Community discussions

MikroTik App
 
laimis17
just joined
Topic Author
Posts: 3
Joined: Sun Sep 27, 2015 10:53 pm

after enabling VRRP router acting as a hub

Sun Sep 12, 2021 3:41 pm

I stumbled upon this because of bad network performance.
And i saw unrelated packets on host 192.168.88.2(eth4) that originate from neighbour ports(eth2 192.168.88.4, eth8 connected to another routerboard) on same bridge.
Here's the sample from 192.168.88.2
15:46:26.798433 IP 192.168.88.4.54339 > 185.61.148.21.80: Flags [P.], seq 0:329, ack 1, win 4096, length 329: HTTP: GET /ann?uk=TetNtDODr1&info_hash=%c3%9eKV%bbrN%f2%ef%7d%de%5c%89%a9%b2a3%b0X%c8&peer_id=-TR2940-qr6p0kisx8xs&port=57089&uploaded=0&downloaded=0&left=160110220&numwant=80&key=2afb77a&compact=1&supportcrypto=1 HTTP/1.1
15:46:26.838213 IP 192.168.88.4.54339 > 185.61.148.21.80: Flags [.], ack 275, win 4091, length 0
15:46:27.838419 IP 192.168.88.4.54339 > 185.61.148.21.80: Flags [.], ack 276, win 4096, length 0
15:46:29.079469 IP 192.168.88.4.49745 > 139.162.170.32.443: Flags [.], ack 204, win 2047, options [nop,nop,TS val 3506410765 ecr 1749940151], length 0
15:46:29.112922 IP 192.168.88.53.50512 > 123.123.123.123.80: Flags [S], seq 4181977127, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 139356523 ecr 0,sackOK,eol], length 0
15:46:29.114192 IP 192.168.88.53.50513 > 123.123.123.123.80: Flags [S], seq 386624822, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 139356524 ecr 0,sackOK,eol], length 0
15:46:33.660917 IP 192.168.88.4.54339 > 185.61.148.21.80: Flags [F.], seq 329, ack 276, win 4096, length 0
15:46:33.661429 IP 192.168.88.4.54346 > 185.61.148.21.80: Flags [S], seq 2852553346, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3506415331 ecr 0,sackOK,eol], length 0
15:46:33.666981 IP 192.168.88.4.54346 > 185.61.148.21.80: Flags [.], ack 4271347856, win 4096, length 0
After router restart it takes about 3-4 minutes for this to happen again.

I have CCR1009-8G-1S-S+PC v6.47.10
I has single bridge1
interface bridge
add ether-type=0x88a8 name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 disabled=yes interface=ether1-white-penki trusted=yes
add bridge=bridge1 interface=ether2-yellow
add bridge=bridge1 interface=ether3-orange-earth
add bridge=bridge1 interface=ether4-red-caldigit
add bridge=bridge1 interface=ether5-ping-nvidia-shield
add bridge=bridge1 hw=no interface=ether6-green-apc
add bridge=bridge1 interface=ether7-blue-mercury
add bridge=bridge1 interface=ether8-violet-poe
add bridge=bridge1 hw=no interface=sfp-sfpplus1
add bridge=bridge1 hw=no interface=sfp1
/interface bridge vlan
add bridge=bridge1 tagged=ether1-white-penki vlan-ids=3
add bridge=bridge1 comment=init tagged=ether8-violet-poe vlan-ids=2
I use VRRP to router/gateway interface HA.
After enabling VRRP configuration on bridge1 i can see all the traffic designated for this router(internet traffic) on any bridge port.
/interface vrrp export 
/interface vrrp
add disabled=yes interface=bridge1 name=vrrp1 priority=254
There are no port mirrors
/interface ethernet switch export 
# sep/12/2021 14:36:01 by RouterOS 6.47.10
# software id = Z9HT-LMPN
#
# model = CCR1009-8G-1S-1S+
/interface ethernet switch vlan
add disabled=yes ports=ether1-white-penki,ether2-yellow,ether3-orange-earth,ether4-red-caldigit switch=switch1 vlan-id=2
add disabled=yes ports=ether1-white-penki,ether2-yellow,switch1-cpu switch=switch1 vlan-id=1
add disabled=yes ports=ether1-white-penki,ether2-yellow switch=switch1 vlan-id=3
Disabling VRRP interface solves the problem.
Any ideas ?

Who is online

Users browsing this forum: No registered users and 69 guests