Community discussions

MikroTik App
 
jmatuska
newbie
Topic Author
Posts: 34
Joined: Tue Aug 24, 2010 12:50 am

Can't Traceroute to extern /27 network OSPF but can connect

Tue May 21, 2013 8:12 pm

I am having a weird situation. I have several Mikrotik OS Routers on our Wireless WAN routing via OSPF. They connect to a couple Cisco Routers that connect to our internet connections that run both OSPF and BGP. At the end of the Mikrotik Segment I have a static route in the Mikrotik pointing to a local Firewall behind which is the /27 network I am having issues with. I have the last Mikrotik set to redistribute the Static route into OSPF.
Here is a simple Diagram.

Internet----------Cisco1--------Cisco2----------Mikrotik1------------Mikrotik2-------------Mikrotik3----------Firewall------Remote /27 Network

Here is the problem. Even though I can see the route propagating over each Mikrotik and back to the Cisco Routers via OSPF I cannot run any successful traceroutes to this /27 beyond the first Mikrotik. I first assumed it was a problem on how my routes translate between the Cisco routers and the Mikrotiks, however if I run a traceroute on Mikrotik1 or 2 or even 3 it doesn't work either. All other traceroutes including to the /30 between the Mikrotik3 router and the firewall work fine.

If I trace from the internet or my internal network I get as far as the first Mikrotik and then request timed out as follows:
Tracing route to remote /27 network
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms Internal Router
2 3 ms <1 ms <1 ms Cisco Router 1
3 <1 ms <1 ms <1 ms Cisco Router 2
4 1 ms 1 ms 1 ms Mikrotik Router 1
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 ^C


If I Traceroute from Mikrotik1 or Mikrotik2 or even Mikrotik 3 that has a static route to the /27 I get the following:
# ADDRESS RT1 RT2 RT3 STATUS
1 0.0.0.0 0ms 0ms 0ms
2 0.0.0.0 0ms 0ms 0ms
3 0.0.0.0 0ms 0ms 0ms
4 0.0.0.0 0ms 0ms 0ms


Now here is where things get really strange. Even though I cannot successfully traceroute to the /27 hosts from anywhere in the world including all my Mikrotik routers and Cisco Routers somehow. CONNECTIVITY WORKS without issues whatsoever. I can connect to the /27 hosts with any of their open ports/applications other than Ping or Traceroute them and they can connect to the global internet without issues. How this is possible since none of my routers can traceroute to that network is beyond me. As far as I am aware no access lists have been created to block ICMP on this network and I can traceroute to any of the other networks spaces I have running off these and other Mikrotiks. The only thing that seems out of the ordinary to me is the fact that this is a external and not directly connected OSPF route.

Any ideas as to what I could be missing here? Even though this is working and passing traffic future troubleshooting could be a major problem if I can't rely on traceroutes.

Let me know if you have any suggestions or ideas.

Jim
 
rkau045
newbie
Posts: 44
Joined: Mon Jun 25, 2012 9:14 pm

Re: Can't Traceroute to extern /27 network OSPF but can conn

Wed May 22, 2013 1:53 am

Is your firewall filtering the icmp requests?

Sent from my XT912 using Tapatalk 2
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Can't Traceroute to extern /27 network OSPF but can conn

Wed May 22, 2013 4:16 am

Are the Cisco/Mikrotik devices all on public IPs or are RFC1918 addresses involved? Also, what are the routing conditions on the Mikrotiks as regards addresses to the left side of your diagram including general internet addresses?
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
jmatuska
newbie
Topic Author
Posts: 34
Joined: Tue Aug 24, 2010 12:50 am

Re: Can't Traceroute to extern /27 network OSPF but can conn

Thu May 23, 2013 12:57 am

They are all using public ip's for their interfaces although the OSPF processes are using loopbacks that are using private IP's. The mikrotiks can trace anywhere other than the external static route on the far right side of the diagram including sites on the global internet. I just ran a traceroute to yahoo.com from the far right router and it worked fine.
 
jmatuska
newbie
Topic Author
Posts: 34
Joined: Tue Aug 24, 2010 12:50 am

Re: Can't Traceroute to extern /27 network OSPF but can conn

Thu May 23, 2013 9:18 pm

No firewalls blocking the traffic, I just checked the Mikrotik's and they don't have any firewall statements enabled and since this is only affecting 1 external route it would have to be a specific statement directly related to the /27 which is not setup. I'm still thinking it is something OSPF related since it is only affecting traceroute on hosts on that external route and no other directly connected or advertised OSPF routes as I can traceroute to all those hosts without issue.
 
silversword
newbie
Posts: 43
Joined: Tue Jul 23, 2013 3:36 pm

Re: Can't Traceroute to extern /27 network OSPF but can conn

Fri Oct 25, 2013 8:18 pm

Did you ever get this resolved? Having the same issue.

I'm getting different results based on source.

Config: Internet | Nat device 192.168.0.2 | Microtik router 10.0.0.1 (with dude agent installed) | Computer on 10.0.0.x subnet (with dude windows client running)

Depending what source is listed having different results.
2013-10-25 12_44_25-admin@D4_CA_6D_EC_14_F6 (MikroTik) - WinBox v6.5 on RB2011UAS-2HnD (mipsbe).jpg
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 10 guests