Community discussions

MikroTik App
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

unknown on vrf interfaces

Mon Jan 30, 2023 6:44 pm

Hello I would need to create a script to delete the interfaces is known when disconnecting from it indeed after a certain time there are a lot of unknowns in interface and I would like to develop a daily script to delete this value useless I have tried several approaches but I can't manage to simply delete an element inside


/ip route vrf remove [ /ip route vrf find interfaces="FTTH_PPPoE"]

/ip route vrf set number=0 do{remove interfaces="FTTH_PPPoE"}

I attached a screenshot to show what it looks like. Thank you very much for your help I've been looking for a while I can't find a solution to this problem
You do not have the required permissions to view the files attached to this post.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Mon Feb 06, 2023 3:29 pm

I want to clarify that unknown that appears in the VRF listing are created when a link drops with the script up down in a VRF profile to include a link in a VRF when it goes up. I'm just looking for a script that could daily purge its errors attempts to create a script that realizes are unsuccessful. I need a little helping hand.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: unknown on vrf interfaces

Mon Feb 06, 2023 3:36 pm

Adding dynamic items in the static config is not a good idea.
v7 solves this problem by using interface lists.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Mon Feb 06, 2023 3:45 pm

Thanks in advance for this answer but the problem is that I cannot for the moment pass on version 7 and I would simply like to try to find a script for network temporarily this concern...

I would simply have liked to find a script which deletes the entries which do not correspond to anything and which goes up as unknown in ip route VRF and this cyclically every day at midnight this would have made it possible to solve the problem temporarily

Is there anything I could fix in my code to avoid this problem if not?

Here is the script i use in up and down :
up
:local localAddr $"local-address"
:local remoteAddr $"remote-address"
:local callerId $"caller-id"
:local calledId $"called-id"
:local routes $"routes"
:local routes $"routes"
:local interfaceName [/interface get $interface name]
:local calledRealm PI-VRF-4G
:local vrfId [/ip route vrf find where routing-mark=$calledRealm]
/ip route vrf print terse file=($calledRealm."Members") where routing-mark=$calledRealm
:local actualVrfIfs [/file get ($calledRealm."Members") contents] ;
:local actualExistentIfs [:pick $actualVrfIfs ([:find $actualVrfIfs "interfaces=" ]+11) ([:find $actualVrfIfs "route-distinguisher=" ]-1)]
/ip route vrf set $vrfId interfaces="$actualExistentIfs,$interfaceName"
:log info "$user (srcIp=$callerId, dstIp=$calledId) connected: was given $remoteAddr IP (GW $localAddr) and routes $routes and assigned to $interfaceName interface in VRF $calledRealm"
/file set ($calledRealm."Members") contents=""
/ip route vrf print terse file=($calledRealm."Members") where routing-mark=$calledRealm

down
:local localAddr $"local-address"
:local remoteAddr $"remote-address"
:local callerId $"caller-id"
:local calledId $"called-id"
:local interfaceName [/interface get $interface name]
:local calledRealm PI-VRF-4G:local vrfId [/ip route vrf find where routing-mark=$calledRealm]
:delay 2
/ip route vrf print terse file=($calledRealm."CleanUpMembersSec") where routing-mark=$calledRealm
:local cleanUpVrfIfsSec [/file get ($calledRealm."CleanUpMembersSec") contents] ;
:local cleanUpExistentIfsSec ([:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec "interfaces=" ]+11) ([:find $cleanUpVrfIfsSec F00 ] -2)]. \
[:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec F00 ] + 6) ([:find $cleanUpVrfIfsSec "route-distinguisher=" ]-1)])
:put $cleanUpExistentIfsSec
/ip route vrf set $vrfId interfaces="$cleanUpExistentIfsSec"
/file set ($calledRealm."CleanUpMembersSec") contents=""
/file set ($calledRealm."Members") contents=""
/ip route vrf print terse file=($calledRealm."Members") where routing-mark=$calledRealm
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: unknown on vrf interfaces

Mon Feb 06, 2023 3:51 pm

Changing config in the VRF will flap the VRF. Instead I would suggest to add static entries for each l2tp user in /interface l2tp_server and use that for VRF config, instead of adding dynamic entries and then trying to deal with the consequences via scripts.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Mon Feb 06, 2023 6:41 pm

The problem is that I use this technique with a LAC and LNS can I apply l2tp_server in static with this technique? If so how do I do with the secrets?

https://help.mikrotik.com/docs/display/ ... sco+as+LAC
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: unknown on vrf interfaces

Tue Feb 07, 2023 5:40 am

Adding dynamic items in the static config is not a good idea.
v7 solves this problem by using interface lists.
how the issue has been solved in v7?
As far as i know if the dynamic interface disappear, will also affect in to interface lists.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Tue Feb 07, 2023 9:40 am

I confess that I don't understand either. I would just simply look for a script you would look like this:

/ip route vrf remove [ /ip route vrf find interfaces="unknow"]

or

/ip route vrf set number=0 do{remove interfaces="unknow"}

so as to simply purge errors periodically..
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: unknown on vrf interfaces

Tue Feb 07, 2023 2:56 pm

Adding dynamic items in the static config is not a good idea.
v7 solves this problem by using interface lists.
how the issue has been solved in v7?
As far as i know if the dynamic interface disappear, will also affect in to interface lists.
There are different methods to add interfaces to interface lists dynamically, for ppp it is interface-list parameter in the ppp profile.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Tue Feb 07, 2023 4:07 pm

so you are advised not to use the script that I mentioned a little earlier in the subject and to use another function to automatically integrate the links when it goes up in the right VRF?
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Tue Feb 07, 2023 9:50 pm

I do not understand the script that is inserted in script down in the profile will have to remove the ppp interface in /ip route vrf. I made a description of what the script should do but I think there is something in it that is not working properly because the remaining error should no longer be present when the script applies. I put you the script in question if you have an idea I'm interested.
This script is used by dozens of operators in France with whom I am a partner and whose solution we are looking for.
Script down in profil :


:local localAddr $"local-address"
:local remoteAddr $"remote-address"
:local callerId $"caller-id"
:local calledId $"called-id"
:local interfaceName [/interface get $interface name]
:local calledRealm PI-VRF-4G:local vrfId [/ip route vrf find where routing-mark=$calledRealm]
:delay 2
/ip route vrf print terse file=($calledRealm."CleanUpMembersSec") where routing-mark=$calledRealm
:local cleanUpVrfIfsSec [/file get ($calledRealm."CleanUpMembersSec") contents] ;
:local cleanUpExistentIfsSec ([:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec "interfaces=" ]+11) ([:find $cleanUpVrfIfsSec F00 ] -2)]. \
[:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec F00 ] + 6) ([:find $cleanUpVrfIfsSec "route-distinguisher=" ]-1)])
:put $cleanUpExistentIfsSec
/ip route vrf set $vrfId interfaces="$cleanUpExistentIfsSec"
/file set ($calledRealm."CleanUpMembersSec") contents=""
/file set ($calledRealm."Members") contents=""
/ip route vrf print terse file=($calledRealm."Members") where routing-mark=$calledRealm


This Mikrotik script runs on a Mikrotik router and performs the following actions:

Defining variables: The script defines several local variables to store information such as local address, remote address, caller ID, callee ID, interface name, name of the called reality and the identifier of the VRF (Virtual Routing and Forwarding).

Retrieving information about VRF interfaces: The script uses the "/ip route vrf print terse" command to retrieve information about the current interfaces in the called VRF. The results are saved in a file called "CleanUpMembersSec".

Modification of VRF interfaces: The script uses the "/ip route vrf set" command to define the interfaces associated with the called VRF. The script extracts information about VRF interfaces from the "CleanUpMembersSec" file.

File update: The script uses the "/file set" command to dump the files that contain the VRF interface information.

Basically, this script changes the interfaces associated with the called VRF by removing all information about previous VRF interfaces.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Tue Feb 07, 2023 10:03 pm

There seems to be an error in this script that is preventing the correct removal of VRF interface information.

The following line:

:local cleanUpExistentIfsSec ([:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec "interfaces=" ]+11) ([:find $cleanUpVrfIfsSec F00 ] -2)]. \
[:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec F00 ] + 6) ([:find $cleanUpVrfIfsSec "route-distinguisher=" ]-1)])

uses "F00" to search for a string in the cleanUpVrfIfsSec variable, but "F00" is likely not a valid value in the string. This can cause an error in the script and prevent the correct removal of VRF interface information.

It would be advisable to change "F00" to a valid value or find another method to extract the necessary information from the VRF interfaces.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Tue Feb 07, 2023 11:24 pm

Otherwise I'm thinking of removing the "unknown" interface from the VRF route list, using the following code but I'm not sure:
:local vrfId [/ip route vrf find where routing-mark=PI-VRF-4G];
/ip route vrf print terse where routing-mark=PI-VRF-4G
:local vrfRoutes [/ip route vrf print where routing-mark=PI-VRF-4G];
:local vrfRouteCount [:len $vrfRoutes];
:local removedRoute 0;
:for i from=0 to=($vrfRouteCount - 1) do={
:local route [:pick $vrfRoutes $i];
:if ([:find $route "unknown"] >= 0) do={
/ip route vrf remove $route;
:set removedRoute 1;
}
}
:if ($removedRoute = 0) do={
:log info "No unknown routes found in VRF PI-VRF-4G";
} else={
:log info "Removed unknown routes from VRF PI-VRF-4G";
}
This code first finds the VRF ID named "PI-VRF-4G", then prints the full list of VRF routes. It then loops through each route and uses the "/ip route vrf remove" command to remove any routes that contain the word "unknown". Finally, the code sends an informational message to logging to indicate whether or not a route has been deleted.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: unknown on vrf interfaces

Wed Feb 08, 2023 12:36 am

There are different methods to add interfaces to interface lists dynamically, for ppp it is interface-list parameter in the ppp profile.

that is fine, but that is not something new in v7, alredy was exsrigin in v6
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: unknown on vrf interfaces

Wed Feb 08, 2023 11:04 am

v6 does not allow to set interface list in vrf config, v7 does and solves all the problems with dynamic interfaces and vrfs
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: unknown on vrf interfaces

Wed Feb 08, 2023 11:19 am

Thanks a lot mrz
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Wed Feb 08, 2023 2:07 pm

Ok so if I understood correctly no longer need to use the up script and the down script in profile to automatically add or remove a PPP session from a VRF with V7

Ok for that but I allow myself to insist because we cannot yet switch to V7 and we are stuck on V6 the script that I wrote a little above can it clean the errors that appear in VRF where is the on down profile script needs to be patched to properly remove its entries? I speak on behalf of several integrators who have the same problem and who are stuck like me...
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: unknown on vrf interfaces

Thu Feb 09, 2023 12:44 am

if u use dynamic interface in VRF on v6.
Obviously u need to make them statically , but also in ppp --> profiler - make sure that u got selected only-one=yes.

In case if the session established will be assigned as static, and will work perfectly.
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Thu Feb 09, 2023 12:07 pm

so according to your technique I have to put the same name that I use of a secret PPP in a new L2TP server binding interface and then add this L2TP server binding interface in the VRF?

If I understood correctly using this technique no longer need to use the up and down script in the profile?

I attached a screenshot
You do not have the required permissions to view the files attached to this post.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: unknown on vrf interfaces

Fri Feb 10, 2023 2:13 am

correct , no need script.
As long as u put statically (v6) with only-one=yes, will work fine
 
fredericpi
just joined
Topic Author
Posts: 18
Joined: Mon Jan 30, 2023 6:38 pm

Re: unknown on vrf interfaces

Mon Feb 13, 2023 5:32 pm

hello thank you for your answer I can confirm that after a few days of testing it works perfectly it's wonderful ! you have made a lot of people happy.

Without abusing your kindness, do you know how to recover a comment from a secret transformed into a variable for a log info?
Something like:
:log info "$secretComment is connected"
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: unknown on vrf interfaces

Thu Sep 07, 2023 6:16 pm

There are different methods to add interfaces to interface lists dynamically, for ppp it is interface-list parameter in the ppp profile.
.
so parameter "interface-list" is a hot candidate to become a mikrotik-radius-attribute ! ... isn't it ?
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: unknown on vrf interfaces

Thu Sep 07, 2023 6:35 pm

uses "F00" to search for a string in the cleanUpVrfIfsSec variable, but "F00" is likely not a valid value in the string. This can cause an error in the script and prevent the correct removal of VRF interface information.
.
It would be advisable to change "F00" to a valid value or find another method to extract the necessary information from the VRF interfaces.
.
after dial-out the dynamic interface leaves a residue beginning with "*F00..." ... in winbox this is displayed as "unknown"
.
[:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec *F00 ] + 6)
this part of the ppp-down-script picks it up to write a new list of actual interfaces and possible (dial-in-user-)dynamic-interfaces without the residue
to make it possible that multiple user can be dialed-in to the vrf without killing each other, when the ppp-down cleanup script runs.
.
this is not foolproof and is not nice ... a radius-attribute like "mikrotik-vrf" or "mikrotik-if-list" would be very helpfull to achieve a dynamic vrf-dial-in ... it may or may not come ... one day
.
PS: the residue starts with *F00 ... I had to edit this comment ... it's a while since I've worked on the scripts
Last edited by floaty on Fri Sep 08, 2023 11:30 pm, edited 1 time in total.
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: unknown on vrf interfaces

Fri Sep 08, 2023 10:52 pm

Changing config in the VRF will flap the VRF. Instead I would suggest to add static entries for each l2tp user in /interface l2tp_server and use that for VRF config, instead of adding dynamic entries and then trying to deal with the consequences via scripts.
.
v6 does not allow to set interface list in vrf config, v7 does and solves all the problems with dynamic interfaces and vrfs
.
maybe it is possible to elaborate the topic a little ... dynamic is a nice word ... how can I achieve dynamic, when the source of the dynamic is a radius-server ?
.
a local static user-mapping can't be the solution ... maybe I do not see the tree in the forrest here ?!
.
for instance what does that mean ( in the way ... what consequences )? :
Changing config in the VRF will flap the VRF
.
maybe it's also the opportunity to de-mystify the *F00hex "thing" which leaves the code on the system ... and in the config (if a user [by hand] or a script is not able to remove it) ... ?
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: unknown on vrf interfaces

Sat Sep 09, 2023 12:18 am

There seems to be an error in this script that is preventing the correct removal of VRF interface information.

The following line:

:local cleanUpExistentIfsSec ([:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec "interfaces=" ]+11) ([:find $cleanUpVrfIfsSec F00 ] -2)]. \
[:pick $cleanUpVrfIfsSec ([:find $cleanUpVrfIfsSec F00 ] + 6) ([:find $cleanUpVrfIfsSec "route-distinguisher=" ]-1)])

uses "F00" to search for a string in the cleanUpVrfIfsSec variable, but "F00" is likely not a valid value in the string. This can cause an error in the script and prevent the correct removal of VRF interface information.

It would be advisable to change "F00" to a valid value or find another method to extract the necessary information from the VRF interfaces.
...
[:find $cleanUpVrfIfsSec F00 ] -2)]
...
sorry this was just a bad idea and this is bad code ... used the -2 to avoid the '*' in '*F00...' ... could'nt help myself back then : ) ... I am sorry ¯\_(ツ)_/¯
.
... must be something else in your setup ... but it should work ... running in production for the last 4,5 years :shock: : )
.
better to use regex for these kind of "solutions" ... in the future )*
.
*) which may ... or not may ... begins here : )
viewtopic.php?p=1024259&hilit=pppoe+vrf#p1024259

Who is online

Users browsing this forum: ko00000000001, mtest001 and 28 guests