Community discussions

MikroTik App
 
tihovsky
newbie
Topic Author
Posts: 47
Joined: Mon Aug 13, 2012 11:11 pm

Neighbour Discovery

Sat Mar 25, 2023 5:02 pm

IP Neighbours list is fine to identify all connected neighbors, but Mikrotik displays VLAN or VRRP under the interface column and not the actual ethernet port to which particular device is attached as with 7.8.

I might be missing something here but also NetScout attached to the ethernet ports behaves in different manner and doesn't always display the actual port... though sometimes it does and I was not able to figure out in which circumstances this behavior changes.

For neighboring other Mikrotik devices such as CAPs attached to CRS354, their uplink port is displayed which is normally always "ether1" instead of CRS354 neighbour list displaying the actual CRS354 switch port to which CAP device is attached.

I can survive discovering through ARP, ROMON or even port disabling/enabling, but wonder if there is any better way for this?
All three CDP/NDP/LLDP are on.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Neighbour Discovery

Sat Mar 25, 2023 5:17 pm

It using the VLAN or VRRP seems right IMO – the etherX is a slave, so generally it the master that's reported throughout RouterOS.
[...]
I might be missing something here but also NetScout attached to the ethernet ports behaves in different manner and doesn't always display the actual port... though sometimes it does and I was not able to figure out in which circumstances this behavior changes.
[...]
All three CDP/NDP/LLDP are on.
Maybe try CDP or LLDP alone. Possible one does the slave interface while the other uses the master. In V7.8 it should show the the "Discovered" by that also may help.

But how conflict are resolved between CDP v LLDP would be application specific, including /ip/neighbor.

Also there is "interface" and "interface-name", so maybe add that as a column in winbox, those sometime vary.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Neighbour Discovery

Sat Mar 25, 2023 6:53 pm

Not sure of your added complexity, but the idea I have for discovery is to ensure all MT devices can be easily disovered for the purpose of winbox discover.
In that vein they should all get the same IP from the same Base or Management or Trusted Subnet.
That subnet should be listed on a specific purpose interface list.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Neighbour Discovery

Sat Mar 25, 2023 7:11 pm

/ip/neighbor is actually a "two way street" – the Mikrotik broadcast to more than just winbox (which is the MNDP checkbox). The CDP and LLDP are standards. So OP has a little box like a Fluke back in the day, that scan for these protocols, just like winbox but for CDP and LLDP.

But I think the box is seeing "mysteries of the bridge port" e.g. the "CPU one" or the "physical one"...depending on if it's using CDP, or LLDP, and/or which arrives first. Hard to know.
 
tihovsky
newbie
Topic Author
Posts: 47
Joined: Mon Aug 13, 2012 11:11 pm

Re: Neighbour Discovery

Sun Mar 26, 2023 6:42 pm

OK for now I am still waiting to get to the "impossible to find" port, where I would need to test all possibilities in which case I will try documenting them here.

So far I manage through the system of elimination (one way or the other), but with 42 pcs of CRS354-48P-4S+2Q+ to implement and associated number of ports, I might need to get back to your recommendations sooner than later :)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Neighbour Discovery

Sun Mar 26, 2023 7:14 pm

No argument here. Mikrotik should better document the mapping. :). More suggesting/guessing as a result...

e.g. how the "bridge port mysteries" here viewtopic.php?t=173692 get manifested into LLDP and CDP might vary... CDP use "interface-name" while LLDP use "interface".

And on a CRS354, the HW offload status could effect this behavior too.

But yeah getting random results on a something like a diagnostic tool like Netscout doesn't give one the warm fuzzies. But I do think the "impossible port" may be a result of some combo of bridge configuration and/or offload status etc. in configuration, than an actual hardware problem. But I get not wanting to guess/hope ;).
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Neighbour Discovery

Mon Mar 27, 2023 4:21 am

There are many factors involved...

MNDP is encapsulated in a UDP packet with an IP destination of 255.255.255.255 (this network), sent with an ethernet broadcast destination address so is propagated to everything within a layer 2 network.

CDP is encapsulated as LLC/SNAP with an OUI of 0x00000C and protocol ID of 0x2000, sent with an ethernet multicast destination address of 01:00:0C:CC:CC:CC. Cisco devices do not forward this so only see CDP packets from directly connected devices, other manufacturers typically do not treat the destination address as anything special so the CDP packets are propagated to everything within a layer 2 network.

LLDP operates at the interface level. Any packets with a destination address of 01:80:C2:00:00:0x received by an 802.1D-compliant bridge are never forwarded to other interfaces, only the device CPU, so you only see LLDP packets from directly connected devices.

Mikrotik bridges appear to handle LLDP correctly unless protocol-mode is set to none which disables compliant operation.

MNDP and CDP packets which are received directly by the CPU from the bridge identify the correct interface, I believe this is due the ingress interface being noted internally for bridged.

The main issue appears to be where tagged packets from the bridge-to-CPU interface pass through an /interface vlan to remove the tag and present the traffic to the CPU, I suspect the internal noting of the ingress interface is lost causing neighbours to use the vlan name as the real interface is no longer available.
 
tihovsky
newbie
Topic Author
Posts: 47
Joined: Mon Aug 13, 2012 11:11 pm

Re: Neighbour Discovery

Thu May 18, 2023 12:30 am

Thank you all for help on this.

As an update, disabling MNDP on all edge switches stopped LinkRunner to identify and display wrong ports ... which was the main concern.
NetAlly LinkRunner AT is on the latest FW version so no options there to upgrade or change to what I investigated.
I hope this helps others with this same issue.

Now, unfortunately disabling MNDP makes Winbox detection of connected Mikrotiks also not to work.
But that's survivable considering all switches are in production and as a bypass I assigned same fixed IPs to the management ports of all edge switches.
Plus console port can also be used if required in case of such emergencies, just easier with a regular network port.

That's besides all of them of course having the network management IP in the management VLAN which is normally used through the net when everything is in order.

Who is online

Users browsing this forum: Bing [Bot], onnyloh, rplant and 40 guests