Community discussions

MUM Europe 2020
 
katit
newbie
Topic Author
Posts: 32
Joined: Wed May 13, 2015 6:01 am

Strange IP addresses. Need clarification

Thu May 14, 2015 8:09 pm

I'm not really TCP/IP savvy, just know enought o be dangerous. With consumer routers I have no issues whatsoever, but with Mikrotik I'm getting exposed to "too much information" and I'm getting curious what it is!

I set router using "Quick Set". I have static IP from provider.

Data from Provider:
StaticIP: x.x.x.130
Gateway: x.x.x.134
Mask: 255.255.255.248

1. What is "ARP List"? It shows 2. Why are they shown and what do I do with it? Do I understand it's devices from below?
x.x.x.129 (this is address of my other/old router)
x.x.x.134 (this is address of provider's box/modem)

2. Under "Addresses" I have one (interface1-gateway) x.x.x.130/29 but there is field "Network" and it's populated with x.x.x.128. Where this .128 came from? I did not enter it. It's not on any of my specs. System auto-populated it and I'm not sure what it means.

3. This one is completely weird. I use L2TP/IPSec to connect from my computer. When I establish connection I see new entry in "Address List"
Address: 192.168.89.1 <= This IP or even .89 is not known to me. I have no clue where it comes from.
Network: 192.168.33.207 <= This IP is from vpn pool, and this is address given to client. But on client side (Windows) address above 192.168.89.1 listed as DNS Server (Along with 8.8.8.8 which is my first DNS server on MikroTik side)

Lot of information, but I really like to learn what it means and where it comes from
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Strange IP addresses. Need clarification

Thu May 14, 2015 11:24 pm

1. What is "ARP List"? It shows 2. Why are they shown and what do I do with it? Do I understand it's devices from below?
x.x.x.129 (this is address of my other/old router)
x.x.x.134 (this is address of provider's box/modem)

Ethernet devices have a unique "hardcoded" 48 bit address called a MAC address. It's the address which ethernet cards actually use when talking to each other (not the IP address). ARP is a protocol where the IP protocol can discover which MAC address is associated with which IP address. So your Mikrotik is x.x.x.130. If it needs to send a packet to the Internet, it knows the gateway to the Internet is x.x.x.134, so in order to put this packet on the wire, the router's ethernet card needs to know what MAC address on the LAN it should send the packet to, so the Mikrotik first sends an ARP request.

ARP is a broadcast frame (ethernet uses frames, not packets) and so every ethernet device on that network will receive a copy. Most will see that the ARP request is not for their IP address, so they will ignore the request. The default router, though, will see that the ARP is for x.x.x.134 which is in fact its IP address, so it will answer with its MAC address. This reply is directed to the MAC address that sent it. So if your mikrotik is 00:01:02:0a:0b:0c, and the router is 00:02:04:0d:0e:0f, then the ARP reply is going to be sent from 00:02:04:0d:0e:0f, to 00:01:02:0a:0b:0c, with the reply that 00:02:04:0d:0e:0f is the MAC address for x.x.x.134.

In order to cut down on this noisy chatty arp broadcasting, devices will cache the answers. That's what the "ARP List" is. It's the list of ARP answers. As long as the desired IP address is in the list, the Mikrotik won't send an ARP, it will just use that MAC address when sending packets to that IP address.

In windows, you see this same information by opening a cmd prompt, and typing the command: "arp -a" (without the quotes)

The reason you don't see ARP information for every address on the internet is that the MAC addresses can only talk to local devices. When your ISP's router forwards the packet onward towards the final destination, your MAC address gets replaced with the ISP's MAC address as the source, and the ISP's next gateway's MAC address becomes the MAC address on the packet. The IP address of your router and the IP address of the destination host do not change, though.
That's how the packet is able to get all the way across the Internet.
2. Under "Addresses" I have one (interface1-gateway) x.x.x.130/29 but there is field "Network" and it's populated with x.x.x.128. Where this .128 came from? I did not enter it. It's not on any of my specs. System auto-populated it and I'm not sure what it means.
IP subnets must fall on power-of-two borders. So when you have an IP address x.x.x.130/29 - by the way IP is designed, this means that it is a host in a network whose IP addresses range from x.x.x.128 to x.x.x.135
The 128 is reserved to mean "the entire network" so that's why you can't use that as an address on a host when you have the /29 subnet mask. Also - x.x.x.135 is the broadcast address for this network, so you can't use that for a host either. This is why you have "six usable addresses" for x.x.x.128/29

3. This one is completely weird. I use L2TP/IPSec to connect from my computer. When I establish connection I see new entry in "Address List"
Address: 192.168.89.1 <= This IP or even .89 is not known to me. I have no clue where it comes from.
Network: 192.168.33.207 <= This IP is from vpn pool, and this is address given to client. But on client side (Windows) address above 192.168.89.1 listed as DNS Server (Along with 8.8.8.8 which is my first DNS server on MikroTik side)

Lot of information, but I really like to learn what it means and where it comes from
Look in the PPP profiles / secrets for your VPN account. Chances are, you'll see that 192.168.89.1 is set as the "local address" The "network" being the remote host of the L2TP connection is standard for Mikrotik, but it seems weird to me. I guess that's how the routing table is updated. It appears that the L2TP service is also configured to assign itself as a DNS server for the clients that connect. (or else your windows client is just using the L2TP server by default)

VPNs assign dns so that the remote users can access servers / services from the office by hostname just as they would when physically present at the office.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
katit
newbie
Topic Author
Posts: 32
Joined: Wed May 13, 2015 6:01 am

Re: Strange IP addresses. Need clarification

Thu May 14, 2015 11:52 pm

Wow! Thanks a lot for so detailed response!

For Q1 - I kind of knew most of the stuff except for what ARP is. But now it's clear! So, it's sort of like DNS caching on router

For Q2 - I guess thats also a reason why companies sell 5 static IPs at a time. In this case they gave me range 129-133 and 134 is a gateway making it 6 addresses. If you can explain in short what "broadcast address(135)" means I will appreciate it. If not - thats ok. I already have TCP/IP book coming :)

For Q3 - Yes, indeed it's under profiles (default-encryption). But I swear I did not put it in there. I suspect it's some kind of hardcoded value Mikrotik QuickSet uses? This QuickSet is a source of frustration for me, at least in VPN area. It enables pptp with hardcoded user and I had to go around and clean..
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Strange IP addresses. Need clarification

Fri May 15, 2015 12:14 am

Wow! Thanks a lot for so detailed response!
No problem. It's nice when some posts "I want to learn" and not "someone please spoon feed me a very complicated configuration, and do it in 5 minutes or I hate you for being lazy!"
For Q1 - I kind of knew most of the stuff except for what ARP is. But now it's clear! So, it's sort of like DNS caching on router
eeeehhhhh.... the arp CACHE is like that. The arp process could be considered analogous, I suppose... IP->MAC is a 1:1 mapping. You can have multiple IPs map to the same MAC (this is what happens whenever you put multiple IP addresses on a server or a router or something) but NOT multiple MACs for the same IP. DNS is a little more flexible, and it's based on human-readable strings where ARP maps one binary address to another binary address.
For Q2 - I guess thats also a reason why companies sell 5 static IPs at a time. In this case they gave me range 129-133 and 134 is a gateway making it 6 addresses. If you can explain in short what "broadcast address(135)" means I will appreciate it. If not - thats ok. I already have TCP/IP book coming :)
Yeah - they sell it as 5 because their router has to be one of the 6 usable. The /29 block covers 8 addresses.
Broadcast is when the same packet is forwarded to ALL hosts on the network in a single transmission. Switches duplicate the broadcast to every port on the network. All devices see it's a broadcast, and accept the packet for processing. ARP is a broadcast (but it's an ethernet broadcast where the MAC is ff:ff:ff:ff:ff:ff) - IP broadcasts include things like "where's the DHCP server?" or old school windows networking where a host will broadcast "Hostname ROFLCOPTER, what's your IP?" If you ping the broadcast address, you'll get replies from all hosts on the IP network that don't mind replying to a broadcast address. (interestingly, this behavior used to be common and was exploited as a DOS attack called a Smurf attack.)

For Q3 - Yes, indeed it's under profiles (default-encryption). But I swear I did not put it in there. I suspect it's some kind of hardcoded value Mikrotik QuickSet uses? This QuickSet is a source of frustration for me, at least in VPN area. It enables pptp with hardcoded user and I had to go around and clean..
You'll quickly move away from quickset. I've screwed up my router with it a few times back when it was new and I was playing with it because it was interesting. It's a fair approximation of the configuration screens for a basic SOHO router. Once you start getting things the way you like them, you're not going to want wizards running around your configuration and changing everything.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
katit
newbie
Topic Author
Posts: 32
Joined: Wed May 13, 2015 6:01 am

Re: Strange IP addresses. Need clarification

Fri May 15, 2015 12:23 am

You'll quickly move away from quickset. I've screwed up my router with it a few times back when it was new and I was playing with it because it was interesting. It's a fair approximation of the configuration screens for a basic SOHO router. Once you start getting things the way you like them, you're not going to want wizards running around your configuration and changing everything.
Yes, I already noticed that. As developer I understand what happened and why, but it is frustrating. I already had to reset router once.

And.. It seems like VPN I setup is not necessary going to work. Right now it's just a router and me connecting to it via VPN. It works, but there is nothing else to do so it seems like it is OK. I'm sure I need to understand more in order to understand how to properly configure NAT and other stuff..

Seeing possibilities I already want to get another Mikrotik for home to connect to my office VPN "permanently"

Who is online

Users browsing this forum: MSN [Bot] and 29 guests