27 May
2020
27 May
'20
1:56 p.m.
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping. I
am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of
time, the link goes down. Eventually it reconnects and the entire process
starts over again. While connected however, I am able to see the RIP
routes.
Configuration:
/interface ipip
add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw
remote-address=169.228.34.84
Any ideas?
Speed Test:
https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92…
Ian / VA3IAN
27 May
27 May
5:05 p.m.
To my knowledge, there is no link state detection done on the IPIP
tunnels. So if it is flapping, you enabled it somehow, which is wrong,
otherwise the link stays up as long your parent interface is up.
Marius, YO2LOJ
On 27.05.2020 21:56, Ian Redden via 44Net wrote:
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping. I
am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of
time, the link goes down. Eventually it reconnects and the entire process
starts over again. While connected however, I am able to see the RIP
routes.
Configuration:
/interface ipip
add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw
remote-address=169.228.34.84
Any ideas?
Speed Test:
https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92…
Ian / VA3IAN
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
28 May
28 May
3:29 a.m.
Hi Ian,
I had something similar when I set up my Mikrotik gateway. It turns out
that the set of routes received from UCSD includes a route to UCSD
itself - which was breaking RIPs ability to receive routes and causing
oscillation as you are seeing.
After talking to Marius about it, my fix was to put in the following
prefix-list and set "in-prefix-list=ampr-in" on my RIP interface
/routing prefix-lists
add action=discard chain=ampr-in comment="stop us creating a tunnel back
to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32
add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32
add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32
add action=discard chain=ampr-in
Only the first entry in that prefix list is required to break the cycle
of oscillation, the rest are there to reject any non-44net addresses if
UCSD were to announce them to me.
I hope this helps,
Paul M0PLL
On 27/05/2020 19:56, Ian Redden via 44Net wrote:
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping. I
am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of
time, the link goes down. Eventually it reconnects and the entire process
starts over again. While connected however, I am able to see the RIP
routes.
Configuration:
/interface ipip
add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw
remote-address=169.228.34.84
Any ideas?
Speed Test:
https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92…
Ian / VA3IAN
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
29 May
29 May
9:27 a.m.
I am noticing the interval is now exactly 118 seconds. Weird. For testing
I am using Mikrotik CHR in a rather fancy vSphere environment. If I can
get it working properly I will be putting it on my hAP ac2.
I did what you suggested. It's still doing it. Here's the full
configuration:
# may/28/2020 14:40:12 by RouterOS 6.46.6
# software id = XXXX-XXXX
#
#
#
/interface ipip
add allow-fast-path=no local-address=xx.xx.154.44 name=ucsd-gw
remote-address=169.228.34.84
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=xx.xx.141.229/32
set api disabled=yes
set winbox address=xx.xx.141.229/32
set api-ssl disabled=yes
/routing prefix-lists
add action=discard chain=ampr-in comment="stop us creating a tunnel back to
UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32
add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32
add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32
add action=discard chain=ampr-in
/routing rip
set garbage-timer=30m routing-table=44rip timeout-timer=30m update-timer=5m
/routing rip interface
add authentication=simple authentication-key=pLaInTeXtpAsSwD
interface=ucsd-gw passive=yes receive=v2
/routing rip network
add network=44.0.0.0/9
add network=44.128.0.0/10
Log:
13:58:24 system,info router rebooted
13:58:34 interface,info ether1 link up (speed 1G, full duplex)
13:58:34 interface,info ether2 link up (speed 1G, full duplex)
13:58:43 system,info address added
13:59:02 system,error,critical login failure for user admin via local
13:59:05 system,info,account user admin logged in via local
13:59:11 system,info address removed
13:59:36 system,info dhcp client added by admin
13:59:38 system,info dhcp client changed by admin
13:59:38 dhcp,info dhcp-client on ether1 got IP address xx.xx.154.44
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
14:00:07 system,info ip service changed by admin
14:00:11 system,info ip service changed by admin
14:00:21 system,info user admin changed by admin
14:00:34 system,info,account user admin logged in from xx.xx.141.229 via ssh
14:01:03 system,info device added by admin
14:01:26 system,info ip service changed by admin
14:01:26 interface,info ucsd-gw link up
14:01:27 system,info ip service changed by admin
14:01:54 system,info,account user admin logged in from xx.xx.141.229 via
winbox
14:02:57 system,info prefix list object added by admin
14:02:57 system,info prefix list object added by admin
14:02:57 system,info prefix list object added by admin
14:02:57 system,info prefix list object added by admin
14:02:57 system,info RIP main config changed by admin
14:02:57 system,info RIP interface added by admin
14:02:57 system,info RIP network 44.0.0.0/9 added by admin
14:02:57 system,info RIP network 44.128.0.0/10 added by admin
14:03:24 interface,info ucsd-gw link down
14:06:26 interface,info ucsd-gw link up
14:08:24 interface,info ucsd-gw link down
14:11:26 interface,info ucsd-gw link up
14:13:24 interface,info ucsd-gw link down
14:16:26 interface,info ucsd-gw link up
14:18:24 interface,info ucsd-gw link down
14:21:26 interface,info ucsd-gw link up
14:23:24 interface,info ucsd-gw link down
14:26:26 interface,info ucsd-gw link up
14:28:24 interface,info ucsd-gw link down
14:31:26 interface,info ucsd-gw link up
14:33:24 interface,info ucsd-gw link down
14:36:26 interface,info ucsd-gw link up
14:38:24 interface,info ucsd-gw link down
Ian.
On Thu, May 28, 2020 at 4:30 AM Paul Lettington via 44Net <
44net(a)mailman.ampr.org> wrote:
Hi Ian,
I had something similar when I set up my Mikrotik gateway. It turns out
that the set of routes received from UCSD includes a route to UCSD
itself - which was breaking RIPs ability to receive routes and causing
oscillation as you are seeing.
After talking to Marius about it, my fix was to put in the following
prefix-list and set "in-prefix-list=ampr-in" on my RIP interface
/routing prefix-lists
add action=discard chain=ampr-in comment="stop us creating a tunnel back
to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32
add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32
add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32
add action=discard chain=ampr-in
Only the first entry in that prefix list is required to break the cycle
of oscillation, the rest are there to reject any non-44net addresses if
UCSD were to announce them to me.
I hope this helps,
Paul M0PLL
On 27/05/2020 19:56, Ian Redden via 44Net wrote:
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping.
I
am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of
time, the link goes down. Eventually it reconnects and the entire
process
starts over again. While connected however, I am
able to see the RIP
routes.
Configuration:
/interface ipip
add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw
remote-address=169.228.34.84
Any ideas?
Speed Test:
https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92…
Ian / VA3IAN
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9:42 a.m.
Hi Ian,
Mine is also a CHR, but running in a boring old Linux KVM box.
I notice from your config that you aren't using the prefix-list in the
RIP config. My Mikrotik has:
/routing rip interface
add authentication=simple authentication-key=pLaInTeXtpAsSwD
in-prefix-list=ampr-in interface=ucsd-gw passive=yes receive=v2
Note the "in-prefix-list=ampr-in" in there which means received routes
from that RIP neighbour get filtered through that prefix list.
Paul.
On 29/05/2020 15:27, Ian Redden via 44Net wrote:
I am noticing the interval is now exactly 118 seconds.
Weird. For testing
I am using Mikrotik CHR in a rather fancy vSphere environment. If I can
get it working properly I will be putting it on my hAP ac2.
I did what you suggested. It's still doing it. Here's the full
configuration:
# may/28/2020 14:40:12 by RouterOS 6.46.6
# software id = XXXX-XXXX
#
#
#
/interface ipip
add allow-fast-path=no local-address=xx.xx.154.44 name=ucsd-gw
remote-address=169.228.34.84
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=xx.xx.141.229/32
set api disabled=yes
set winbox address=xx.xx.141.229/32
set api-ssl disabled=yes
/routing prefix-lists
add action=discard chain=ampr-in comment="stop us creating a tunnel back to
UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32
add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32
add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32
add action=discard chain=ampr-in
/routing rip
set garbage-timer=30m routing-table=44rip timeout-timer=30m update-timer=5m
/routing rip interface
add authentication=simple authentication-key=pLaInTeXtpAsSwD
interface=ucsd-gw passive=yes receive=v2
/routing rip network
add network=44.0.0.0/9
add network=44.128.0.0/10
Log:
13:58:24 system,info router rebooted
13:58:34 interface,info ether1 link up (speed 1G, full duplex)
13:58:34 interface,info ether2 link up (speed 1G, full duplex)
13:58:43 system,info address added
13:59:02 system,error,critical login failure for user admin via local
13:59:05 system,info,account user admin logged in via local
13:59:11 system,info address removed
13:59:36 system,info dhcp client added by admin
13:59:38 system,info dhcp client changed by admin
13:59:38 dhcp,info dhcp-client on ether1 got IP address xx.xx.154.44
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
13:59:47 system,info ip service changed by admin
14:00:07 system,info ip service changed by admin
14:00:11 system,info ip service changed by admin
14:00:21 system,info user admin changed by admin
14:00:34 system,info,account user admin logged in from xx.xx.141.229 via ssh
14:01:03 system,info device added by admin
14:01:26 system,info ip service changed by admin
14:01:26 interface,info ucsd-gw link up
14:01:27 system,info ip service changed by admin
14:01:54 system,info,account user admin logged in from xx.xx.141.229 via
winbox
14:02:57 system,info prefix list object added by admin
14:02:57 system,info prefix list object added by admin
14:02:57 system,info prefix list object added by admin
14:02:57 system,info prefix list object added by admin
14:02:57 system,info RIP main config changed by admin
14:02:57 system,info RIP interface added by admin
14:02:57 system,info RIP network 44.0.0.0/9 added by admin
14:02:57 system,info RIP network 44.128.0.0/10 added by admin
14:03:24 interface,info ucsd-gw link down
14:06:26 interface,info ucsd-gw link up
14:08:24 interface,info ucsd-gw link down
14:11:26 interface,info ucsd-gw link up
14:13:24 interface,info ucsd-gw link down
14:16:26 interface,info ucsd-gw link up
14:18:24 interface,info ucsd-gw link down
14:21:26 interface,info ucsd-gw link up
14:23:24 interface,info ucsd-gw link down
14:26:26 interface,info ucsd-gw link up
14:28:24 interface,info ucsd-gw link down
14:31:26 interface,info ucsd-gw link up
14:33:24 interface,info ucsd-gw link down
14:36:26 interface,info ucsd-gw link up
14:38:24 interface,info ucsd-gw link down
Ian.
On Thu, May 28, 2020 at 4:30 AM Paul Lettington via 44Net <
44net(a)mailman.ampr.org> wrote:
Hi Ian,
I had something similar when I set up my Mikrotik gateway. It turns out
that the set of routes received from UCSD includes a route to UCSD
itself - which was breaking RIPs ability to receive routes and causing
oscillation as you are seeing.
After talking to Marius about it, my fix was to put in the following
prefix-list and set "in-prefix-list=ampr-in" on my RIP interface
/routing prefix-lists
add action=discard chain=ampr-in comment="stop us creating a tunnel back
to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32
add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32
add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32
add action=discard chain=ampr-in
Only the first entry in that prefix list is required to break the cycle
of oscillation, the rest are there to reject any non-44net addresses if
UCSD were to announce them to me.
I hope this helps,
Paul M0PLL
On 27/05/2020 19:56, Ian Redden via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping.
I
am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of
time, the link goes down. Eventually it reconnects and the entire
process
starts over again. While connected however, I am
able to see the RIP
routes.
Configuration:
/interface ipip
add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw
remote-address=169.228.34.84
Any ideas?
Speed Test:
https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92…
Ian / VA3IAN
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1639
days inactive
1641
days old
4 comments
3 participants
participants (3)
-
Ian Redden -
Marius Petrescu -
Paul Lettington