Community discussions

 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 11:12 am

This is real, this is a serious issue. Mikrotik allows adding networks which overlap each other.
For example:
[admin@rt-office] /ip address add address=10.9.17.89/29 interface=vlan33
[admin@rt-office] /ip address add address=10.9.17.93/30 interface=vlan120

[admin@rt-office] /ip address print where network in 10.9.17.88/29        
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK      INTERFACE
 0   10.9.17.89/29      10.9.17.88   vlan33
 1   10.9.17.93/30      10.9.17.92   vlan120
What's Mikrotik's position on this? This bug should really be fixed ASAP.
 
Ape
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 06, 2013 3:32 pm
Location: Freiburg, Germany
Contact:

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 11:19 am

Hi,

my Ford Focus allows me to drive it against a wall. What's Ford's position on this issue?

To be serious: You configure the device, so you're in charge to do it right, no?

Regards,
Ape
 
Van9018
Long time Member
Long time Member
Posts: 515
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 11:26 am

I have a Ford Escape. It hasn't hit any walls. Ford must've fixed it. Check engine light is always on though.
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 11:34 am

To be serious: You configure the device, so you're in charge to do it right, no?
A very immature and irresponsible approach. The human brain has a hard time dealing with numbers so mistakes are always possible and they can cost a lot (financially too). RouterOS must do some kind of verification to prevent such an issue from occurring. Cisco does that, actually.
 
Ape
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 06, 2013 3:32 pm
Location: Freiburg, Germany
Contact:

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 11:41 am

Hi,

what you're looking for is a feature to add some convenience to handle IP addresses - okay. But it is not a bug in my opinion.
My preference is to avoid any auto-magic mechanism because it prevents you from thinking it through.

Just my thoughts. Your reasoning is logical but not preferrable for everyone ;-)

Regards,
Ape
 
Van9018
Long time Member
Long time Member
Posts: 515
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 1:37 pm

I think having two subnets that overlap would actually be a valid configuration. So I'd have to agree that the prevention of allowing overlapping subnets would be a feature rather than bug fix.

Two separate customers with their own ISPs could each have their own 192.168.88.0/24 subnet but share one 4 port Mikrotik. Maybe this will never happen, but it would work. Flexibility comes at the expense of ease-of-config. Mikrotik tends to lean towards flexibility.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 7:52 pm

The fact that one can mess up things is not a reason to declare something a bug.
The same criteria can be applied to any static IP and manual gateway setting.
Or to the fact that we may have more than one WAN and one LAN on a router.
So let's declare them bugs and eliminate them, too, should we? Because it could mess up things!
This freedom of choices is the strong point in ROS routers, not their weakness.

And yes, mistakes do cost. That's why trained people are needed to do specific jobs, to minimize additional costs. One does not ask the pool boy or the florist to configure an enterprise core router. Because of the hard time dealing with those numbers...

Having 2 overlapping networks like in the example is a valid configuration.
You can have a big subnet on one interface and a subnet of that on another. It is like having another small router on that subnet, connecting the even smaller one, just without the need of an additional router.
Routing will use the route with the most precise mask and it will work without issues.
And proxy arp will allow cross interfaces access.

The best example: a local network say /24 and a vpn connection with /32 in the same subnet.
This is not only allowed, but actually sometimes needed for machines to be able to talk to each other.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 8:21 pm

I can do the exact same thing on any linux distribution. Is it a bug there too ?
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 8:23 pm

Even Windows has this bug...
I don't know about Apple products, but they probably have, not unlike Cisco, some proprietary approach :lol:
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5917
Joined: Mon Jun 08, 2015 12:09 pm

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 8:33 pm

To be serious: You configure the device, so you're in charge to do it right, no?
A very immature and irresponsible approach. The human brain has a hard time dealing with numbers so mistakes are always possible and they can cost a lot (financially too). RouterOS must do some kind of verification to prevent such an issue from occurring. Cisco does that, actually.
I hate the Cisco way of patronizing the user and preventing a configuration that sometimes can be very useful.
I hope MikroTik will not remove this functionality (or at least allows an override) because I use it all the time, for good purpose.
When you waste time debugging issues that are caused by your own mistakes you should not blame it on the router, but
on your unsystematic way of checking things. Else you would have found it without wasting so much time.
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 9:05 pm

I love using overlapping subnets.
It sometimes eases deployments and avoids weird NAT-scenarios.
Also overlapping subnets can solve IPv4 shortage.
It is possible to route between mikrotik routers only wasting one public IPv4 address per Router....
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 10:17 pm

I love using overlapping subnets.
It sometimes eases deployments and avoids weird NAT-scenarios.
Also overlapping subnets can solve IPv4 shortage.
It is possible to route between mikrotik routers only wasting one public IPv4 address per Router....
Are you saying that assigning 10.7.19.89/29 (the same IP address) to two different interfaces and having different hosts on these two interfaces in the same network is a perfectly valid configuration?

Like:
vlan10: 10.10.1.1/24
vlan11: 10.10.1.1/24
vlan12: 10.10.1.1/24

Clients:
vlan10: 10.10.1.45/24 gateway=10.10.1.1
vlan11: 10.10.1.48/24 gateway=10.10.1.1
vlan12: 10.10.1.178/24 gateway=10.10.1.1

You think it's normal to have such a configuration?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1717
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 11:00 pm

normal != possible != usable != bug != lab configurable != avoidable != impossible != valid != cisco way
Real admins use real keyboards.
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: Huge bug: Mikrotik allows adding overlapping networks.

Fri Dec 16, 2016 11:28 pm

Are you saying that assigning 10.7.19.89/29 (the same IP address) to two different interfaces and having different hosts on these two interfaces in the same network is a perfectly valid configuration?

[...]

You think it's normal to have such a configuration?
Such a configuration may be suitable under certain circumstances, i.e. when you wish to isolate the clients and securing the default-gateway without having to hassle with arp-guard and dhcp-snooping.
Communication to the outside world still is possible, when additional interface routes are being configured on the router.

For sure this is not a common configuration. But it would be a HUGE step backwards if the possibility of such configuration would be denied by RouterOS.
Actually the current state of RouterOS makes a lot of things easier than other vendors would ever allow to.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5917
Joined: Mon Jun 08, 2015 12:09 pm

Re: Huge bug: Mikrotik allows adding overlapping networks.

Sat Dec 17, 2016 12:00 am

I love using overlapping subnets.
It sometimes eases deployments and avoids weird NAT-scenarios.
Also overlapping subnets can solve IPv4 shortage.
It is possible to route between mikrotik routers only wasting one public IPv4 address per Router....
Are you saying that assigning 10.7.19.89/29 (the same IP address) to two different interfaces and having different hosts on these two interfaces in the same network is a perfectly valid
This is not what you did! You used two subnets and one is a subnet of the other.
I do that all the time. E.g. to have a small isolated subnet from a larger LAN.
Say your LAN is 192.168.1.0/24 and you want to isolate some hosts on 192.168.1.32/28, you
can configure these two networks on a MikroTik router (two interfaces) and enable proxy-arp
on the interface with the larger subnet, then the router will route between those two networks
and you can do anything usual in a router. (access lists, connection tracking, etc)
A Cisco will not allow this, you are right. But a MikroTik allows this configuration and it is useful.
 
Sob
Forum Guru
Forum Guru
Posts: 4794
Joined: Mon Apr 20, 2009 9:11 pm

Re: Huge bug: Mikrotik allows adding overlapping networks.

Sat Dec 17, 2016 12:05 am

Are you saying that assigning 10.7.19.89/29 (the same IP address) to two different interfaces and having different hosts on these two interfaces in the same network is a perfectly valid configuration?
Even better, you can have hosts with exactly the same address in all those networks! ;) Is it normal? Nope. But it can be useful sometimes. Ok, this one may be going to extreme.

But for example VPN clients using smaller subnet from LAN (e.g. /28 when LAN is /24) and then with help of proxy ARP appearing to be part of that bigger LAN is perfectly normal config used by many people.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 114 guests