Nefunkční OSPF

rseb

Ahoj,

na sítí se nám projevuje takový problém. Po restartu rádia mezi dvěma routery se na routeru neobnoví dynamické routy v routovací tabulce.

zapojení je RB3011 - PowerBeam 5AC - PowerBeam 5AC - PowerBOX.

Nastaveni OSPF

- area backbone, v arei je cca 9 routeru, router-id jsou jedinečná

- nbma

- redistribute connected as type 1

- redistribute static as type 1

- redistribute other OSPF as type 1

Verze ROS jsem zkoušel různé.

Celé to vypadá, že se po obnovení linky routery spojí, domluví si DR, BDR dokonce nějaká další data tam protečou, ale v ospf/routes není nic...

Nenapadá vás, kde může být zakopaný pes?

Dík, Roman

disk

Je spoj plně transparentní?

rseb

Nevím, co přesně si pod tím mám představit, ale věřím, že jo. Radio je v bridge...

msfanousek

Nemáš tu moc informací, ale pravděpodobně máš plnej log hlášení o špatným MTU, uprav si ho na tom bridge na 1500.

rseb

MTU je vsude 1500. Logy o MTU mlci...

rseb

zrovna se to stalo... takhle vypadá log v době, kdy se to pokouší syncnout...

btw: opraví to zakázaní a povolení OSPF instance...

rseb

Změnil jsem nastavení timeoutu (hello na 5s, death na 20s a poll na 30s) a priority u v ospf/network a vypada to, že to pomohlo...

Původně oba routery měly sice jiné router-id, ale stejnou prioritu (1)

Ale pořád nechápu, proč by to mělo něco ovlivnit...

Každopádně teď se ospf chytá spolehlivě. Snad toto nastavení nebude mít jiné negativní side effects...

radik

Udelej export a dej ho sem. Nedelal sis nahodou novou instanci OSPF (defaultni neni pouzita)?

Jinak melo by ti pomoct:

/routing ospf instance set XY use-dn=yes

pripadne

/routing ospf instance set XY use-dn=no

radik

Jinak vidim, ze novy verze ros uz umi menit i pres winbox. Driv byla nutnost udelat pres terminal.

rseb

Nn. Instance je default z mk... Export dodám.

radik

A mas to pouze proti mikrotiku a nebo je tam i neco jinyho? Podivej se hlavne, jestli mas use-dn vsude stejne.

rseb

Jenom mk. use-dn ověřím.

rseb

router 1

# jun/12/2018 20:12:04 by RouterOS 6.42.3

# software id = QIGW-YAW6

# model = RouterBOARD 3011UiAS

# serial number = 780E0615269B

/interface bridge

add comment=defconf fast-forward=no name=bridge

add fast-forward=no name=loopback

/interface ethernet

set [ find default-name=ether1 ] comment=xxx name=ether1_TO-Mojmirovcu

set [ find default-name=ether2 ] comment=V_zahradach-xxxname=\

ether2_V_zahradach-xxx

set [ find default-name=ether3 ] comment=Zahradnictvi_komin name=\

ether3_Zahradnictvi_komin

set [ find default-name=ether4 ] comment=AP1 name=ether4_AP1

set [ find default-name=ether5 ] comment=ether5 name=\

ether5_TO-xxx_za_podjezdem

set [ find default-name=ether6 ] comment=SW_pater name=ether6_SW-Pater \

rx-flow-control=auto tx-flow-control=auto

set [ find default-name=ether7 ] comment=lancont name=ether7_lancontroler

set [ find default-name=ether8 ] comment=Kamery_cerpadlarna name=\

ether8_Kamery_cerpadlarna

set [ find default-name=ether9 ] comment=xxx_SiKi name=\

ether9_TO-xxx_SiKi speed=1Gbps

set [ find default-name=ether10 ] name=ether10_TO-Vaclavska poe-out=off

set [ find default-name=sfp1 ] name=sfp1_TO-Mojmirovcu rx-flow-control=auto \

tx-flow-control=auto

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=Vodarna

/ip pool

add name=dhcp_pool1 ranges=10.10.11.130-10.10.11.142

/ip dhcp-server

add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \

interface=bridge name=dhcp1

/routing ospf instance

set [ find default=yes ] redistribute-connected=as-type-1 \

redistribute-other-ospf=as-type-1 redistribute-static=as-type-1 \

router-id=10.155.255.4

/snmp community

set [ find default=yes ] addresses=0.0.0.0/0

/system logging action

set 3 remote=10.155.19.100 src-address=10.155.25.1

/interface bridge port

add bridge=bridge interface=ether2_V_zahradach-xxx

add bridge=bridge interface=ether3_Zahradnictvi_komin

add bridge=bridge interface=ether4_AP1

add bridge=bridge interface=ether6_SW-Pater

add bridge=bridge interface=ether7_lancontroler

add bridge=bridge interface=ether8_Kamery_cerpadlarna

/ip address

add address=10.10.11.129/28 interface=bridge network=10.10.11.128

add address=10.155.25.1/24 interface=bridge network=10.155.25.0

add address=192.168.25.1/24 interface=bridge network=192.168.25.0

add address=172.16.64.46/29 interface=ether1_TO-Mojmirovcu network=\

172.16.64.40

add address=10.155.30.1/24 interface=bridge network=10.155.30.0

add address=172.16.64.54/29 interface=ether10_TO-Vaclavska network=\

172.16.64.48

add address=172.16.64.57/29 interface=ether5_TO-xxx_za_podjezdem network=\

172.16.64.56

add address=10.155.255.4 interface=loopback network=10.155.255.4

add address=1.2.3.177/30 interface=bridge network=1.2.3.176

add address=172.16.64.73/29 interface=ether9_TO-xxx_SiKi network=\

172.16.64.72

add address=1.2.3.185/30 interface=bridge network=1.2.3.184

/ip dhcp-server network

add address=10.10.11.128/28 dns-server=10.155.19.126,10.155.19.125 gateway=\

10.10.11.129

/ip dns

set servers=10.155.19.125,10.155.19.126

/ip dns static

add address=192.168.88.1 name=router

/ip firewall address-list

add address=10.0.0.0/8 comment=privete_IP list=local_ip

add address=192.168.0.0/16 comment=privete_IP list=local_ip

add address=8.8.8.8 comment="google DNS" list=local_ip

add address=172.16.0.0/16 comment=privete_IP list=local_ip

add address=1.2.3.0/22 comment=xxx_RIPE_IP list=local_ip

add address=1.2.3.225 comment=xxx_home list=Trusted_IP

add address=172.16.1.0/24 comment=VPN list=Trusted_IP

add address=1.2.3.0/28 comment=Local_Server list=Trusted_IP

add address=172.16.64.0/22 comment=spojovacky list=Trusted_IP

add address=172.16.68.0/22 comment=spojovacky_radia list=Trusted_IP

add address=172.16.64.58 comment=P2P_Vodarna-xxx.za.podjezdem list=\

AL_ipBezShaperu

add address=172.16.64.61 comment=p2p_xxx-vodarna list=AL_ipBezShaperu

add address=172.16.64.62 comment=P2P_xxx.za.podjedem-Vodarna list=\

AL_ipBezShaperu

add address=172.16.64.74 comment=P2P_Vodarna-xxx.siki list=\

AL_ipBezShaperu

add address=172.16.64.77 comment=p2p_xxx.siki-vodarna list=\

AL_ipBezShaperu

add address=172.16.64.78 comment=P2P_xxx.siki-Vodarna list=\

AL_ipBezShaperu

add address=192.168.25.82 comment=sed-lancontroler list=AL_ipBezShaperu

add address=192.168.25.241 comment=vodarna_lancontroler list=AL_ipBezShaperu

add address=192.168.25.233 comment=vodarna-cerpadlo_lancontroler list=\

AL_ipBezShaperu

add address=192.168.25.205 comment=Axmana_Lancontroler list=AL_ipBezShaperu

add address=192.168.25.19 comment=zahradnictvi_lancontroler list=\

AL_ipBezShaperu

/ip firewall filter

add action=accept chain=input comment="accept established,related,untracked" \

connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

invalid

add action=accept chain=input comment="accept ICMP" protocol=icmp

add action=accept chain=input comment="accept WinBox" dst-port=8291 protocol=\

tcp src-address-list=Trusted_IP

add action=accept chain=input comment="accept API" dst-port=8728 protocol=tcp \

src-address-list=Trusted_IP

add action=accept chain=input comment="accept API_SSL" dst-port=8729 \

protocol=tcp src-address-list=Trusted_IP

add action=accept chain=input comment="accept SSH" dst-port=22 protocol=tcp \

src-address-list=Trusted_IP

add action=accept chain=input comment="accept SNMP" dst-port=161 protocol=udp \

src-address-list=Trusted_IP

add action=accept chain=input comment="accept OSPF" protocol=ospf \

src-address-list=Trusted_IP

add action=drop chain=input comment="defconf: drop all coming "

add action=accept chain=forward comment="accept in ipsec policy" disabled=yes \

ipsec-policy=in,ipsec

add action=accept chain=forward comment="accept out ipsec policy" disabled=\

yes ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment=fasttrack \

connection-state=established,related disabled=yes

add action=drop chain=forward comment="ip bez shaperu" dst-address-list=\

!local_ip src-address-list=AL_ipBezShaperu

/ip firewall mangle

add action=mark-packet chain=forward comment=Pingatko new-packet-mark=\

PM_se_up passthrough=no src-address=1.2.3.8

add action=mark-packet chain=forward comment=Pingatko dst-address=\

1.2.3.8 new-packet-mark=PM_se_down passthrough=no

add action=jump chain=forward jump-target=10.155.25.0/24 src-address=\

10.155.25.0/24

add action=jump chain=forward dst-address=10.155.25.0/24 jump-target=\

10.155.25.0/24

add action=add-src-to-address-list address-list=AL_ipBezShaperu \

address-list-timeout=none-dynamic chain=forward comment=ip_bezshaperu \

src-address=10.155.25.0/24

add action=jump chain=forward jump-target=10.155.30.0/24 src-address=\

10.155.30.0/24

add action=jump chain=forward dst-address=10.155.30.0/24 jump-target=\

10.155.30.0/24

add action=add-src-to-address-list address-list=AL_ipBezShaperu \

address-list-timeout=none-dynamic chain=forward comment=ip_bezshaperu \

src-address=10.155.30.0/24

add action=jump chain=forward jump-target=1.2.3.176/30 src-address=\

1.2.3.176/30

add action=jump chain=forward dst-address=1.2.3.176/30 jump-target=\

1.2.3.176/30

add action=add-src-to-address-list address-list=AL_ipBezShaperu \

address-list-timeout=none-dynamic chain=forward comment=ip_bezshaperu \

src-address=1.2.3.176/30

add action=jump chain=forward jump-target=1.2.3.184/30 src-address=\

1.2.3.184/30

add action=jump chain=forward dst-address=1.2.3.184/30 jump-target=\

1.2.3.184/30

add action=add-src-to-address-list address-list=AL_ipBezShaperu \

address-list-timeout=none-dynamic chain=forward comment=ip_bezshaperu \

src-address=1.2.3.184/30

add action=add-src-to-address-list address-list=AL_ipBezShaperu \

address-list-timeout=none-dynamic chain=forward comment=ip_bezshaperu \

src-address=192.168.0.0/16

add action=add-src-to-address-list address-list=AL_ipBezShaperu \

address-list-timeout=none-dynamic chain=forward comment=ip_bezshaperu \

src-address=10.10.11.128/28

add action=return chain=172.16.64.56/29

add action=return chain=172.16.64.72/29

add action=return chain=10.155.25.0/24

add action=return chain=192.168.25.0/24

add action=return chain=10.155.30.0/24

add action=return chain=1.2.3.176/30

add action=return chain=1.2.3.184/30

/ip firewall nat

add action=dst-nat chain=dstnat comment="Presmeruje IP bez shaperu" \

dst-address-list=!local_ip dst-port=80 protocol=tcp src-address-list=\

AL_ipBezShaperu to-addresses=1.2.3.8 to-ports=82

add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.25.11 \

to-addresses=192.168.0.1

add action=src-nat chain=srcnat disabled=yes dst-address=192.168.0.1 \

to-addresses=192.168.0.2

add action=src-nat chain=srcnat comment=NAT_p2p-mojmirovcu dst-address=\

172.16.64.40/29 to-addresses=172.16.64.46

add action=src-nat chain=srcnat comment=NAT_p2p-vaclavska dst-address=\

172.16.64.48/29 to-addresses=172.16.64.54

add action=src-nat chain=srcnat comment=NAT_p2p-siki disabled=yes \

dst-address=172.16.64.72/29 to-addresses=172.16.64.73

/ip route

add disabled=yes distance=1 gateway=172.16.64.41

add comment=xxx_DHCP disabled=yes distance=1 dst-address=10.10.11.160/28 \

gateway=172.16.64.62

add disabled=yes distance=1 dst-address=10.10.11.176/28 gateway=172.16.64.78

add comment=xxx disabled=yes distance=1 dst-address=10.155.28.0/24 \

gateway=172.16.64.62

add disabled=yes distance=1 dst-address=10.155.29.0/24 gateway=172.16.64.78

add comment=xxx_MGM disabled=yes distance=1 dst-address=192.168.28.0/24 \

gateway=172.16.64.62

add disabled=yes distance=1 dst-address=192.168.29.0/24 gateway=172.16.64.78

/ip service

set telnet disabled=yes

set ftp disabled=yes

set www disabled=yes

set api-ssl disabled=yes

/routing ospf interface

add cost=100 interface=ether10_TO-Vaclavska network-type=nbma

add cost=20 interface=ether1_TO-Mojmirovcu network-type=nbma

add dead-interval=20s hello-interval=5s interface=\

ether5_TO-xxx_za_podjezdem network-type=nbma priority=2

add dead-interval=20s hello-interval=5s interface=ether9_TO-xxx_SiKi \

network-type=nbma priority=2

/routing ospf nbma-neighbor

add address=172.16.64.49 comment=TO-Vaclavska priority=1

add address=172.16.64.41 comment=TO-Mojmirovcu priority=1

add address=172.16.64.62 comment=TO-xxx_za_podjezdem poll-interval=30s

add address=172.16.64.78 comment=TO-xxx_SiKi poll-interval=30s

/routing ospf network

add area=backbone comment=TO-Vaclavska network=172.16.64.48/29

add area=backbone comment=TO-Mojmirovcu network=172.16.64.40/29

add area=backbone comment=TO-xxx_za_podjezdem network=172.16.64.56/29

add area=backbone comment=TO-xxx_siki network=172.16.64.72/29

/snmp

set contact=info@xxx.cz enabled=yes location=vodarna

/system clock

set time-zone-name=Europe/Prague

/system identity

set name=Vodarna

/system logging

add action=remote topics=critical

add action=remote topics=error

add action=remote topics=info,!account

add action=remote topics=warning

add prefix=_OSPF_ topics=ospf,!debug

add action=remote prefix=_OSPF_ topics=ospf,!debug

/system ntp client

set enabled=yes primary-ntp=1.2.3.8 server-dns-names=1.2.3.4

/system routerboard settings

set silent-boot=no

router 2

# jun/12/2018 19:48:33 by RouterOS 6.42.3

# software id = FTVJ-UBYA

# model = RouterBOARD 750P r2

# serial number = 67D507031E2A

/interface bridge

add fast-forward=no name=bridge1

add fast-forward=no name=loopback

/interface ethernet

set [ find default-name=ether1 ] name=ether1-BYT

set [ find default-name=ether4 ] name=ether4-AP1 poe-out=forced-on \

power-cycle-ping-address=192.168.29.3 power-cycle-ping-enabled=yes \

power-cycle-ping-timeout=10m

set [ find default-name=ether5 ] name=ether5-TO-vodarna poe-out=forced-on \

power-cycle-ping-address=172.16.64.73 power-cycle-ping-enabled=yes \

power-cycle-ping-timeout=10m

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=xxx-siki

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/ip pool

add name=dhcp_pool1 ranges=10.10.11.178-10.10.11.190

/ip dhcp-server

add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \

interface=bridge1 name=dhcp1

/queue tree

add name=lan_xxx.siki_up parent=global queue=ethernet-default

add name=lan_xxx.siki_down parent=global queue=ethernet-default

add limit-at=1127k max-limit=33M name=xxx.marek.4491_up packet-mark=\

PM_10.155.29.12_up parent=lan_xxx.xxx_up queue=wireless-default

add limit-at=1127k max-limit=33M name=xxx.marek.4491_down packet-mark=\

PM_10.155.29.12_down parent=lan_xxx.siki_down queue=wireless-default

/routing ospf instance

set [ find default=yes ] redistribute-connected=as-type-1 \

redistribute-other-ospf=as-type-1 redistribute-static=as-type-1 \

router-id=10.155.255.7

/snmp community

set [ find default=yes ] addresses=0.0.0.0/0

/system logging action

set 3 remote=10.155.19.100 src-address=10.155.29.1

/interface bridge port

add bridge=bridge1 hw=no interface=ether1-BYT

add bridge=bridge1 hw=no interface=ether2

add bridge=bridge1 hw=no interface=ether3

add bridge=bridge1 hw=no interface=ether4-AP1

/ip address

add address=172.16.64.78/29 interface=ether5-TO-vodarna network=172.16.64.72

add address=192.168.29.1/24 interface=bridge1 network=192.168.29.0

add address=10.155.29.1/24 interface=bridge1 network=10.155.29.0

add address=10.10.11.177/28 interface=bridge1 network=10.10.11.176

add address=10.155.255.7 interface=loopback network=10.155.255.7

/ip dhcp-server network

add address=10.10.11.176/28 dns-server=10.155.19.126,10.155.19.125 gateway=\

10.10.11.177

/ip dns

set servers=10.155.19.126,10.155.19.125

/ip firewall address-list

add address=10.0.0.0/8 comment=privete_IP list=local_ip

add address=192.168.0.0/16 comment=privete_IP list=local_ip

add address=8.8.8.8 comment="google DNS" list=local_ip

add address=172.16.0.0/16 comment=privete_IP list=local_ip

add address=172.16.1.0/24 comment=VPN list=Trusted_IP

add address=172.16.64.0/22 comment=Spojovacky list=Trusted_IP

add address=172.16.68.0/22 comment=Spojojavcky list=Trusted_IP

add address=192.168.29.3 comment=siki-ap1 list=AL_ipBezShaperu

/ip firewall filter

add action=accept chain=input comment="accept established,related,untracked" \

connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

invalid

add action=accept chain=input comment="accept ICMP" protocol=icmp

add action=accept chain=input comment="accept WinBox" dst-port=8291 protocol=\

tcp src-address-list=Trusted_IP

add action=accept chain=input comment="accept API" dst-port=8728 protocol=tcp \

src-address-list=Trusted_IP

add action=accept chain=input comment="accept API_SSL" dst-port=8729 \

protocol=tcp src-address-list=Trusted_IP

add action=accept chain=input comment="accept SSH" dst-port=22 protocol=tcp \

src-address-list=Trusted_IP

add action=accept chain=input comment="accept SNMP" dst-port=161 protocol=udp \

src-address-list=Trusted_IP

add action=accept chain=input comment="accept OSPF" protocol=ospf \

src-address-list=Trusted_IP

add action=drop chain=input comment="defconf: drop all coming "

add action=accept chain=forward comment="accept in ipsec policy" disabled=yes \

ipsec-policy=in,ipsec

add action=accept chain=forward comment="accept out ipsec policy" disabled=\

yes ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment=fasttrack \

connection-state=established,related disabled=yes

add action=drop chain=forward comment="ip bez shaperu" dst-address-list=\

!local_ip src-address-list=AL_ipBezShaperu

/ip firewall mangle

add action=jump chain=forward jump-target=10.155.29.0/24 src-address=\

10.155.29.0/24

add action=jump chain=forward dst-address=10.155.29.0/24 jump-target=\

10.155.29.0/24

add action=add-src-to-address-list address-list=AL_ipBezShaperu \

address-list-timeout=none-dynamic chain=forward comment=ip_bezshaperu \

src-address=10.155.29.0/24

add action=mark-packet chain=10.155.29.0/24 comment=sikora.marek \

new-packet-mark=PM_10.155.29.12_up passthrough=no src-address=\

10.155.29.12

add action=mark-packet chain=10.155.29.0/24 comment=sikora.marek dst-address=\

10.155.29.12 new-packet-mark=PM_10.155.29.12_down passthrough=no

add action=return chain=192.168.29.0/24

add action=return chain=10.155.29.0/24

/ip firewall nat

add action=dst-nat chain=dstnat comment="Presmeruje IP bez shaperu" \

dst-address-list=!local_ip dst-port=80 protocol=tcp src-address-list=\

AL_ipBezShaperu to-addresses=1.2.3.8 to-ports=82

/ip route

add distance=220 gateway=172.16.64.73

/routing ospf interface

add dead-interval=20s hello-interval=5s interface=ether5-TO-vodarna \

network-type=nbma

/routing ospf nbma-neighbor

add address=172.16.64.73 comment=TO-Vodarna poll-interval=30s

/routing ospf network

add area=backbone comment=TO_Vodarna network=172.16.64.72/29

/snmp

set contact=info@xxx.cz enabled=yes location=SiKi

/system clock

set time-zone-name=Europe/Prague

/system identity

set name=xxx-siki

/system logging

add action=remote topics=critical

add action=remote topics=error

add action=remote topics=info,!account

add topics=warning

add disabled=yes topics=ospf

add action=remote disabled=yes topics=ospf

add action=echo disabled=yes topics=ospf

/system ntp client

set enabled=yes primary-ntp=1.2.3.4

/system routerboard settings

set silent-boot=no

/system watchdog

set no-ping-delay=10m watchdog-timer=no

rseb

/routing ospf instance get default use-dn vrací všude prázdný výsledek, takže pokud to mk neinterpretuje v každé verzi jinak, tak je to všude stejné...

radik

/routing ospf instance get default use-dn vrací všude prázdný výsledek, takže pokud to mk neinterpretuje v každé verzi jinak, tak je to všude stejné...

a tohle zkousis jak? Pokud se chces podivat co tam je tak to musis udelat takto:

:put [routing ospf instance get default use-dn ]

radik

A jeste nejaky duvod proc mas nbma?

rseb

[xxx@xxx] > :put [routing ospf instance get default use-d

[xxx@xxx] >

rseb

z velké části jsou mezi tím UBNT rádia a nabyl jsem dojmu, že mcast může být problém...

radik

OSPF je broadcast kdyz uz... Mas na tech UBNT zapnuty WDS aby se propustela MAC adresa (ale to by ti nefungoval ani routing spravne)? Si tam zkus hodit do ospf broadcast a nebo point-to-point pokud to mas jen bod bod a nic dalsiho co routuje.

rseb

obávám se, že musím nesouhlasit. typ sítě je sice broadcast, ale k komunikaci se používá multicast...

Vznik sousedství probíhá tak, že dva jednu L2 topologii sdílející směrovače přijmou takzvané hello pakety; ty každý směrovač na každé rozhraní určené ke směrování (nikoli tzv. pasivní rozhraní) pravidelně zasílá. Hello paket je relativně velmi krátký, čili ani jeho časté zasílání nemá významný vliv na propustnost sítě, a je adresován právě všem těm zařízením, která jsou uzly dané L2 topologie (není směrován); jeho cílovou adresou je multicast 224.0.0.5 (01).

https://cs.wikipedia.org/wiki/Open_Shortest_Path_First

Další stránka »