Community discussions

MikroTik App
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3094
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

No traffic over interface

Tue Apr 27, 2010 4:17 am

I have a rb1000 with three public interfaces, eth2, eth3 and eth4.

eth3 and eth4 (as dhcp-client) connect to adsl modems without default route add. ADSL modems are natted routers.
In mangle traffic is route marked and in routing table traffic routes out with routing mark classifier to either eth3 or 4 (upon what is needed.) I set only OfficeNet IP for marking to route out to eth2.
eth2 is connected to Cisco router from symmetric 4Mb/4Mb line provider with fixed IP address and full /24 network IP for users.

So I am working on ´live´ network router.

Now, eth2 connects to this Cisco box but no traffic flows.
MT interface status shows "link ok" and "running" on every different setting I can try (Speed 10M, 100M or 1Gbps, Auto Neg disable/enabled, Full Duplex disabled/enabled. All options and combinations tried)

According line owner their stuff works fine and I should connect with 10Mbp and Auto Negotiation disabled.
They monitor their connected interface and see my interface going on- and off-line all the time.
I monitor my interface and see only a continuous little data stream (winbox/ interface/ Traffic speeds 512bps to 2,0kbps) on the Rx and occasional some bps on the Tx.
If I run torch on the interface only now and then some outgoing traffic between the two interface is seen.

The IP of the cisco is gateway in my attached router (policy routing, two other routes for adsl work fine) and check gateway is enabled. Gateway is "reachable" only for some time. Sometimes for an hour! But then is drops and only comes back after disabling and re-enabling the route. Usually it drops after 30sec to some minutes.

If I ping from that same router to the Cisco box I cannot ping it.
If I run a IP scan in tools on the interface the Cisco interface is found with its IP xxx.xxx.92.1 and mac address. So their interface is up and running.
The mac address is add in the ARP table dynamically but I tried fixed here as well.

If I run sniffer on that interface (headers only disabled) I see only arp protocol packages coming from the Cisco. Further nothing. Not during a ping, not during a browsing attempt....

I double checked ISP IP and subnet, 255.255.255.0 or /24

/ip address
add address=10.50.50.1/29 broadcast=10.50.50.7 comment="" disabled=no \
interface=Local network=10.50.50.0
add address=xx.xxx.92.254/24 broadcast=xx.xxx.92.255 comment="" disabled=no \
interface=public1 network=xx.xxx.92.0

/ip route
add check-gateway=ping comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=xx.xxx.92.1 \
routing-mark=GW1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.5.1 routing-mark=GW3 scope=30 \
target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.4.1 routing-mark=GW2 scope=30 \
target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=10.10.4.1,10.10.5.1 routing-mark=GW1+2 \
scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xx.xxx.92.1 scope=30 \
target-scope=10
add check-gateway=ping comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=10.10.4.1 scope=30 \
target-scope=10
add check-gateway=ping comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=10.10.5.1 scope=30 \

****default routes are disabled. Tried them enabled but no difference*****

/ip route rule
add action=lookup comment="" disabled=no dst-address=0.0.0.0/0 src-address=0.0.0.0/0 table=main

/ip firewall mangle
add action=mark-routing chain=prerouting comment="OfficeNet traffic get routing mark GW1" disabled=no \
new-routing-mark=GW1 passthrough=no src-address=192.168.5.7
add action=mark-routing chain=prerouting comment="Client network get routing mark GW2" disabled=no \
new-routing-mark=GW3 passthrough=no src-address=172.25.50.0/24
add action=mark-routing chain=prerouting comment="" disabled=no new-routing-mark=GW3 passthrough=no \
src-address=172.25.53.0/24
add action=mark-routing chain=prerouting comment="" disabled=no new-routing-mark=GW3 passthrough=no \
src-address=172.25.55.0/24
add action=mark-routing chain=prerouting comment="" disabled=no new-routing-mark=GW2 passthrough=no

/ip firewall nat
add action=src-nat chain=srcnat comment="" disabled=no out-interface=public1 src-address=192.168.5.0/24 \
to-addresses=xx.xxx.92.254
add action=masquerade chain=srcnat comment="" disabled=no out-interface=public2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=public3

Before last weekend had same problem. So I put yet another rb (600) in-between the Cisco and rb1000 to have a very simple and clean setup on that rb600. Made the ether interface of the rb1000 dhcp-client of this rb600 attached interface.
Set same settings in rb600 as above, but only for this specific connection and connected box to Cisco. After some changes of cables, rebooting equipment it worked then for some hours. The moment I touched the scr-nat to put netmap in instead of masquerade lost all connectivity. Rolled back but no more luck. After some hours gave up and went for a break. Came back hours later, disabled and re-enabled the WAN interface of the rb600 (with src-nat = masqurade) and suddenly it worked! I could use it for more then 24 hours!
This morning I copied the settings from the rb600 into the rb1000 again because it should be able to do the same on its own..... well NOT!
Rebooted all units again several times, changed every possible src-nat, ARP entry, interface setting etc., the rb1000 just don't want to communicate over that interface.
But the interface and torch on it show some little outgoing traffic at times while sniffer only shows ARP protocol packages coming in.....

I don't know what is going on. I tried this with another rb1000 running ROS v5beta while this one is running Rosv4.6.
rb600 was running v4.5.

I am puzzled, the provider's tech just respond "It is your problem, ours is working perfect"

Anybody ANY suggestion?

I pay a lot of money for this line and when it worked this weekend it was very good.
Now I am relying back on two adsl lines doing the work which is costing 20% of this one. But here I lack upload capacity (VOIP etc) so need that symmetric line.
Why the hell is it not working!
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: No traffic over interface

Tue Apr 27, 2010 6:49 am

When you're continually seeing ARP resolve attempts from the Cisco router hitting your interface, are you seeing ARP replies from your router go back? If their router can't resolve .254 to the MAC address on your eth2 interface return traffic isn't going to make it. What ARP mode are you running on eth2?

Who is online

Users browsing this forum: akakua, Factor, niddhog and 125 guests