Community discussions

MikroTik App
 
BryanBarb
just joined
Topic Author
Posts: 14
Joined: Mon Feb 24, 2020 12:24 am

Packetloss on only IPv6

Mon Jun 07, 2021 8:42 pm

Hello MK forum.

I've a long standing issue (1 month) on our IPv6 connection in the datacenter.
Our datacenter says it's something within my router. Which can be possible, but I cannot come up with a solution.

My current configuration is as follows:
Router:
[admin@cr1.ls1.cloudwebservices.network] > export hide-sensitive 
# jun/07/2021 19:35:58 by RouterOS 6.48.3
# software id = CDNB-4WJQ
#
# model = CCR1036-8G-2S+
# serial number = C6CC0B5FEE16
/interface bridge
add fast-forward=no name=Bridge1 priority=0x1000 pvid=23 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
/interface vlan
add interface=sfp-sfpplus1 name=VLAN23 vlan-id=23
/ip ipsec profile
set [ find default=yes ] dh-group=ecp384,ecp521,modp2048,modp1024 \
    enc-algorithm=aes-256 hash-algorithm=sha512 prf-algorithm=sha512
/ip ipsec proposal
set [ find default=yes ] disabled=yes
/ip pool
add name=VPN ranges=10.2.0.0/24
/routing bgp instance
set default as=213268 router-id=103.219.152.1
/routing ospf instance
set [ find default=yes ] disabled=yes
/routing ospf-v3 instance
set [ find default=yes ] disabled=yes
/snmp community
set [ find default=yes ] disabled=yes
add addresses=103.219.152.245/32 authentication-protocol=SHA1 \
    encryption-protocol=AES name=Welloe security=authorized
/interface bridge port
add bridge=Bridge1 hw=no interface=ether1 pvid=23
add bridge=Bridge1 hw=no interface=sfp-sfpplus2 pvid=23
add bridge=Bridge1 hw=no interface=ether2 pvid=23
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=none protocol=""
/ip settings
set allow-fast-path=no icmp-rate-limit=0 max-neighbor-entries=16384 \
    route-cache=no rp-filter=strict secure-redirects=no send-redirects=no
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no
/interface bridge vlan
add bridge=Bridge1 vlan-ids=23
/interface ovpn-server server
set auth=sha1 certificate=Server cipher=aes256 netmask=32 port=443 \
    require-client-certificate=yes
/ip accounting web-access
set address=80.61.14.176/32
/ip address
add address=103.219.152.1/24 interface=Bridge1 network=103.219.152.0
add address=103.219.155.10/30 interface=VLAN23 network=103.219.155.8
/ip dns
set servers=103.219.152.4,103.219.152.6
/ip ipsec policy
set 0 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no
/ipv6 address
add address=2a09:3c00:1::1 advertise=no interface=Bridge1
add address=2a06:5b81:0:3:0:20:7083:2 advertise=no interface=VLAN23
add address=2a09:3c00:1:5::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:2::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:3::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:1::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:6::1 advertise=no interface=Bridge1
/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes interface=Bridge1
/ipv6 route
add distance=1 dst-address=2a09:3c00:1::/48 gateway=Bridge1
/lcd
set color-scheme=dark
/lcd pin
set pin-number=2873
/routing bfd interface
set [ find default=yes ] disabled=yes
/routing bgp network
add network=103.219.152.0/24
add network=2a09:3c00:1::/48
/routing bgp peer
add address-families=ip,ipv6 in-filter=IPv4-TO-ISP-IN name=peer1 out-filter=\
    IPv4-TO-ISP-OUT remote-address=103.219.155.9 remote-as=207083 ttl=default
add address-families=ip,ipv6 in-filter=IPv6-TO-ISP-IN name=peer2 out-filter=\
    IPv6-TO-ISP-OUT remote-address=2a06:5b81:0:3:0:20:7083:1 remote-as=207083 \
    ttl=default
/routing filter
add action=accept append-bgp-communities="" bgp-communities="" chain=\
    IPv6-TO-ISP-OUT prefix=2a09:3c00:1::/48 set-bgp-communities=""
add action=accept chain=IPv4-TO-ISP-OUT prefix=103.219.152.0/24 \
    set-bgp-communities=""
add action=discard chain=IPv6-TO-ISP-IN prefix=3ffe::/16 prefix-length=16-128
add action=discard chain=IPv6-TO-ISP-IN prefix=2a09:3c00:1::/48 prefix-length=\
    48-128
add action=discard chain=IPv6-TO-ISP-IN prefix=2001:db8::/32 prefix-length=\
    32-128
add action=discard chain=IPv6-TO-ISP-IN prefix=fe00::/9 prefix-length=9-128
add action=discard chain=IPv6-TO-ISP-IN prefix=ff00::/8 prefix-length=8-128
add action=accept chain=IPv6-TO-ISP-IN
add action=discard bgp-communities="" chain=IPv6-TO-ISP-OUT
add action=discard chain=IPv4-TO-ISP-OUT
add action=discard chain=IPv6-TO-ISP-IN prefix=::/8 prefix-length=8-128
add action=discard chain=IPv4-TO-ISP-IN prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=IPv4-TO-ISP-IN prefix=172.16.0.0/12 prefix-length=\
    12-32
add action=discard chain=IPv4-TO-ISP-IN prefix=192.168.0.0/16 prefix-length=\
    16-32
add action=discard chain=IPv4-TO-ISP-IN prefix=169.254.0.0/16 prefix-length=\
    16-32
add action=discard chain=IPv4-TO-ISP-IN prefix=224.0.0.0/3 prefix-length=3-32
add action=discard chain=IPv4-TO-ISP-IN prefix=193.148.248.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=194.124.236.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=193.148.249.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=103.219.152.0/24 prefix-length=\
    24-32
add action=discard chain=IPv4-TO-ISP-IN prefix=195.48.40.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=93.158.213.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=46.148.124.0/24
add action=accept chain=IPv4-TO-ISP-IN
/snmp
set enabled=yes location=Lelystad trap-community=Welloe trap-interfaces=all \
    trap-target=103.219.152.245 trap-version=3
Switch:
[admin@cs1.cloudwebservices.network] > export hide-sensitive 
# jun/07/2021 19:54:28 by RouterOS 6.48.3
# software id = X99Y-Z9ER
#
# model = CRS317-1G-16S+
# serial number = 955C0A6EC453
/interface bridge
add admin-mac=74:4D:28:7B:78:14 auto-mac=no comment=defconf fast-forward=no \
    name=bridge priority=0x2000 pvid=23 vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=1592 name="10G Uplink"
set [ find default-name=sfp-sfpplus8 ] l2mtu=1592 name=Antares-1
set [ find default-name=sfp-sfpplus9 ] l2mtu=1592 name=Antares-2
set [ find default-name=sfp-sfpplus6 ] l2mtu=1592 name=BackupL1
set [ find default-name=sfp-sfpplus7 ] l2mtu=1592 name=BackupL2
set [ find default-name=sfp-sfpplus4 ] l2mtu=1592 name="CLUSTER ARIANE"
set [ find default-name=sfp-sfpplus2 ] l2mtu=1592 name="CLUSTER ATLAS"
set [ find default-name=sfp-sfpplus3 ] l2mtu=1592 name="INET ARIANE"
set [ find default-name=sfp-sfpplus5 ] l2mtu=1592 name="INET ATLAS"
set [ find default-name=ether1 ] l2mtu=1592 name=MGMT
set [ find default-name=sfp-sfpplus12 ] disabled=yes l2mtu=1592 name=\
    "SFP+ Port 12"
set [ find default-name=sfp-sfpplus13 ] disabled=yes l2mtu=1592 name=\
    "SFP+ Port 13"
set [ find default-name=sfp-sfpplus14 ] disabled=yes l2mtu=1592 name=\
    "SFP+ Port 14"
set [ find default-name=sfp-sfpplus15 ] disabled=yes l2mtu=1592 name=\
    "SFP+ Port 15"
set [ find default-name=sfp-sfpplus16 ] disabled=yes l2mtu=1592 name=\
    "SFP+ Port 16"
set [ find default-name=sfp-sfpplus10 ] l2mtu=1592 name=Titan-1
set [ find default-name=sfp-sfpplus11 ] l2mtu=1592 name=Titan-2
/interface bonding
add mode=802.3ad name=Backup slaves=BackupL1,BackupL2 transmit-hash-policy=\
    layer-2-and-3
/interface list
add name=WAN
add name=LAN
/ip ipsec proposal
set [ find default=yes ] disabled=yes
/snmp community
set [ find default=yes ] disabled=yes
add addresses=103.219.152.245/32 authentication-protocol=SHA1 \
    encryption-protocol=AES name=Welloe security=authorized
/system logging action
set 0 memory-lines=500
set 1 disk-lines-per-file=500
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
    ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=MGMT pvid=23
add bridge=bridge comment=defconf interface="10G Uplink" pvid=23
add bridge=bridge comment=defconf interface="CLUSTER ATLAS" pvid=23
add bridge=bridge comment=defconf interface="INET ARIANE" pvid=23
add bridge=bridge comment=defconf interface="CLUSTER ARIANE" pvid=23
add bridge=bridge comment=defconf interface="INET ATLAS" pvid=23
add bridge=bridge comment=defconf interface=Antares-1 pvid=23
add bridge=bridge comment=defconf interface=Antares-2 pvid=23
add bridge=bridge comment=defconf interface=Titan-1 pvid=23
add bridge=bridge comment=defconf interface=Titan-2 pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
    "SFP+ Port 12" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
    "SFP+ Port 13" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
    "SFP+ Port 14" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
    "SFP+ Port 15" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
    "SFP+ Port 16" pvid=23
add bridge=bridge interface=Backup pvid=23
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set allow-fast-path=no icmp-rate-limit=0 ip-forward=no route-cache=no \
    secure-redirects=no send-redirects=no
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no forward=no
/interface bridge vlan
add bridge=bridge tagged="10G Uplink" vlan-ids=23
/interface list member
add interface="INET ARIANE" list=LAN
add interface="CLUSTER ARIANE" list=LAN
add interface="INET ATLAS" list=LAN
add interface=BackupL1 list=LAN
add interface=BackupL2 list=LAN
add interface=Antares-1 list=LAN
add interface=Antares-2 list=LAN
add interface=Titan-1 list=LAN
add interface=Titan-2 list=LAN
add interface="SFP+ Port 12" list=LAN
add interface="SFP+ Port 13" list=LAN
add interface="SFP+ Port 14" list=LAN
add interface="SFP+ Port 15" list=LAN
add interface="SFP+ Port 16" list=LAN
add interface=MGMT list=WAN
add interface="10G Uplink" list=LAN
add interface="CLUSTER ATLAS" list=LAN
/ip address
add address=103.219.152.2/24 comment=defconf interface=bridge network=\
    103.219.152.0
/ip dns
set servers=103.219.152.4,103.219.152.6
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 disabled=yes
/ip ipsec settings
set accounting=no
/ip route
add distance=1 gateway=103.219.152.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api-ssl disabled=yes
/ipv6 address
add address=2a09:3c00:1::2 interface=bridge
/ipv6 nd
set [ find default=yes ] disabled=yes
/ipv6 route
add distance=1 gateway=2a09:3c00:1::1
/snmp
set enabled=yes location=Lelystad trap-community=Welloe trap-interfaces=all \
    trap-target=103.219.152.245 trap-version=3
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=cs1.cloudwebservices.network
/system note
set note="This is a private system. It is to be used solely by authorized users \
    and may be monitored for all lawful purposes. By accessing this system, you \
    are consenting to such monitoring."
/system routerboard settings
set boot-os=router-os
Our pingplotter host says that within every minute a packetloss is happening for about 30sec to 1 min. This is frustrating and I hope someone can help me with this matter.

This problem started out of the blue as you can see on example 1. The only odd thing I can see is a lot of failed neighbor entries. Unfortunately, I cannot get torch to have me see the one that is responsible for it.

What I have done already:
  • Rebooted all servers
  • Rebooted router + switch
  • Enabled and disabled again IPv6 ND
  • Enabled and disabled again Route cache, FP & FT
  • Increased IPv6 neighbor Entries limit
  • Cutting the /48 in smaller /64 subnets

edit
I've enabled IGMP/MLD again and the packetloss did reduce, but is still there. Looks like every 1.5 minutes it happens right now.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: GoogleOther [Bot], Shylie and 88 guests