Community discussions

MikroTik App
 
conjurer
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

WDS bridge traffic bug/problem

Fri Mar 26, 2010 11:24 am

I have many of setups like this:
RB411AH AP bridge (static wds) <--> few Nanostation 5 (Station wds)
Network topology is one big lan, with many mikrotik bridges (i know it is not the best solution).

Sometimes TX speed to all wds stations jumps to 3.1 Megabits or more. When i run torch on ether1, i can see that trafic is generated by one ip, that is not from this link, but from other multipoint link, or even from lan. Usualy it is udp traffic.

Do anyone has this kind of problem? I have it in may places, about 2-3 times a mounth.
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: WDS bridge traffic bug/problem

Sun Mar 28, 2010 4:31 pm

Sounds "normal" to me. That what happens with a bridged network.

Put simply, if the system was based on a correct routing model the traffic would just go to where it should go and no where else, but as it is all bridged, traffic can end up going to the wrong interface. I see the same thing on another medium sized WISP I now manage. Someone else built it, but it is all bridged, every now and again an ether interface at the tower gets high levels of traffic from another radio which is not supposed to end up there as all traffic should be internet bound not internal.
I have planned a replacement network based on a fully routed system, but there are a lot of changes to make and all clients need to be connected 24/7! So it will take some time yet before we see this "traffic going the wrong way" stop and then the WISP can grow, at the moment they really can't put that many more clients on the system, which thus reduces revenue potential. Catch 22.

As you say, it mostly happens with UDP traffic, but have also seen TCP too. If you always get the same IP range incorrectly hitting an interface then I suppose you could "fix" this with a firewall rule to drop that IP from getting into that particular invalid interface?
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
 
fe4r
newbie
Posts: 34
Joined: Mon Feb 25, 2008 7:02 pm

Re: WDS bridge traffic bug/problem

Wed Apr 07, 2010 5:10 pm

hi..i have the same problem "nest" described. My netwrok is just bridged and i have so many lost and stops.

For a little big network, we can say about 100 routerboard and 2000 clients, what is the better way to configure this network?

thanks
 
sharkboy
newbie
Posts: 35
Joined: Sun Mar 01, 2009 1:08 am

Re: WDS bridge traffic bug/problem

Wed Apr 07, 2010 7:14 pm

Hi
I have many of setups like this:
RB411AH AP bridge (static wds) <--> few Nanostation 5 (Station wds)
Network topology is one big lan, with many mikrotik bridges (i know it is not the best solution).
I posted something like this about a day ago and got no proper replies ! ! ! !

Are you using 1 or 2 radio cards in each access point ? From what i have learned it would be best to use
routed not bridged if you are using 2 cards !

I am having the same problem but with only 1 radio on each acess point ? Nobody has come forward with a proper
answer as to routing for a wds slave with only 1 radio. I didnt get an answer if each ap has a bridge from wan to lan would this cause extra traffic or extra bridging ?

I never got an answer to problem of 1 AP which registers 6 AP's if this would cause a bandwidth problem ?

I have 10 AP's all with 1 radio card and using wds slave and ping times like 1500ms for the last station but 5ms ping from the first ? ?

Sorry to hijak your thread but at least you got some answers and an idea of the problem.

There a lot of very smart people on this forum. Maybe we are asking questions too stupid for them to answer ?

Keep updating here if you can because i think there are bugs in the wds ? ? ? If i come up with any answers i will let you know !
I am onsite tomorrow but i still have no ideas if the station which registers 6 wds points is causing main problem or help on how to make them only register nearest AP ?

Good luck ! ! ! ! !
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: WDS bridge traffic bug/problem

Wed Apr 07, 2010 7:38 pm

Maybe we are asking questions too stupid for them to answer ?
My reasons for not answering every single stupid question?

1. I am a qualified Mikrotik Consultant and Mikrotik Trainer - please explain why I should give away all the answers I know for free? Can I tell my bank every month, no worries about your bank loan, I gave some free advice on a MT Forum instead of charging for all my hard work setting up an identical setup on my Routerboards and coming up with an answer as to why some setup does not work. So, I now have no money to pay you with as I spent all my time doing that for free, but that's OK as I helped some stupid questions get answered? So now I have made one guy happy he has a solution and I end up with no house. Yeah - great idea!

2. As "time is money", why should I waste that time trying to understand what the heck someone is trying to explain? Sometimes I have asked again and again for more detailed information and all I got in return was more complaints that I am not helping with a solution. For free. So after a few messages with the original poster not actually doing what I have asked them to do, I give up. I simply don't have the time or the patience to deal with people who cannot read the wiki, read the manual or even how to google!

3. Some questions are so stupid I get tired reading them and on principle refuse to even bother replying to them. "I want to build a WISP using only Mikrotik equipment, please can someone list all the bits I need and also explain how to set it all up? Thanks." - Oh, come on!

4. I have a family. I prefer to spend my free time with them than sitting in front of my computer answering stupid questions!

Enough reasons?
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
 
fe4r
newbie
Posts: 34
Joined: Mon Feb 25, 2008 7:02 pm

Re: WDS bridge traffic bug/problem

Wed Apr 07, 2010 7:52 pm

nest,

can you pass your email to contact you?

thanks
 
sharkboy
newbie
Posts: 35
Joined: Sun Mar 01, 2009 1:08 am

Re: WDS bridge traffic bug/problem

Wed Apr 07, 2010 8:12 pm

Maybe we are asking questions too stupid for them to answer ?
My reasons for not answering every single stupid question?

1. I am a qualified Mikrotik Consultant and Mikrotik Trainer - please explain why I should give away all the answers I know for free? Can I tell my bank every month, no worries about your bank loan, I gave some free advice on a MT Forum instead of charging for all my hard work setting up an identical setup on my Routerboards and coming up with an answer as to why some setup does not work. So, I now have no money to pay you with as I spent all my time doing that for free, but that's OK as I helped some stupid questions get answered? So now I have made one guy happy he has a solution and I end up with no house. Yeah - great idea!

2. As "time is money", why should I waste that time trying to understand what the heck someone is trying to explain? Sometimes I have asked again and again for more detailed information and all I got in return was more complaints that I am not helping with a solution. For free. So after a few messages with the original poster not actually doing what I have asked them to do, I give up. I simply don't have the time or the patience to deal with people who cannot read the wiki, read the manual or even how to google!

3. Some questions are so stupid I get tired reading them and on principle refuse to even bother replying to them. "I want to build a WISP using only Mikrotik equipment, please can someone list all the bits I need and also explain how to set it all up? Thanks." - Oh, come on!

4. I have a family. I prefer to spend my free time with them than sitting in front of my computer answering stupid questions!

Enough reasons?
OK i understand your frustrations. I wasnt directly asking you as a member more just pointing out my frustrations at this board. As i said there are some very smart members out there and i do include you in this list as i see you respond to a lot of problems.

I have a house aswell, and a family . I even have a van too. Yes these wont get paid by answering questions on this board.

So far i have learned mikrok from scratch by myself ! From finding out how to login up to reconfiguring and replacing radio cards and basic testing. I even had to figure out how to access the unknown password by using some web tools. I even had to learn some linux commands to sort this out.

So after i read all the wikis and instructions and after reading probably every post in this forum I did not think it was a big problem to ask a few questions ?

From what i can tell there are no answers to my questions either in the manual or on the board. Even google cant give me any help.

I would have no problems studying an online certification for this but I cant find one. There are no local classes. China is a bit far !

I was not looking for an easy fix ! I dont mind what extra work i have to do.

As you quoted earlier about giving away the answers ! I would like to think that you know the answers !

Can you/anyone even help by answering if my questions are stupid ? I would take it as a valid answer ?

Maybe there is something i have missed ? Actually after this sort of reply I feel like i missed the whole thing ?

Cheers
-------------------------------------------------------
No insults were indended in the creation of this message !
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: WDS bridge traffic bug/problem

Wed Apr 07, 2010 8:56 pm

nest,

can you pass your email to contact you?

thanks
Sure - It's at the bottom of every one of my posts. ;-) Click and you will be directed to our email link and phone number.
No insults were indended in the creation of this message !
None taken. :-) With your question, the time to gain more information to the point where I have an answer and solution is more than I can provide for free. "Such is life". Sometimes, the fastest way is for a consultant to be given a VPN and/or "read" account to your network so we can have a look around and see where the problem is. If you are happy for me to have those details, and you are happy to wait until I have free time available, so there is no guarantee when it will be fixed, contact me direct. If you are in a hurry and need a fast answer, then the price goes up from free to something a little higher! :-)

I also believe that using this Forum is a difficult road for Consultants like myself. I am not happy to openly and aggressively advertise my services on here. It would be very easy (and stupid) to post into every message, "contact me, I will fix your problem". There is always the possibility that someone on the MT Staff gets upset and think we are turning this into a portal for our services, rather than it being an open and free resource where we all try to help each other out.
Like you, I also learnt by reading and playing with the system. But eventually there came a time when I needed more formal training. MT Staff did this before various MUM meetings and attending an official training course or the MUM is an excellent way to meet other people who have had the same problems or have possibly already found an answer. Also the wealth of knowledge and experience of the MT Staff is invaluable.
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
 
conjurer
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: WDS bridge traffic bug/problem

Wed Apr 21, 2010 11:51 am

Flamers...
First of all i don't care who answers the question. I just was searching for people who had same problem, and maybe the have solved it some other way than routing.
Nest: your free help for other forum members is not wasting of time, it is free way to advertise your services.
 
changeip
Forum Guru
Forum Guru
Posts: 3818
Joined: Fri May 28, 2004 5:22 pm

Re: WDS bridge traffic bug/problem

Wed Apr 21, 2010 6:57 pm

i have a friend with a network thats a large bridge. it ended up being a big problem when a customer puts the default gateway IP on their own equipment : ) or they duplicate IP addresses. or someone malicious just puts your default gateways MAC address on their equipment and now they can get all traffic close to them. write some scripts to monitor your ARP tables and bridge hosts table... and perform IP scans to see who is assigned the wrong things.
Colo and Wholesale Bandwidth Available! Sales at SanDiegoBroadband dot com
 
User avatar
znet
Member Candidate
Member Candidate
Posts: 134
Joined: Mon Jul 24, 2006 8:07 pm
Location: Houston, Texas

Re: WDS bridge traffic bug/problem

Mon Apr 26, 2010 8:49 pm

Nest,
I too get inane questions via means even other than this forum. I set a few personal rules.
1) If I can answer a question with one simple reply, mainly because the person overlooked something simple and obvious, I will try. It usually gets a very positive thankyou response. Better for Karma I guess.
2) I think its the 'general' guestions that keep us from answering. 'What is the best polarization?'---The one that works best...

MT knows, as all of us do, there is no RTFM in this environment.

It isnt great marketing, but to keep the 'cowboys' from deploying wireless networks, potentially giving wireless a bad name, you better be able to explain how a wireless network works, how a wired network works (how does a packet know where to get where it wants to go?), layer 2, and IP routing works before you place your order. Ya wonder why the noise floor keeps increasing.....Getting more cynical as the number of devices scanned and snopped overfills my lists at an alarming rate.

For the sake of reducing the verbosity that could ensue, back to the thread, ya have to know what interface to torch, and what interface to graph traffic in a bridged environment. Think Layer2 when viewing when you think you are seeing something you shouldnt. Layer2 dont need no stinkin IPs, nor does it care about them. Therin lies the answer to the original question..................
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 820
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: WDS bridge traffic bug/problem

Mon Apr 26, 2010 11:27 pm

Nest,
I too get inane questions via means even other than this forum.
Yes, I get direct emails from people who have clearly taken every single email address on the consultants page and BCC'ed the same list of long questions to us all. I now just answer them all with my standard sheet of consultancy fees and explain I don't give my time for free.

I never hear from these guys again, I guess because some other consultant had many hours of free time to devote to providing an answer. But, yes, I agree that if the question is a small simple one, I answer for free as it makes little difference if the question comes here on the forum or by private email.

I only had one problem and that was with someone who kept asking me to plan his entire WISP network, with full and complete details and a full list of every part he needed, before he would pay me to supply him with the parts. Despite repeated requests for him to give me money before I designed his system, he still sent more and more angry emails with stronger and stronger words and anger that I was the person with the problem and why would I not help him with his "simple" request. I also tried to explain to him that I was not a distributor, only consultant. But he still did not get the message. He even complained to Mikrotik that I was being unhelpful, but when they read the emails, they agreed with me.

Each of his emails indicated that the size of the project was worth even more and more money to me, if I just stopped by stupid block to help him for free. Eventually I got a very nasty email telling me he was never going to do any business with me ever again and that I had just lost out on a multi-million dollar order. Yeah, right!

I can't believe I am the only one to get such idiot correspondence?
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
 
conjurer
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: WDS bridge traffic bug/problem

Mon May 03, 2010 6:07 pm

I have ended up in writing firewall whitelist for those links.
Do anyone knows what do "WDS Default cost" and "WDS Cost Range" does? I couldn't find info about those.
And please stop the flame war.
 
rmichael
Forum Veteran
Forum Veteran
Posts: 718
Joined: Sun Mar 08, 2009 11:00 pm

Re: WDS bridge traffic bug/problem

Tue May 04, 2010 2:37 am

Use wds-default-cost and wds-cost-range wireless interface parameters for controlling the metric that is used in the routing protocol. The WDS cost will be used as path-cost for ports dynamically added to the mesh interface.
above is from: http://wiki.mikrotik.com/wiki/Manual:Interface/HWMPplus

hints on how to filter bridged traffic can be found towards the end:

Q. How to control or filter mesh traffic?
A. At the moment the only way is to use bridge firewall. Create a bridge interface, put the WDS interfaces and/or Ethernets in that bridge, and put that bridge in a mesh interface. Then configure bridge firewall rules.

To match MAC protocol used for mesh traffic encapsulation, use MAC protocol number 0x9AAA, and to mathc mesh routing tafffic, use MAC protocol number 0x9AAB. Example:

interface bridge settings set use-ip-firewall=yes
interface bridge filter add chain=input action=log mac-protocol=0x9aaa
interface bridge filter add chain=input action=log mac-protocol=0x9aab
Note that it is perfectly possible to create mixed mesh/bridge setups that will not work (e.g. Problematic example 1 with bridge instead of switch). The recommended fail-safe way that will always work is to create a separate bridge interface per each physical interfaces; then add all these bridge interfaces as mesh ports.

Who is online

Users browsing this forum: No registered users and 37 guests