I've a long standing issue (1 month) on our IPv6 connection in the datacenter.
Our datacenter says it's something within my router. Which can be possible, but I cannot come up with a solution.
My current configuration is as follows:
Router:
Code: Select all
[admin@cr1.ls1.cloudwebservices.network] > export hide-sensitive
# jun/07/2021 19:35:58 by RouterOS 6.48.3
# software id = CDNB-4WJQ
#
# model = CCR1036-8G-2S+
# serial number = C6CC0B5FEE16
/interface bridge
add fast-forward=no name=Bridge1 priority=0x1000 pvid=23 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
/interface vlan
add interface=sfp-sfpplus1 name=VLAN23 vlan-id=23
/ip ipsec profile
set [ find default=yes ] dh-group=ecp384,ecp521,modp2048,modp1024 \
enc-algorithm=aes-256 hash-algorithm=sha512 prf-algorithm=sha512
/ip ipsec proposal
set [ find default=yes ] disabled=yes
/ip pool
add name=VPN ranges=10.2.0.0/24
/routing bgp instance
set default as=213268 router-id=103.219.152.1
/routing ospf instance
set [ find default=yes ] disabled=yes
/routing ospf-v3 instance
set [ find default=yes ] disabled=yes
/snmp community
set [ find default=yes ] disabled=yes
add addresses=103.219.152.245/32 authentication-protocol=SHA1 \
encryption-protocol=AES name=Welloe security=authorized
/interface bridge port
add bridge=Bridge1 hw=no interface=ether1 pvid=23
add bridge=Bridge1 hw=no interface=sfp-sfpplus2 pvid=23
add bridge=Bridge1 hw=no interface=ether2 pvid=23
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=none protocol=""
/ip settings
set allow-fast-path=no icmp-rate-limit=0 max-neighbor-entries=16384 \
route-cache=no rp-filter=strict secure-redirects=no send-redirects=no
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no
/interface bridge vlan
add bridge=Bridge1 vlan-ids=23
/interface ovpn-server server
set auth=sha1 certificate=Server cipher=aes256 netmask=32 port=443 \
require-client-certificate=yes
/ip accounting web-access
set address=80.61.14.176/32
/ip address
add address=103.219.152.1/24 interface=Bridge1 network=103.219.152.0
add address=103.219.155.10/30 interface=VLAN23 network=103.219.155.8
/ip dns
set servers=103.219.152.4,103.219.152.6
/ip ipsec policy
set 0 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no
/ipv6 address
add address=2a09:3c00:1::1 advertise=no interface=Bridge1
add address=2a06:5b81:0:3:0:20:7083:2 advertise=no interface=VLAN23
add address=2a09:3c00:1:5::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:2::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:3::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:1::1 advertise=no interface=Bridge1
add address=2a09:3c00:1:6::1 advertise=no interface=Bridge1
/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes interface=Bridge1
/ipv6 route
add distance=1 dst-address=2a09:3c00:1::/48 gateway=Bridge1
/lcd
set color-scheme=dark
/lcd pin
set pin-number=2873
/routing bfd interface
set [ find default=yes ] disabled=yes
/routing bgp network
add network=103.219.152.0/24
add network=2a09:3c00:1::/48
/routing bgp peer
add address-families=ip,ipv6 in-filter=IPv4-TO-ISP-IN name=peer1 out-filter=\
IPv4-TO-ISP-OUT remote-address=103.219.155.9 remote-as=207083 ttl=default
add address-families=ip,ipv6 in-filter=IPv6-TO-ISP-IN name=peer2 out-filter=\
IPv6-TO-ISP-OUT remote-address=2a06:5b81:0:3:0:20:7083:1 remote-as=207083 \
ttl=default
/routing filter
add action=accept append-bgp-communities="" bgp-communities="" chain=\
IPv6-TO-ISP-OUT prefix=2a09:3c00:1::/48 set-bgp-communities=""
add action=accept chain=IPv4-TO-ISP-OUT prefix=103.219.152.0/24 \
set-bgp-communities=""
add action=discard chain=IPv6-TO-ISP-IN prefix=3ffe::/16 prefix-length=16-128
add action=discard chain=IPv6-TO-ISP-IN prefix=2a09:3c00:1::/48 prefix-length=\
48-128
add action=discard chain=IPv6-TO-ISP-IN prefix=2001:db8::/32 prefix-length=\
32-128
add action=discard chain=IPv6-TO-ISP-IN prefix=fe00::/9 prefix-length=9-128
add action=discard chain=IPv6-TO-ISP-IN prefix=ff00::/8 prefix-length=8-128
add action=accept chain=IPv6-TO-ISP-IN
add action=discard bgp-communities="" chain=IPv6-TO-ISP-OUT
add action=discard chain=IPv4-TO-ISP-OUT
add action=discard chain=IPv6-TO-ISP-IN prefix=::/8 prefix-length=8-128
add action=discard chain=IPv4-TO-ISP-IN prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=IPv4-TO-ISP-IN prefix=172.16.0.0/12 prefix-length=\
12-32
add action=discard chain=IPv4-TO-ISP-IN prefix=192.168.0.0/16 prefix-length=\
16-32
add action=discard chain=IPv4-TO-ISP-IN prefix=169.254.0.0/16 prefix-length=\
16-32
add action=discard chain=IPv4-TO-ISP-IN prefix=224.0.0.0/3 prefix-length=3-32
add action=discard chain=IPv4-TO-ISP-IN prefix=193.148.248.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=194.124.236.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=193.148.249.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=103.219.152.0/24 prefix-length=\
24-32
add action=discard chain=IPv4-TO-ISP-IN prefix=195.48.40.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=93.158.213.0/24
add action=discard chain=IPv4-TO-ISP-IN prefix=46.148.124.0/24
add action=accept chain=IPv4-TO-ISP-IN
/snmp
set enabled=yes location=Lelystad trap-community=Welloe trap-interfaces=all \
trap-target=103.219.152.245 trap-version=3
Code: Select all
[admin@cs1.cloudwebservices.network] > export hide-sensitive
# jun/07/2021 19:54:28 by RouterOS 6.48.3
# software id = X99Y-Z9ER
#
# model = CRS317-1G-16S+
# serial number = 955C0A6EC453
/interface bridge
add admin-mac=74:4D:28:7B:78:14 auto-mac=no comment=defconf fast-forward=no \
name=bridge priority=0x2000 pvid=23 vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=1592 name="10G Uplink"
set [ find default-name=sfp-sfpplus8 ] l2mtu=1592 name=Antares-1
set [ find default-name=sfp-sfpplus9 ] l2mtu=1592 name=Antares-2
set [ find default-name=sfp-sfpplus6 ] l2mtu=1592 name=BackupL1
set [ find default-name=sfp-sfpplus7 ] l2mtu=1592 name=BackupL2
set [ find default-name=sfp-sfpplus4 ] l2mtu=1592 name="CLUSTER ARIANE"
set [ find default-name=sfp-sfpplus2 ] l2mtu=1592 name="CLUSTER ATLAS"
set [ find default-name=sfp-sfpplus3 ] l2mtu=1592 name="INET ARIANE"
set [ find default-name=sfp-sfpplus5 ] l2mtu=1592 name="INET ATLAS"
set [ find default-name=ether1 ] l2mtu=1592 name=MGMT
set [ find default-name=sfp-sfpplus12 ] disabled=yes l2mtu=1592 name=\
"SFP+ Port 12"
set [ find default-name=sfp-sfpplus13 ] disabled=yes l2mtu=1592 name=\
"SFP+ Port 13"
set [ find default-name=sfp-sfpplus14 ] disabled=yes l2mtu=1592 name=\
"SFP+ Port 14"
set [ find default-name=sfp-sfpplus15 ] disabled=yes l2mtu=1592 name=\
"SFP+ Port 15"
set [ find default-name=sfp-sfpplus16 ] disabled=yes l2mtu=1592 name=\
"SFP+ Port 16"
set [ find default-name=sfp-sfpplus10 ] l2mtu=1592 name=Titan-1
set [ find default-name=sfp-sfpplus11 ] l2mtu=1592 name=Titan-2
/interface bonding
add mode=802.3ad name=Backup slaves=BackupL1,BackupL2 transmit-hash-policy=\
layer-2-and-3
/interface list
add name=WAN
add name=LAN
/ip ipsec proposal
set [ find default=yes ] disabled=yes
/snmp community
set [ find default=yes ] disabled=yes
add addresses=103.219.152.245/32 authentication-protocol=SHA1 \
encryption-protocol=AES name=Welloe security=authorized
/system logging action
set 0 memory-lines=500
set 1 disk-lines-per-file=500
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=MGMT pvid=23
add bridge=bridge comment=defconf interface="10G Uplink" pvid=23
add bridge=bridge comment=defconf interface="CLUSTER ATLAS" pvid=23
add bridge=bridge comment=defconf interface="INET ARIANE" pvid=23
add bridge=bridge comment=defconf interface="CLUSTER ARIANE" pvid=23
add bridge=bridge comment=defconf interface="INET ATLAS" pvid=23
add bridge=bridge comment=defconf interface=Antares-1 pvid=23
add bridge=bridge comment=defconf interface=Antares-2 pvid=23
add bridge=bridge comment=defconf interface=Titan-1 pvid=23
add bridge=bridge comment=defconf interface=Titan-2 pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
"SFP+ Port 12" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
"SFP+ Port 13" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
"SFP+ Port 14" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
"SFP+ Port 15" pvid=23
add bridge=bridge comment=defconf ingress-filtering=yes interface=\
"SFP+ Port 16" pvid=23
add bridge=bridge interface=Backup pvid=23
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set allow-fast-path=no icmp-rate-limit=0 ip-forward=no route-cache=no \
secure-redirects=no send-redirects=no
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no forward=no
/interface bridge vlan
add bridge=bridge tagged="10G Uplink" vlan-ids=23
/interface list member
add interface="INET ARIANE" list=LAN
add interface="CLUSTER ARIANE" list=LAN
add interface="INET ATLAS" list=LAN
add interface=BackupL1 list=LAN
add interface=BackupL2 list=LAN
add interface=Antares-1 list=LAN
add interface=Antares-2 list=LAN
add interface=Titan-1 list=LAN
add interface=Titan-2 list=LAN
add interface="SFP+ Port 12" list=LAN
add interface="SFP+ Port 13" list=LAN
add interface="SFP+ Port 14" list=LAN
add interface="SFP+ Port 15" list=LAN
add interface="SFP+ Port 16" list=LAN
add interface=MGMT list=WAN
add interface="10G Uplink" list=LAN
add interface="CLUSTER ATLAS" list=LAN
/ip address
add address=103.219.152.2/24 comment=defconf interface=bridge network=\
103.219.152.0
/ip dns
set servers=103.219.152.4,103.219.152.6
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 disabled=yes
/ip ipsec settings
set accounting=no
/ip route
add distance=1 gateway=103.219.152.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api-ssl disabled=yes
/ipv6 address
add address=2a09:3c00:1::2 interface=bridge
/ipv6 nd
set [ find default=yes ] disabled=yes
/ipv6 route
add distance=1 gateway=2a09:3c00:1::1
/snmp
set enabled=yes location=Lelystad trap-community=Welloe trap-interfaces=all \
trap-target=103.219.152.245 trap-version=3
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=cs1.cloudwebservices.network
/system note
set note="This is a private system. It is to be used solely by authorized users \
and may be monitored for all lawful purposes. By accessing this system, you \
are consenting to such monitoring."
/system routerboard settings
set boot-os=router-os
This problem started out of the blue as you can see on example 1. The only odd thing I can see is a lot of failed neighbor entries. Unfortunately, I cannot get torch to have me see the one that is responsible for it.
What I have done already:
- Rebooted all servers
- Rebooted router + switch
- Enabled and disabled again IPv6 ND
- Enabled and disabled again Route cache, FP & FT
- Increased IPv6 neighbor Entries limit
- Cutting the /48 in smaller /64 subnets
edit
I've enabled IGMP/MLD again and the packetloss did reduce, but is still there. Looks like every 1.5 minutes it happens right now.