Community discussions

MikroTik App
 
gimmepatiencequickly
newbie
Topic Author
Posts: 35
Joined: Wed Jan 30, 2008 1:00 pm
Location: South Africa

I do not know the Problem, Maybe routing?

Thu Jan 15, 2009 10:52 pm

Hello Guys and Gals,

Ok, so as you can see in the subject I have no idea what I am dealing with here, but let me try to explain.

I have 2 PC's connected to a CPE (CompA and CompB) and obtain IP address from the CPE via DHCP
CPE - RB133/C with lvl 3 License
Ether1 IP - 192.168.0.1/24
WLan1 IP - 10.5.0.253/16
I connect to AP...
AP - RB133 with lvl 4 License
AP IP - 10.5.0.254/16
The access point does not authenticate by default, nor does it forward by default.
CPE WLan1 is on the AP access list with authenticating and forwarding enabled.
I scan the AP from the CPE and can see the AP at -86 Signal strength and get a connection without failure, and log reports having established a connection.
On the registration tab in winbox GUI I can see the AP at -84 Signal strength.
When double clicking on the AP item, on the "general" tab it says - "last IP" 10.5.0.254
I run a ping to IP 10.5.0.254 (Which is the AP) and get 0 timeouts.
I set a ping to sony.com and get 0 timeouts
ok, so I am all set for doing my internet stuff, and here the problems start.

I do not know how else to test it, but I have had this problem before when I have a constant connection to an IP address.
My Girlfriend on CompB connects to our favourite game "World of Warcraft", I connect on CompA to the same game... we both connect to the same server... IP address is 12.129.225.80 (I know this from the torch) and we play for about ten minutes then the latency starts to climb and we eventually get disconnected.
During this time, I am still running a ping to 10.5.0.254(AP) but I am getting timeouts, not net unreachable or anything other than timeouts, am still connected to AP, with the same signal strength as before. The only thing that changes is the "last IP" field on the "General" tab and it changes to 12.129.225.80(World of warcraft server). It is as if 10.5.0.254 no longer exists.
Another test I have done is if my Girlfriend pings 10.254.0.254 (Another router on the network) using a windows comand prompt, the "Last IP" Field also changes (to 10.254.0.254) and I get timeouts in winbox. Another thing that I notice, is that if CompA or CompB goes to another website, like facebook, or whatever, the "Last IP" field also changes, but I get 0 timeouts, because the connection to facebook, or another website is not as constant as something like World of warcraft. The "Last IP" field changes back too quickly for the reply to timeout.

Is there anybody else finding this problem?

Another thing to mention is that it only started doing this a while ago. We have had a geat internet connection for almost a year. It has happened on other CPE's on the network before, but it stopped doing it. Now it is starting to do it again.

Any input as to this problem would be greatly appreciated.
I can give anybody nearly any info as I am also the company's network administrator.

Thank you
Defer not till tomorrow to be wise, tomorrow's sun to thee may never
rise.
--- William Congreve
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: I do not know the Problem, Maybe routing?

Fri Jan 16, 2009 12:46 am

Greetings! I have had almost every problem you can have with one of these. However, I use the command line interface, but if you are at all familiar with winbox, it should not be hard to translate.

There are a couple things you did not mention. I presume the AP connects to the internet over an ethernet port, correct?

There should be a /ip route in both the CPE and AP that have a dst-address=0.0.0.0/0 :
In AP, this should be the gateway=(ip your ISP gave you as a gateway).
In CPE this should be gateway=10.5.0.254 (ip of interface on AP).
Both should show the gateway as reachable ('r' in CLI)

There should be an additional /ip route in AP only:
dst-address=192.168.0.0/24 gateway=10.5.0.253 (ip of interface on CPE)
This lets the AP know how to get the 192.168.0.x ips back to the CPE.

All those in and working?

There should be only one /ip firewall nat srcnat masquerade rule. That is in the AP only. The route above eliminates the need for a srcnat masquerade in the CPE.
 
gimmepatiencequickly
newbie
Topic Author
Posts: 35
Joined: Wed Jan 30, 2008 1:00 pm
Location: South Africa

Re: I do not know the Problem, Maybe routing?

Fri Jan 16, 2009 2:11 pm

First of all SurferTim, Thank you very much for your reply, it has put a few thoughts in my head....
Here we go.
There are a couple things you did not mention. I presume the AP connects to the internet over an ethernet port, correct?
No... the AP(Wlan2) connects to the internet over WLan1(10.4.0.253) using WDS (Point to Point) to one of the wireless backbones. I did not mention that because the problem, in my opinion, is not internet related. It is the connection between CPE and AP, I get the problem.
There should be a /ip route in both the CPE and AP that have a dst-address=0.0.0.0/0 :
In AP, this should be the gateway=(ip your ISP gave you as a gateway).
In CPE this should be gateway=10.5.0.254 (ip of interface on AP).
Both should show the gateway as reachable ('r' in CLI)
Yes. Exactly right and they are 'reachable'
There should be an additional /ip route in AP only:
dst-address=192.168.0.0/24 gateway=10.5.0.253 (ip of interface on CPE)
This lets the AP know how to get the 192.168.0.x ips back to the CPE.

All those in and working?
No, this is not in. The reason being is that there are 4 other clients connecting to the same AP, also with Mikrotik CPEs, and are also getting IPs dynamically from their CPEs using "192.168.0.x". If I was to use this option, they would never have internet. Isn't firewall nat srcnat masquerade, suppose to handle the source/destination of these packets?

Another thing is, it does not happen all the time. For instance.... right now there is no problem with the connection. It only happens occasionaly, and most of the time when there is a constant connection
There should be only one /ip firewall nat srcnat masquerade rule. That is in the AP only. The route above eliminates the need for a srcnat masquerade in the CPE.
Yes
Defer not till tomorrow to be wise, tomorrow's sun to thee may never
rise.
--- William Congreve
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: I do not know the Problem, Maybe routing?

Fri Jan 16, 2009 2:26 pm

If you are using a masquerade on all those local nets individually, that will work, even tho not top performance. But ALL must be masqueraded, or there are duplicate IP subnets on the AP. That would lead to routing challenges.

ADD: So, if that is the case, the answer to the last question should be "no, there is a masquerade in each CPE unit also". In each CPE:
/ip firewall nat add chain=srcnat action=masquerade out-interface=wlan1
This is presuming that wlan1 is the bridge interface back to the AP. If not, translate to the appropriate interface.
Remove the /ip route to the 192.168.0.0/24 network in the AP. That will only cause confusion.

The challenge may be network throttling. Your ISP may be throttling residential connections in favor of the business connections, like mine does. It could be just internet congestion too. Is there any time of day that is worse than others?
 
gimmepatiencequickly
newbie
Topic Author
Posts: 35
Joined: Wed Jan 30, 2008 1:00 pm
Location: South Africa

Re: I do not know the Problem, Maybe routing?

Fri Jan 16, 2009 8:36 pm

Ok, so this is what has been showing on the AP and CPE.

CPE Routes printout:
Flags: B - blackhole, U - unreachable, P - prohibit, X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf 
 #      DST-ADDRESS        PREF-SRC        G GATEWAY         DISTANCE INTERFACE
 0  A S 0.0.0.0/0                          r 10.5.0.254      1        wlan1    
 1  ADC 10.5.0.0/16        10.5.0.253                        0        wlan1    
 2  ADC 192.168.0.0/24     192.168.0.1                       0        ether1   
AP Routes printout
Flags: B - blackhole, U - unreachable, P - prohibit, X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf 
 #      DST-ADDRESS        PREF-SRC        G GATEWAY         DIS INTERFACE      
 0  A S 0.0.0.0/0                          r 10.4.0.254      1   wdsjunkbridge  
 1  ADC 10.4.0.0/16        10.4.0.253                        0   wdsjunkbridge  
 2  ADC 10.5.0.0/16        10.5.0.254                        0   WOWJunkSector1 
 3  ADC 192.168.0.0/24     192.168.0.1                       0   ether2         
 4  A S 192.168.0.233/32                   r 10.5.0.253      1   WOWJunkSector1 
 5  A S 192.168.0.234/32                   r 10.5.0.253      1   WOWJunkSector1 
 6  A S 192.168.0.235/32                   r 10.5.0.253      1   WOWJunkSector1 
 7  A S 192.168.0.236/32                   r 10.5.0.253      1   WOWJunkSector1 
 8  A S 192.168.0.237/32                   r 10.5.0.253      1   WOWJunkSector1 
 9  A S 192.168.0.238/32                   r 10.5.0.253      1   WOWJunkSector1 
10  A S 192.168.0.239/32                   r 10.5.0.253      1   WOWJunkSector1 
The challenge may be network throttling. Your ISP may be throttling residential connections in favor of the business connections, like mine does. It could be just internet congestion too. Is there any time of day that is worse than others?
I am the ISP, I am utilizing full network bandwidth while I have implemented queues for my other clients. The time it gets worse is when I establish a constant connection between two points..... For instance WOW.... it also happens when I try to connect to a windows share on one of my pc's in my office (IP 10.254.0.6) as soon as I type \\10.254.0.6 in windows explorer, I get timeouts in my ping box to my AP. --- once the connection is established the timeouts stop.

Hops to 10.254.0.6 ---

My PC 192.168.0.233 ----- Home
Eth1 192.168.0.1 ------- CPE
Wlan1 10.5.0.253 -------- CPE
APSector 10.5.0.254 -------- AP
WLAN1 10.4.0.253 (WDS LINK) - AP
WLAN3 10.4.0.254 (WDS LINK) - Backbone
ETHER2 10.254.0.254 ---------- Backbone
Office PC 10.254.0.6 ------------ Office

Something else I want to know
If NAT is enabled on my AP, do I need it on my CPE too or on any CPE on the network?
I have just disabled it on my CPE, and I am still connected, I thought that I would lose connection.
And if that is the case..... will I need NAT enabled in my WDS link?

From the internet to my home is the basic setup.

Internet public IP address is XXX.XXX.XXX.XXX (Cisco)
The cisco router eth port set to 192.168.1.1

Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.2.0.254/16 10.2.0.0 10.2.255.255 wlan1
1 10.3.0.254/16 10.3.0.0 10.3.255.255 wlan3
2 192.168.1.5/24 192.168.1.0 192.168.1.255 ether1
3 10.4.0.254/16 10.4.0.0 10.4.255.255 wdsjunkbridge
4 10.254.0.254/16 10.254.0.0 10.254.255.255 ether2

wlan1 ==== AP
wlan3 ==== AP
ether1 === Internet connection ---- NAT is enabled --- chain=srcnat action=masquerade
ether2 === Office PCs
wdsjunkbridge === wds link to 10.4.0.253
and you know the rest

Nat is also enabled on the other router at 10.4.0.253. Same as on the first router.

Summary
3 Routers exist (EXCLUDING CPEs)
1 Cisco router to provide internet connected to first Mikrotik Router
1 Mikrotik Router with NAT enabled connected to Cisco router, to provide one part of town with internet.
1 Mikrotik router with NAT enabled connected to first mikrotik router via WDS and to provide another part of town with internet including myself.

No clients connect to the WDS interfaces... they are connected via grid antennaes in bridge mode.
All CPEs have NAT enabled

I will see how it performs since removing NAT from my CPE

Thank you
Defer not till tomorrow to be wise, tomorrow's sun to thee may never
rise.
--- William Congreve
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: I do not know the Problem, Maybe routing?

Fri Jan 16, 2009 11:03 pm

You have an interface on the AP that is assigned the 192.168.0.0/24 net, so you should masquerade all CPEs as above, or you will have challenges. The masquerade modifies the packets so they will appear to the AP as if they are coming from the CPE ip, rather than each client ip.

Once you do that, you can remove all routes in the AP to the 192.168.0.x addresses EXCEPT 192.168.0.0/24 to ether1.

If the masquerade is not your thing, then you could do the best thing, and assign separate networks to each CPE client interface:
192.168.1.0/24 to the first CPE
192.168.2.0/24 to the second CPE
192,168,3,0/24 to the third CPE
and so on...

I am an ISP too, but my provider bandwidth-throttles me, as I am sure your provider throttles you.
 
gimmepatiencequickly
newbie
Topic Author
Posts: 35
Joined: Wed Jan 30, 2008 1:00 pm
Location: South Africa

Re: I do not know the Problem, Maybe routing?

Sat Jan 17, 2009 1:02 am

I will see what I can do about the masquerading. thank you.

About the network throttle....
My ISP does not throttle anything, However, our telecoms company where we get our DSL line from does do a 75/25% share on DL/UP.
So on a 512k adsl line I will get an upstream of 128, and downstream of 384.
I am using a 1024kb dsl line and sharing it with my clients (Connected Wireless with the mikrotik routers)
Defer not till tomorrow to be wise, tomorrow's sun to thee may never
rise.
--- William Congreve
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: I do not know the Problem, Maybe routing?

Sat Jan 17, 2009 1:17 am

Then your provider has your DSL modem throttled at 1024K (1M). Right now, my two cablemodem providers have me throttled at a total of 22M on three accounts. But 55M total is available if I need more. But that is more money too. So they throttle me back. No thing.

Let me know how the masquerades work. Or the subnet changes, whichever you choose.

Who is online

Users browsing this forum: Joee and 58 guests