Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping. I am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of time, the link goes down. Eventually it reconnects and the entire process starts over again. While connected however, I am able to see the RIP routes.
Configuration: /interface ipip add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw remote-address=169.228.34.84
Any ideas?
Speed Test: https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92d...
Ian / VA3IAN
To my knowledge, there is no link state detection done on the IPIP tunnels. So if it is flapping, you enabled it somehow, which is wrong, otherwise the link stays up as long your parent interface is up.
Marius, YO2LOJ
On 27.05.2020 21:56, Ian Redden via 44Net wrote:
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping. I am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of time, the link goes down. Eventually it reconnects and the entire process starts over again. While connected however, I am able to see the RIP routes.
Configuration: /interface ipip add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw remote-address=169.228.34.84
Any ideas?
Speed Test: https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92d...
Ian / VA3IAN _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi Ian,
I had something similar when I set up my Mikrotik gateway. It turns out that the set of routes received from UCSD includes a route to UCSD itself - which was breaking RIPs ability to receive routes and causing oscillation as you are seeing.
After talking to Marius about it, my fix was to put in the following prefix-list and set "in-prefix-list=ampr-in" on my RIP interface
/routing prefix-lists add action=discard chain=ampr-in comment="stop us creating a tunnel back to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32 add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32 add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32 add action=discard chain=ampr-in
Only the first entry in that prefix list is required to break the cycle of oscillation, the rest are there to reject any non-44net addresses if UCSD were to announce them to me.
I hope this helps,
Paul M0PLL
On 27/05/2020 19:56, Ian Redden via 44Net wrote:
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping. I am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of time, the link goes down. Eventually it reconnects and the entire process starts over again. While connected however, I am able to see the RIP routes.
Configuration: /interface ipip add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw remote-address=169.228.34.84
Any ideas?
Speed Test: https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92d...
Ian / VA3IAN _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
I am noticing the interval is now exactly 118 seconds. Weird. For testing I am using Mikrotik CHR in a rather fancy vSphere environment. If I can get it working properly I will be putting it on my hAP ac2.
I did what you suggested. It's still doing it. Here's the full configuration:
# may/28/2020 14:40:12 by RouterOS 6.46.6 # software id = XXXX-XXXX # # # /interface ipip add allow-fast-path=no local-address=xx.xx.154.44 name=ucsd-gw remote-address=169.228.34.84 /ip cloud set update-time=no /ip dhcp-client add disabled=no interface=ether1 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=xx.xx.141.229/32 set api disabled=yes set winbox address=xx.xx.141.229/32 set api-ssl disabled=yes /routing prefix-lists add action=discard chain=ampr-in comment="stop us creating a tunnel back to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32 add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32 add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32 add action=discard chain=ampr-in /routing rip set garbage-timer=30m routing-table=44rip timeout-timer=30m update-timer=5m /routing rip interface add authentication=simple authentication-key=pLaInTeXtpAsSwD interface=ucsd-gw passive=yes receive=v2 /routing rip network add network=44.0.0.0/9 add network=44.128.0.0/10
Log: 13:58:24 system,info router rebooted 13:58:34 interface,info ether1 link up (speed 1G, full duplex) 13:58:34 interface,info ether2 link up (speed 1G, full duplex) 13:58:43 system,info address added 13:59:02 system,error,critical login failure for user admin via local 13:59:05 system,info,account user admin logged in via local 13:59:11 system,info address removed 13:59:36 system,info dhcp client added by admin 13:59:38 system,info dhcp client changed by admin 13:59:38 dhcp,info dhcp-client on ether1 got IP address xx.xx.154.44 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 14:00:07 system,info ip service changed by admin 14:00:11 system,info ip service changed by admin 14:00:21 system,info user admin changed by admin 14:00:34 system,info,account user admin logged in from xx.xx.141.229 via ssh 14:01:03 system,info device added by admin 14:01:26 system,info ip service changed by admin 14:01:26 interface,info ucsd-gw link up 14:01:27 system,info ip service changed by admin 14:01:54 system,info,account user admin logged in from xx.xx.141.229 via winbox 14:02:57 system,info prefix list object added by admin 14:02:57 system,info prefix list object added by admin 14:02:57 system,info prefix list object added by admin 14:02:57 system,info prefix list object added by admin 14:02:57 system,info RIP main config changed by admin 14:02:57 system,info RIP interface added by admin 14:02:57 system,info RIP network 44.0.0.0/9 added by admin 14:02:57 system,info RIP network 44.128.0.0/10 added by admin 14:03:24 interface,info ucsd-gw link down 14:06:26 interface,info ucsd-gw link up 14:08:24 interface,info ucsd-gw link down 14:11:26 interface,info ucsd-gw link up 14:13:24 interface,info ucsd-gw link down 14:16:26 interface,info ucsd-gw link up 14:18:24 interface,info ucsd-gw link down 14:21:26 interface,info ucsd-gw link up 14:23:24 interface,info ucsd-gw link down 14:26:26 interface,info ucsd-gw link up 14:28:24 interface,info ucsd-gw link down 14:31:26 interface,info ucsd-gw link up 14:33:24 interface,info ucsd-gw link down 14:36:26 interface,info ucsd-gw link up 14:38:24 interface,info ucsd-gw link down
Ian.
On Thu, May 28, 2020 at 4:30 AM Paul Lettington via 44Net < 44net@mailman.ampr.org> wrote:
Hi Ian,
I had something similar when I set up my Mikrotik gateway. It turns out that the set of routes received from UCSD includes a route to UCSD itself - which was breaking RIPs ability to receive routes and causing oscillation as you are seeing.
After talking to Marius about it, my fix was to put in the following prefix-list and set "in-prefix-list=ampr-in" on my RIP interface
/routing prefix-lists add action=discard chain=ampr-in comment="stop us creating a tunnel back to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32 add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32 add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32 add action=discard chain=ampr-in
Only the first entry in that prefix list is required to break the cycle of oscillation, the rest are there to reject any non-44net addresses if UCSD were to announce them to me.
I hope this helps,
Paul M0PLL
On 27/05/2020 19:56, Ian Redden via 44Net wrote:
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping.
I
am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of time, the link goes down. Eventually it reconnects and the entire
process
starts over again. While connected however, I am able to see the RIP routes.
Configuration: /interface ipip add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw remote-address=169.228.34.84
Any ideas?
Speed Test:
https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92d...
Ian / VA3IAN _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi Ian,
Mine is also a CHR, but running in a boring old Linux KVM box.
I notice from your config that you aren't using the prefix-list in the RIP config. My Mikrotik has:
/routing rip interface add authentication=simple authentication-key=pLaInTeXtpAsSwD in-prefix-list=ampr-in interface=ucsd-gw passive=yes receive=v2
Note the "in-prefix-list=ampr-in" in there which means received routes from that RIP neighbour get filtered through that prefix list.
Paul.
On 29/05/2020 15:27, Ian Redden via 44Net wrote:
I am noticing the interval is now exactly 118 seconds. Weird. For testing I am using Mikrotik CHR in a rather fancy vSphere environment. If I can get it working properly I will be putting it on my hAP ac2.
I did what you suggested. It's still doing it. Here's the full configuration:
# may/28/2020 14:40:12 by RouterOS 6.46.6 # software id = XXXX-XXXX # # # /interface ipip add allow-fast-path=no local-address=xx.xx.154.44 name=ucsd-gw remote-address=169.228.34.84 /ip cloud set update-time=no /ip dhcp-client add disabled=no interface=ether1 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=xx.xx.141.229/32 set api disabled=yes set winbox address=xx.xx.141.229/32 set api-ssl disabled=yes /routing prefix-lists add action=discard chain=ampr-in comment="stop us creating a tunnel back to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32 add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32 add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32 add action=discard chain=ampr-in /routing rip set garbage-timer=30m routing-table=44rip timeout-timer=30m update-timer=5m /routing rip interface add authentication=simple authentication-key=pLaInTeXtpAsSwD interface=ucsd-gw passive=yes receive=v2 /routing rip network add network=44.0.0.0/9 add network=44.128.0.0/10
Log: 13:58:24 system,info router rebooted 13:58:34 interface,info ether1 link up (speed 1G, full duplex) 13:58:34 interface,info ether2 link up (speed 1G, full duplex) 13:58:43 system,info address added 13:59:02 system,error,critical login failure for user admin via local 13:59:05 system,info,account user admin logged in via local 13:59:11 system,info address removed 13:59:36 system,info dhcp client added by admin 13:59:38 system,info dhcp client changed by admin 13:59:38 dhcp,info dhcp-client on ether1 got IP address xx.xx.154.44 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 13:59:47 system,info ip service changed by admin 14:00:07 system,info ip service changed by admin 14:00:11 system,info ip service changed by admin 14:00:21 system,info user admin changed by admin 14:00:34 system,info,account user admin logged in from xx.xx.141.229 via ssh 14:01:03 system,info device added by admin 14:01:26 system,info ip service changed by admin 14:01:26 interface,info ucsd-gw link up 14:01:27 system,info ip service changed by admin 14:01:54 system,info,account user admin logged in from xx.xx.141.229 via winbox 14:02:57 system,info prefix list object added by admin 14:02:57 system,info prefix list object added by admin 14:02:57 system,info prefix list object added by admin 14:02:57 system,info prefix list object added by admin 14:02:57 system,info RIP main config changed by admin 14:02:57 system,info RIP interface added by admin 14:02:57 system,info RIP network 44.0.0.0/9 added by admin 14:02:57 system,info RIP network 44.128.0.0/10 added by admin 14:03:24 interface,info ucsd-gw link down 14:06:26 interface,info ucsd-gw link up 14:08:24 interface,info ucsd-gw link down 14:11:26 interface,info ucsd-gw link up 14:13:24 interface,info ucsd-gw link down 14:16:26 interface,info ucsd-gw link up 14:18:24 interface,info ucsd-gw link down 14:21:26 interface,info ucsd-gw link up 14:23:24 interface,info ucsd-gw link down 14:26:26 interface,info ucsd-gw link up 14:28:24 interface,info ucsd-gw link down 14:31:26 interface,info ucsd-gw link up 14:33:24 interface,info ucsd-gw link down 14:36:26 interface,info ucsd-gw link up 14:38:24 interface,info ucsd-gw link down
Ian.
On Thu, May 28, 2020 at 4:30 AM Paul Lettington via 44Net < 44net@mailman.ampr.org> wrote:
Hi Ian,
I had something similar when I set up my Mikrotik gateway. It turns out that the set of routes received from UCSD includes a route to UCSD itself - which was breaking RIPs ability to receive routes and causing oscillation as you are seeing.
After talking to Marius about it, my fix was to put in the following prefix-list and set "in-prefix-list=ampr-in" on my RIP interface
/routing prefix-lists add action=discard chain=ampr-in comment="stop us creating a tunnel back to UCSD which breaks RIP" prefix=44.0.0.1/32 prefix-length=32 add chain=ampr-in prefix=44.0.0.0/9 prefix-length=9-32 add chain=ampr-in prefix=44.128.0.0/10 prefix-length=10-32 add action=discard chain=ampr-in
Only the first entry in that prefix list is required to break the cycle of oscillation, the rest are there to reject any non-44net addresses if UCSD were to announce them to me.
I hope this helps,
Paul M0PLL
On 27/05/2020 19:56, Ian Redden via 44Net wrote:
Hi All;
When trying to connect, the IPIP tunnel on my Mikrotik box is flapping.
I
am using Mikrotik OS 6.46.6.
It connects, shows as registered/running, but after a random period of time, the link goes down. Eventually it reconnects and the entire
process
starts over again. While connected however, I am able to see the RIP routes.
Configuration: /interface ipip add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw remote-address=169.228.34.84
Any ideas?
Speed Test:
https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92d...
Ian / VA3IAN _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Ian Redden -
Marius Petrescu -
Paul Lettington