Page 1 of 1

strange phenomenon ospf and NAT

Posted: Fri Aug 16, 2013 8:48 pm
by zelon
I've been using this config for a few years, but it happened already twice.
rb1--ubnt1---ubnt2--rb2.
Between rb1 and rb2 is ospf. Suddenly ospf stopped and I've found, that I can ping rb1 from rb2 but not rb2 from rb1. Mac telnet was working correctly. I've downloaded config from rb1 and uploaded to new device and still no ping. Then I've found, that ping is working when i deactiveate all rules in NAT (all are touching another addresses and ports). When even one rule is active in NAT, ther's no ping. It's strange, because everything else works on this device.

Re: strange phenomenon ospf and NAT

Posted: Fri Aug 16, 2013 8:56 pm
by dancho
do you maybe updated firmware on ubiquiti devices? i had some problems with 5.5.6 and ospf.

Re: strange phenomenon ospf and NAT

Posted: Fri Aug 16, 2013 11:45 pm
by zelon
No, nothing was touched for past 2 months. Best part is when I connected rb1--rb3-ubnt1--ubnt2-rb2 and between rb1 and rb3 was the same. I've been able to ping rb1 from rb3 but not rb3 from rb1. When I've added any new NAT rule to rb3, then OSPF was disconnecting. Maybe there's something in packet flow that I don't know? what really changes when NAT is added? Maybe I've to prepare special NAT rules for routing between ethernet ports?

That was working without any problems for a really long time. Today morning I've found that DHCP is down on this device, CPU has 100% load but OSPF is running. I've rebooted device and then it happened. DHCP started but OSPF died.

Re: strange phenomenon ospf and NAT

Posted: Mon Aug 19, 2013 10:33 am
by mrz
OSPF will not work if source or destination address is changed by NAT in OSPF packets.

Re: strange phenomenon ospf and NAT

Posted: Mon Aug 19, 2013 1:32 pm
by zelon
Yes, i know. But this setup was working on different sets of devices. Once between PC as core router and rb1200 (I just realized that this problem occured a few times) and now between 2 x rb750 and rb750 and rb2011. Can you please check such setup, connect rb1 and rb2 with 10.0.0.65/29 and 10.0.0.66/29 on second device. Then add any NAT rule (in my case that was for example touching packets on different class, dst nat, and marked srcnat). Now I'm unable to ping from device, where NAT was added. When I disable this rule, ping is running. The strange thing is that this setup was working for 3 or 4 months without issues and then started such things.

edit:

I've reproduced this issue on my desk. rb750G and rb600. I've found, that in nat was a 'no-mark' rule. I've added mangle for 10.0.0.65 to mark packets, but question is why this was working before for such a long time? This was probably working until reboot.

Re: strange phenomenon ospf and NAT

Posted: Wed Apr 12, 2017 1:51 am
by letabawireless
Hi

I have fixed this by upgarding to 6.38.5 - had exactly what you had. NAT rules not linked to the OSPF link at all, would cause it to not work. Also, it was not a particular rule. If you disable all but one, no matter which one, OSPF doesnt start. As soon as you disable the last of it, OSPF immediately stays up. Also stays up after re-enabling the rules. Only on restart or if you toggle the OSPF on the new router, it stops functioning.

Re: strange phenomenon ospf and NAT

Posted: Thu Oct 26, 2017 7:45 am
by bloody
Hello Team,

we have exactly the same phenomena here with v6.40.4.
If NAT is enabled on a Router with broadcast OSPF running, then OSPF won't come up.
After disabling the NAT Rule, and rebooting the router, OSPF comes up.
Once it's up, the NAT Rule can be enabled again and OSPF stays up!

Any explanation or fix?

Heiko Rehm

Re: strange phenomenon ospf and NAT

Posted: Sat Apr 07, 2018 12:42 am
by MariusL
Hi guys,

You should double-check your NAT-rules...

I use the «destined for not-private-subnet» (!192.168.0.0/16) -approach as matching criteria for my NAT-rule, this NATed my OSPF multicast traffic. The destination broadcast address 224.0.0.5 is used to send Hello packets to all OSPF routers on a network segment, and 224.0.0.6 is used to send OSPF routing information to designated routers on a network segment.

By narrowing down my NAT rule further and adding the criteria “dst-address-type=unicast”, my OSPF started working again. After way too many hours of headache experiencing the exact same thing as described by letabawireless and bloody...

- Marius

Re: strange phenomenon ospf and NAT

Posted: Tue Apr 24, 2018 4:11 pm
by sri2007
Yep, you must need to check your NAT rules, OSPF is not the only that is affected by NAT, BGP does it too