Re: [AFMUG] Mikrotik OSPF weirdness
Very true, no flap - no gap :) On 8/29/2016 8:40 AM, Dennis Burgess wrote: I have a network with 140 or so OSPF routers, around 1k routes without issues. Its not the number of routes, nor the qty of routers, its how much breaks talk etc. The network is very reliable and static for the most part, so OSPF don’t chatter too much at all. Thanks, *_Dennis Burgess_**– **Network Engineer/Consutant* MikroTik Certified Trianer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE Cambium ePMP Certified, Telrad Certified, Cisco CCNA WISPA – Wireless Internet Service Providers Assoication – Director For Wireless Hardware/Routers visit www.linktechs.net <http://www.linktechs.net/> RF Mapping: www.towercoverage.com <http://www.towercoverage.com/> Office: 314-735-0270 dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> *From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *Paul Stewart *Sent:* Saturday, August 27, 2016 10:53 AM *To:* af@afmug.com *Subject:* Re: [AFMUG] Mikrotik OSPF weirdness Very common deployment model … typically in larger networks. Having said that, and as someone else mentioned I believe, folks often feel that OSFP can’t “scale” at all and begin feeling somewhat “forced” into OSPF for LB/P2P and iBGP for routes as soon as they get 10,20,30 routers in their network and perhaps a couple of hundred subnets. This is simply not typical and OSPF can be much larger in scale before performance is impacted significantly *From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *Jesse DuPont *Sent:* August 26, 2016 12:04 AM *To:* af@afmug.com <mailto:af@afmug.com> *Subject:* Re: [AFMUG] Mikrotik OSPF weirdness Right, PTP and loopback prefixes are distributed with OSPF (and possibly management subnets for radios) and "access" network prefixes (customer-facing) are distributed via iBGP. I have two of my routers configured as BGP route reflectors and all other routers peer with only these two; this solves the full mesh and provides redundancy. *_Jesse DuPont_* Network Architect email: jesse.dup...@celeritycorp.net <mailto:jesse.dup...@celeritycorp.net> Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 8:40 PM, David Milholen wrote: He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> *From: *"Bruce Robertson" <br...@pooh.com> <mailto:br...@pooh.com> *To: *af@afmug.com <mailto:af@afmug.com> *Sent: *Thursday, August 25, 2016 6:28:43 PM *Subject: *Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the o
Re: [AFMUG] Mikrotik OSPF weirdness
I have a network with 140 or so OSPF routers, around 1k routes without issues. Its not the number of routes, nor the qty of routers, its how much breaks talk etc. The network is very reliable and static for the most part, so OSPF don’t chatter too much at all. Thanks, Dennis Burgess – Network Engineer/Consutant MikroTik Certified Trianer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE Cambium ePMP Certified, Telrad Certified, Cisco CCNA WISPA – Wireless Internet Service Providers Assoication – Director For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> RF Mapping: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart Sent: Saturday, August 27, 2016 10:53 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness Very common deployment model … typically in larger networks. Having said that, and as someone else mentioned I believe, folks often feel that OSFP can’t “scale” at all and begin feeling somewhat “forced” into OSPF for LB/P2P and iBGP for routes as soon as they get 10,20,30 routers in their network and perhaps a couple of hundred subnets. This is simply not typical and OSPF can be much larger in scale before performance is impacted significantly From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jesse DuPont Sent: August 26, 2016 12:04 AM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik OSPF weirdness Right, PTP and loopback prefixes are distributed with OSPF (and possibly management subnets for radios) and "access" network prefixes (customer-facing) are distributed via iBGP. I have two of my routers configured as BGP route reflectors and all other routers peer with only these two; this solves the full mesh and provides redundancy. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net<mailto:jesse.dup...@celeritycorp.net> Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband [cid:image003.png@01D201D0.FC29AA20] On 8/25/16 8:40 PM, David Milholen wrote: He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions<http://www.ics-il.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL> Midwest Internet Exchange<http://www.midwest-ix.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix> The Brothers WISP<http://www.thebrotherswisp.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png] <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> From: "Bruce Robertson" <br...@pooh.com><mailto:br...@pooh.com> To: af@afmug.com<mailto:af@afmug.com> Sent: Thursday, August 25, 2016 6:28:43 PM Subject: Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie ro
Re: [AFMUG] Mikrotik OSPF weirdness
And if you get that big, it’s not clear everything needs to be in one area. From: Paul Stewart Sent: Saturday, August 27, 2016 10:52 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness Very common deployment model … typically in larger networks. Having said that, and as someone else mentioned I believe, folks often feel that OSFP can’t “scale” at all and begin feeling somewhat “forced” into OSPF for LB/P2P and iBGP for routes as soon as they get 10,20,30 routers in their network and perhaps a couple of hundred subnets. This is simply not typical and OSPF can be much larger in scale before performance is impacted significantly From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jesse DuPont Sent: August 26, 2016 12:04 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness Right, PTP and loopback prefixes are distributed with OSPF (and possibly management subnets for radios) and "access" network prefixes (customer-facing) are distributed via iBGP. I have two of my routers configured as BGP route reflectors and all other routers peer with only these two; this solves the full mesh and provides redundancy. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 8:40 PM, David Milholen wrote: He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Bruce Robertson" mailto:br...@pooh.com To: af@afmug.com Sent: Thursday, August 25, 2016 6:28:43 PM Subject: Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request time
Re: [AFMUG] Mikrotik OSPF weirdness
Very common deployment model … typically in larger networks. Having said that, and as someone else mentioned I believe, folks often feel that OSFP can’t “scale” at all and begin feeling somewhat “forced” into OSPF for LB/P2P and iBGP for routes as soon as they get 10,20,30 routers in their network and perhaps a couple of hundred subnets. This is simply not typical and OSPF can be much larger in scale before performance is impacted significantly From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jesse DuPont Sent: August 26, 2016 12:04 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness Right, PTP and loopback prefixes are distributed with OSPF (and possibly management subnets for radios) and "access" network prefixes (customer-facing) are distributed via iBGP. I have two of my routers configured as BGP route reflectors and all other routers peer with only these two; this solves the full mesh and provides redundancy. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net <mailto:jesse.dup...@celeritycorp.net> Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 8:40 PM, David Milholen wrote: He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett <http://www.ics-il.com/> Intelligent Computing Solutions <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> <http://www.midwest-ix.com/> Midwest Internet Exchange <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> <http://www.thebrotherswisp.com/> The Brothers WISP <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> _ From: "Bruce Robertson" <mailto:br...@pooh.com> <br...@pooh.com> To: af@afmug.com <mailto:af@afmug.com> Sent: Thursday, August 25, 2016 6:28:43 PM Subject: Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users
Re: [AFMUG] Mikrotik OSPF weirdness
Never! I can't think of a single need for such a thing. No reason you can't use private address space. On 08/26/2016 04:58 AM, David Milholen wrote: Are these two reflectors edge facing ? On 8/25/2016 11:54 PM, Bruce Robertson wrote: Route reflectors. On 08/25/2016 07:30 PM, Faisal Imtiaz wrote: Interesting proposition How to do you manage the ibgp mesh requirement ? Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net *From: *"Bruce Robertson" <br...@pooh.com> *To: *af@afmug.com *Sent: *Thursday, August 25, 2016 7:28:42 PM *Subject: *Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users\netadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. �
Re: [AFMUG] Mikrotik OSPF weirdness
Are these two reflectors edge facing ? On 8/25/2016 11:54 PM, Bruce Robertson wrote: Route reflectors. On 08/25/2016 07:30 PM, Faisal Imtiaz wrote: Interesting proposition How to do you manage the ibgp mesh requirement ? Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net *From: *"Bruce Robertson" <br...@pooh.com> *To: *af@afmug.com *Sent: *Thursday, August 25, 2016 7:28:42 PM *Subject: *Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users\netadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. � Any pointers are where to start troubleshooting next? !DSPAM:2,57bfa9b9213521526810955! --
Re: [AFMUG] Mikrotik OSPF weirdness
Ah, okay. access via iBGP, infrastructure, management, etc. via OSPF. Got it. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Jesse DuPont" <jesse.dup...@celeritycorp.net> To: af@afmug.com Sent: Thursday, August 25, 2016 11:03:58 PM Subject: Re: [AFMUG] Mikrotik OSPF weirdness Right, PTP and loopback prefixes are distributed with OSPF (and possibly management subnets for radios) and "access" network prefixes (customer-facing) are distributed via iBGP. I have two of my routers configured as BGP route reflectors and all other routers peer with only these two; this solves the full mesh and provides redundancy. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com / celeritynetworksllc Like us! facebook.com /celeritybroadband On 8/25/16 8:40 PM, David Milholen wrote: He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Bruce Robertson" <br...@pooh.com> To: af@afmug.com Sent: Thursday, August 25, 2016 6:28:43 PM Subject: Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users\netadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall..
Re: [AFMUG] Mikrotik OSPF weirdness
Yes, sorry. You have to include the /32 loopbacks and the /30 (or whatever) PTP links between routers. Or if you have a bunch of routers connected by one broadcast domain, you can use OSPF on that. On 08/25/2016 07:40 PM, David Milholen wrote: He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> *From: *"Bruce Robertson" <br...@pooh.com> *To: *af@afmug.com *Sent: *Thursday, August 25, 2016 6:28:43 PM *Subject: *Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users\netadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain f
Re: [AFMUG] Mikrotik OSPF weirdness
Route reflectors. On 08/25/2016 07:30 PM, Faisal Imtiaz wrote: Interesting proposition How to do you manage the ibgp mesh requirement ? Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net *From: *"Bruce Robertson" <br...@pooh.com> *To: *af@afmug.com *Sent: *Thursday, August 25, 2016 7:28:42 PM *Subject: *Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users\netadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. � Any pointers are where to start troubleshooting next? !DSPAM:2,57bfa9b9213521526810955!
Re: [AFMUG] Mikrotik OSPF weirdness
Right, PTP and loopback prefixes are distributed with OSPF (and possibly management subnets for radios) and "access" network prefixes (customer-facing) are distributed via iBGP. I have two of my routers configured as BGP route reflectors and all other routers peer with only these two; this solves the full mesh and provides redundancy. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 8:40 PM, David Milholen wrote: He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Bruce Robertson" <br...@pooh.com> To: af@afmug.com Sent: Thursday, August 25, 2016 6:28:43 PM Subject: Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing
Re: [AFMUG] Mikrotik OSPF weirdness
He may have meant only have the ptp and loopback addresses listed in networks On 8/25/2016 9:31 PM, Mike Hammett wrote: I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> *From: *"Bruce Robertson" <br...@pooh.com> *To: *af@afmug.com *Sent: *Thursday, August 25, 2016 6:28:43 PM *Subject: *Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users\netadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. � Any pointers are where to start troubleshooting next? !DSPAM:2,57bf295962076342819562! --
Re: [AFMUG] Mikrotik OSPF weirdness
I've heard this concept a few times now. I'm not sure how only using OSPF for the loopbacks works. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Bruce Robertson" <br...@pooh.com> To: af@afmug.com Sent: Thursday, August 25, 2016 6:28:43 PM Subject: Re: [AFMUG] Mikrotik OSPF weirdness I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users\netadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users\netadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. � Any pointers are where to start troubleshooting next? !DSPAM:2,57bf295962076342819562!
Re: [AFMUG] Mikrotik OSPF weirdness
Interesting proposition How to do you manage the ibgp mesh requirement ? Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "Bruce Robertson" <br...@pooh.com> > To: af@afmug.com > Sent: Thursday, August 25, 2016 7:28:42 PM > Subject: Re: [AFMUG] Mikrotik OSPF weirdness > I've said it before, and been argued with... this is one of many reasons why > you > use iBGP to distribute {customer, dynamic pool, server subnets, anything} > routes, and use OSPF *only* to distribute router loopback addresses.� All > your weird OSPF problems will go away.� My apologies if I'm misunderstanding > the problem, but my point still stands. > On 08/25/2016 10:22 AM, Robert Haas wrote: >> Alright, this problem has raised it head again on my network since I started >> to >> renumber some PPPoE pools. >> Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 >> pool). >> Customer can�t surf and I can�t ping them from my office: >> � >> [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � >> [Hayti >> Router] � [customer] >> � >> A traceroute from my office dies @ the Bernie router but I am not getting any >> type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest >> unreachable etc � just blackholes after my office router. >> A traceroute from the Customer to the office again dies at the Bernie router >> with no type of response. >> � >> Checking the routing table on the Bernie router shows a valid route pointing >> to >> the Braggcity router. It is also in the OSPF LSA�s. >> -- >> Another customer gets x.x.x.207/32 and has no issue at all. >> � >> -- >> Force the original customer to a new ip address of x.x.x.205/32 and the >> service >> starts working again. >> � >> -- >> � >> Now � even though there is no valid route to x.x.x.208/32 in the routing >> table >> � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I >> should be getting a Destination host unreachable from the Bernie router. >> � >> This is correct the correct response .206 is not being used and there is no >> route to it: >> C:\Users\netadmin>ping x.x.x.206 >> � >> Pinging x.x.x.206 with 32 bytes of data: >> Reply from y.y.y.1: Destination host unreachable. >> Reply from y.y.y.1: Destination host unreachable. >> � >> Ping statistics for x.x.x.206: >> ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), >> � >> C:\Users\netadmin>tracert 74.91.65.206 >> � >> Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] >> over a maximum of 30 hops: >> � >> � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z >> � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com >> [y.y.y.1] >> � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host >> unreachable. >> � >> Trace complete. >> � >> This is what I see to x.x.x.208 even though it is not being used and there >> is no >> route to it. >> C:\Users\netadmin>ping x.x.x.208 >> � >> Pinging x.x.x.208 with 32 bytes of data: >> Request timed out. >> Request timed out. >> � >> Ping statistics for x.x.x.208: >> ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), >> � >> C:\Users\netadmin>tracert x.x.x.208 >> � >> Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] >> over a maximum of 30 hops: >> � >> � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z >> � 2���� *������� *������� *���� >> Request timed out. >> � 3���� *������� *���� ^C >> � >> -- >> � >> I�ve verified there is no firewall that would affect the traffic � I even >> put an accept rule in the forward chain for both the source and destination >> of >> x.x.x.208 and neither increment at all. So the traffic is not even making out >> of the routing flow and into the firewall.. >> � >> Any pointers are where to start troubleshooting next? >> !DSPAM:2,57bf295962076342819562!
Re: [AFMUG] Mikrotik OSPF weirdness
Regardless of the culprit, the cause of this will be a misconfiguration of some kind and likely not even with OSPF. OSPF is not weird, nor does it behave badly; it merely reacts to conditions based on a predetermined set of algorithms which are very well documented and implemented, especially for IPv4. OSPF builds a FIB and based on that FIB, it modifies the route table. Both of those are correct in this case. All that said, I fully embrace the model you laid it and have been using it for some time. It makes perfect sense to me to use a non-link-state protocol to distribute prefixes that are not based on the state of a link. Now, if we can just get Mikrotik to work out the next-hop recursive resolution issue so we can use BGP to distribute v6 prefixes... Get Outlook for Android On Thu, Aug 25, 2016 at 5:28 PM -0600, "Bruce Robertson"wrote: I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses.� All your weird OSPF problems will go away.� My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: � [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] � A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. � Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. � -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. � -- � Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. � This is correct the correct response .206 is not being used and there is no route to it: C:\Users etadmin>ping x.x.x.206 � Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. � Ping statistics for x.x.x.206: ��� Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), � C:\Users etadmin>tracert 74.91.65.206 � Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 7 ms� z.z.z.z � 2���� 6 ms���� 6 ms���� 6 ms� y.bpsnetworks.com [y.y.y.1] � 3� y.bpsnetworks.com [y.y.y.1] �reports: Destination host unreachable. � Trace complete. � This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users etadmin>ping x.x.x.208 � Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. � Ping statistics for x.x.x.208: ��� Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), � C:\Users etadmin>tracert x.x.x.208 � Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: � � 1���� 6 ms���� 6 ms���� 6 ms� z.z.z.z � 2���� *������� *������� *���� Request timed out. � 3���� *������� *���� ^C � -- � I�ve verified there is no
Re: [AFMUG] Mikrotik OSPF weirdness
I've said it before, and been argued with... this is one of many reasons why you use iBGP to distribute {customer, dynamic pool, server subnets, anything} routes, and use OSPF *only* to distribute router loopback addresses. All your weird OSPF problems will go away. My apologies if I'm misunderstanding the problem, but my point still stands. On 08/25/2016 10:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can�t surf and I can�t ping them from my office: [office] � [Bernie Router] � [Braggcity Router] � [Ross Router] � [Hayti Router] � [customer] A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc � just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA�s. -- Another customer gets x.x.x.207/32 and has no issue at all. -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. -- Now � even though there is no valid route to x.x.x.208/32 in the routing table � traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. Ping statistics for x.x.x.206: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), C:\Users\netadmin>tracert 74.91.65.206 Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: 1 6 ms 6 ms 7 ms z.z.z.z 2 6 ms 6 ms 6 ms y.bpsnetworks.com [y.y.y.1] 3 y.bpsnetworks.com [y.y.y.1] reports: Destination host unreachable. Trace complete. This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. Ping statistics for x.x.x.208: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), C:\Users\netadmin>tracert x.x.x.208 Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: 1 6 ms 6 ms 6 ms z.z.z.z 2 *** Request timed out. 3 ** ^C -- I�ve verified there is no firewall that would affect the traffic � I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. Any pointers are where to start troubleshooting next? !DSPAM:2,57bf295962076342819562!
Re: [AFMUG] Mikrotik OSPF weirdness
Probably not relevant to your problem, but where we blackhole route a block for a tower PPPoE pool, we also put in an ospf-out route filter to discard /32 prefix lengths, to avoid the individual /32 routes going in every routing table around our network. Now if you had mobile CPE with static IP assignments that you wanted to follow the CPE around your network, that would be different. But you could still do that with a non-pool address. From: Robert Haas Sent: Thursday, August 25, 2016 1:44 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness No, I double checked for any more specific routes that encompass that range. I do have my /20 to a null route to keep from ping-pong’ing at edge routers, but I disabled it temporarily with no change. No summary routes – the /32’s end up in the routing table as the sessions terminate. Routing at other sites was correct – I could ping the customer and traceroute to them from the Braggcity router. Directly on the Bernie router it just times out and goes no where. No MPLS I added a static route – one to .208 and a second to .206 (to compare). The correct result would be a ping-pong between Bernie and Braggcity. I attached the screen shot, the .208 just times out while the .206 ping-pongs like it should.. To expand on that – I then added .208 onto the loopback at Hayti. The screen shot shows the Bernie router having the route in the routing table but still the traffic is blackholed.. I’m scratching my head.. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jesse DuPont Sent: Thursday, August 25, 2016 12:47 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness Is it possible another router somewhere is announcing x.x.x.208/28 (or /29 or /30)? You mentioned there is no x.x.x.208/32 router in the route table, but what about other prefix lengths? Are you summarizing your PPPoE prefixes into OSPF by putting them into another area and using area-ranges or do all the /32s just end up in all your routers' tables as PPPoE sessions come up? Did you look at the route tables at Braggcity and Ross to ensure they show the correct outgoing iface for that /32 to reach the Hayti router? Are you using MPLS at all? If you add a static route for x.x.x.208/32 to Bernie, Braggcity and Ross, does that make any difference? Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 11:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can’t surf and I can’t ping them from my office: [office] – [Bernie Router] – [Braggcity Router] – [Ross Router] – [Hayti Router] – [customer] A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc – just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA’s. -- Another customer gets x.x.x.207/32 and has no issue at all. -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. -- Now – even though there is no valid route to x.x.x.208/32 in the routing table – traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. Ping statistics for x.x.x.206: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), C:\Users\netadmin>tracert 74.91.65.206 Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: 1 6 ms 6 ms 7 ms z.z.z.z 2 6 ms 6 ms 6 ms y.bpsnetworks.com [y.y.y.1] 3 y.bpsnetworks.com [y.y.y.1] reports: Destination host unreachable. Trace complete. This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. Ping statistics for x.x.x.208: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), C:\Users\netadmin>trace
Re: [AFMUG] Mikrotik OSPF weirdness
Doh – so much for masking the ip’s.. *face palm* From: Af [mailto:af-boun...@afmug.com] On Behalf Of Robert Haas Sent: Thursday, August 25, 2016 1:44 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness No, I double checked for any more specific routes that encompass that range. I do have my /20 to a null route to keep from ping-pong’ing at edge routers, but I disabled it temporarily with no change. No summary routes – the /32’s end up in the routing table as the sessions terminate. Routing at other sites was correct – I could ping the customer and traceroute to them from the Braggcity router. Directly on the Bernie router it just times out and goes no where. No MPLS I added a static route – one to .208 and a second to .206 (to compare). The correct result would be a ping-pong between Bernie and Braggcity. I attached the screen shot, the .208 just times out while the .206 ping-pongs like it should.. To expand on that – I then added .208 onto the loopback at Hayti. The screen shot shows the Bernie router having the route in the routing table but still the traffic is blackholed.. I’m scratching my head.. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jesse DuPont Sent: Thursday, August 25, 2016 12:47 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik OSPF weirdness Is it possible another router somewhere is announcing x.x.x.208/28 (or /29 or /30)? You mentioned there is no x.x.x.208/32 router in the route table, but what about other prefix lengths? Are you summarizing your PPPoE prefixes into OSPF by putting them into another area and using area-ranges or do all the /32s just end up in all your routers' tables as PPPoE sessions come up? Did you look at the route tables at Braggcity and Ross to ensure they show the correct outgoing iface for that /32 to reach the Hayti router? Are you using MPLS at all? If you add a static route for x.x.x.208/32 to Bernie, Braggcity and Ross, does that make any difference? Jesse DuPont Network Architect email: <mailto:jesse.dup...@celeritycorp.net> jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 11:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can’t surf and I can’t ping them from my office: [office] – [Bernie Router] – [Braggcity Router] – [Ross Router] – [Hayti Router] – [customer] A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc – just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA’s. -- Another customer gets x.x.x.207/32 and has no issue at all. -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. -- Now – even though there is no valid route to x.x.x.208/32 in the routing table – traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. Ping statistics for x.x.x.206: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), C:\Users\netadmin>tracert 74.91.65.206 Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: 1 6 ms 6 ms 7 ms z.z.z.z 2 6 ms 6 ms 6 ms y.bpsnetworks.com [y.y.y.1] 3 y.bpsnetworks.com [y.y.y.1] reports: Destination host unreachable. Trace complete. This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. Ping statistics for x.x.x.208: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), C:\Users\netadmin>tracert x.x.x.208 Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: 1 6 ms 6 ms 6 ms z.z.z.z 2 *** Request timed out. 3 ** ^C -- I’ve verified there is no firewall that would affect the traffic – I even put an accept rule in the forward chain for both the source and d
Re: [AFMUG] Mikrotik OSPF weirdness
Is it possible another router somewhere is announcing x.x.x.208/28 (or /29 or /30)? You mentioned there is no x.x.x.208/32 router in the route table, but what about other prefix lengths? Are you summarizing your PPPoE prefixes into OSPF by putting them into another area and using area-ranges or do all the /32s just end up in all your routers' tables as PPPoE sessions come up? Did you look at the route tables at Braggcity and Ross to ensure they show the correct outgoing iface for that /32 to reach the Hayti router? Are you using MPLS at all? If you add a static route for x.x.x.208/32 to Bernie, Braggcity and Ross, does that make any difference? Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 11:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can’t surf and I can’t ping them from my office: [office] – [Bernie Router] – [Braggcity Router] – [Ross Router] – [Hayti Router] – [customer] A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc – just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA’s. -- Another customer gets x.x.x.207/32 and has no issue at all. -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. -- Now – even though there is no valid route to x.x.x.208/32 in the routing table – traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. Ping statistics for x.x.x.206: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), C:\Users\netadmin>tracert 74.91.65.206 Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: 1 6 ms 6 ms 7 ms z.z.z.z 2 6 ms 6 ms 6 ms y.bpsnetworks.com [y.y.y.1] 3 y.bpsnetworks.com [y.y.y.1] reports: Destination host unreachable. Trace complete. This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. Ping statistics for x.x.x.208: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), C:\Users\netadmin>tracert x.x.x.208 Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: 1 6 ms 6 ms 6 ms z.z.z.z 2 * * * Request timed out. 3 * * ^C -- I’ve verified there is no firewall that would affect the traffic – I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. Any pointers are where to start troubleshooting next?
[AFMUG] Mikrotik OSPF weirdness
Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can't surf and I can't ping them from my office: [office] - [Bernie Router] - [Braggcity Router] - [Ross Router] - [Hayti Router] - [customer] A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc - just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA's. -- Another customer gets x.x.x.207/32 and has no issue at all. -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. -- Now - even though there is no valid route to x.x.x.208/32 in the routing table - traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. Ping statistics for x.x.x.206: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), C:\Users\netadmin>tracert 74.91.65.206 Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: 1 6 ms 6 ms 7 ms z.z.z.z 2 6 ms 6 ms 6 ms y.bpsnetworks.com [y.y.y.1] 3 y.bpsnetworks.com [y.y.y.1] reports: Destination host unreachable. Trace complete. This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. Ping statistics for x.x.x.208: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), C:\Users\netadmin>tracert x.x.x.208 Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: 1 6 ms 6 ms 6 ms z.z.z.z 2 *** Request timed out. 3 ** ^C -- I've verified there is no firewall that would affect the traffic - I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. Any pointers are where to start troubleshooting next?