss again.

I tried also changing the path costs to avoid ECMP but the result is the same.

If I drop OSPF from the input firewall on the interface I want to disable ospf on, paths are added/removed as expected without packet loss.

I believe this is a regression in the behaviour: me and my team have been using "passive-interface" on OSPF for more than a decade when performing maintanence on links and never observed it.

Can anybody confirm this behaviour and suggest a version that it is not showing it? Otherwise I'll start downgrading to older versions until I find at which point this issue was not present.

Thanks,
Daniel

Who is online

Users browsing this forum: No registered users and 19 guests