Hello Guys,


We have a Routed OSPF Net with Cisco Style VPLS Tunnels over BGP.

The MT Interfaces are connected with Wireless UBNT Bridges

here is the config of the two MTs that have Problems and spams the Logs.

MT 1:

/interface bridge
add mtu=1500 name=HotSpot priority=0x2000
add mtu=1500 name=MGNT priority=0x2000
add mtu=1500 name=PPPoE priority=0x2000
add mtu=1500 name=lo0
/interface ethernet
set [ find default-name=ether1 ] comment=PPPoE-Haus
set [ find default-name=ether2 ] comment=Zubr.
set [ find default-name=ether3 ] comment="AP 2,4G"
set [ find default-name=ether4 ] comment="AP 5G"
set [ find default-name=ether5 ] poe-out=off
/ip neighbor discovery
set ether1 comment=PPPoE-Haus
set ether2 comment=Zubr.
set ether3 comment="AP 2,4G"
set ether4 comment="AP 5G"
/interface vlan
add interface=ether3 l2mtu=1594 name=vlan10-eth3-MGNT vlan-id=10
add interface=ether4 l2mtu=1594 name=vlan10-eth4-MGNT vlan-id=10
add interface=ether3 l2mtu=1594 name=vlan20-eth3-PPPoE vlan-id=20
add interface=ether4 l2mtu=1594 name=vlan20-eth4-PPPoE vlan-id=20
add interface=ether4 l2mtu=1594 name=vlan21-eth3-PPPoEalt vlan-id=21
add interface=ether3 l2mtu=1594 name=vlan30-eth3-HotSpot vlan-id=30
/ip neighbor discovery
set vlan10-eth3-MGNT discover=no
set vlan10-eth4-MGNT discover=no
set vlan20-eth3-PPPoE discover=no
set vlan20-eth4-PPPoE discover=no
set vlan21-eth3-PPPoEalt discover=no
set vlan30-eth3-HotSpot discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/routing bgp instance
set default router-id=10.36.1.1
/routing ospf instance
set [ find default=yes ] router-id=10.36.1.1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100

/user group
add name=MCDD policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web,sniff,sensitive,api"
/interface bridge filter
add chain=forward in-bridge=PPPoE mac-protocol=pppoe-discovery
add chain=forward mac-protocol=pppoe-discovery out-bridge=PPPoE
add chain=forward mac-protocol=pppoe out-bridge=PPPoE
add chain=forward in-bridge=PPPoE mac-protocol=pppoe
add action=drop chain=forward out-bridge=PPPoE
add action=drop chain=forward in-bridge=PPPoE
/interface bridge port
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=ether1 \
point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=\
vlan20-eth3-PPPoE point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=\
vlan21-eth3-PPPoEalt point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=\
vlan20-eth4-PPPoE point-to-point=no
add bridge=MGNT edge=yes external-fdb=no horizon=1 interface=vlan10-eth3-MGNT \
point-to-point=no
add bridge=MGNT edge=yes external-fdb=no horizon=1 interface=vlan10-eth4-MGNT \
point-to-point=no
add bridge=HotSpot edge=yes external-fdb=no horizon=1 interface=\
vlan30-eth3-HotSpot point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no interface=ether5 point-to-point=no
/interface ethernet poe settings
set ether1-poe-in-long-cable=yes
/interface vpls cisco-bgp-vpls
add bridge=PPPoE bridge-cost=0 bridge-horizon=9 export-route-targets=\
10.36.1.1:0 import-route-targets=10.36.1.1:0 l2router-id=10.0.9.1 name=\
PPPoE-FAE route-distinguisher=10.36.1.1:0 vpls-id=10.36.1.1:0
add bridge=HotSpot bridge-cost=0 bridge-horizon=9 export-route-targets=\
10.36.1.1:1 import-route-targets=10.36.1.1:1 l2router-id=10.0.9.1 name=\
HotSpot-FAE route-distinguisher=10.36.1.1:1 vpls-id=10.36.1.1:1
/ip address
add address=10.36.1.1/32 interface=lo0 network=10.36.1.1
add address=10.36.1.129/25 interface=PPPoE network=10.36.1.128
add address=10.36.1.65/26 interface=MGNT network=10.36.1.64
add address=10.255.254.34/28 interface=ether2 network=10.255.254.32
/ip dhcp-relay
add dhcp-server=10.255.255.244 disabled=no interface=PPPoE name=relay1
add dhcp-server=10.255.255.244 disabled=no interface=MGNT name=relay2
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip service
/mpls ldp
set enabled=yes lsr-id=10.36.1.1 transport-address=10.36.1.1
/mpls ldp interface
add interface=ether2
/routing bgp peer
add address-families=l2vpn-cisco name=FAE remote-address=10.0.9.1 remote-as=\
65530 route-reflect=yes ttl=default update-source=lo0
/routing ospf interface
add interface=ether2 network-type=ptmp
/routing ospf network
add area=backbone network=10.0.0.0/8
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=DD-LGz18-BR-36.1
/system logging
add disabled=yes topics=ospf
/system ntp client
set enabled=yes primary-ntp=10.255.255.225
/tool graphing interface
add




MT 2:

/interface bridge
add mtu=1500 name=Hotspot priority=0x2000
add mtu=1500 name=MGNT priority=0x2000
add mtu=1500 name=PPPoE
add mtu=1500 name=lo0
/interface ethernet
set [ find default-name=ether1 ] comment="PPPoE Haus"
set [ find default-name=ether2 ] comment=Zubr.
set [ find default-name=ether3 ] comment="A5M19-1oMndsA8 "
set [ find default-name=ether4 ] comment=A2M19-1s1MndsA8
set [ find default-name=ether5 ] comment=A2M19-2s7MndsA8
/ip neighbor discovery
set ether1 comment="PPPoE Haus"
set ether2 comment=Zubr.
set ether3 comment="A5M19-1oMndsA8 "
set ether4 comment=A2M19-1s1MndsA8
set ether5 comment=A2M19-2s7MndsA8
/interface vlan
add interface=ether3 l2mtu=1594 name=vlan10-eth3-MGNT vlan-id=10
add interface=ether4 l2mtu=1594 name=vlan10-eth4-MGNT vlan-id=10
add interface=ether5 l2mtu=1594 name=vlan10-eth5-MGNT vlan-id=10
add interface=ether3 l2mtu=1594 name=vlan20-eth3-PPPoE vlan-id=20
add interface=ether4 l2mtu=1594 name=vlan20-eth4-PPPoE vlan-id=20
add interface=ether5 l2mtu=1594 name=vlan20-eth5-PPPoE vlan-id=20
add interface=ether3 l2mtu=1594 name=vlan21-eth3-PPPoEalt vlan-id=21
add interface=ether4 l2mtu=1594 name=vlan30-eth4-Hotspot vlan-id=30
add interface=ether5 l2mtu=1594 name=vlan30-eth5-Hotspot vlan-id=30
/ip neighbor discovery
set vlan20-eth3-PPPoE discover=no
set vlan20-eth4-PPPoE discover=no
set vlan20-eth5-PPPoE discover=no
set vlan21-eth3-PPPoEalt discover=no
set vlan30-eth4-Hotspot discover=no
set vlan30-eth5-Hotspot discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/routing bgp instance
set default router-id=10.19.1.1
/routing ospf instance
set [ find default=yes ] router-id=10.19.1.1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
set 3 src-address=0.0.0.0
/user group
add name=MCDD policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web,sniff,sensitive,api"
/interface bridge filter
add chain=forward in-bridge=PPPoE mac-protocol=pppoe-discovery
add chain=forward in-bridge=PPPoE mac-protocol=pppoe
add chain=forward mac-protocol=pppoe-discovery out-bridge=PPPoE
add chain=forward mac-protocol=pppoe out-bridge=PPPoE
add action=drop chain=forward in-bridge=PPPoE
add action=drop chain=forward out-bridge=PPPoE
/interface bridge port
add bridge=MGNT edge=yes external-fdb=no horizon=1 interface=vlan10-eth3-MGNT \
point-to-point=no
add bridge=MGNT edge=yes external-fdb=no horizon=1 interface=vlan10-eth4-MGNT \
point-to-point=no
add bridge=MGNT edge=yes external-fdb=no horizon=1 interface=vlan10-eth5-MGNT \
point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=\
vlan20-eth3-PPPoE point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=\
vlan20-eth4-PPPoE point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=\
vlan20-eth5-PPPoE point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=\
vlan21-eth3-PPPoEalt point-to-point=no
add bridge=Hotspot edge=yes external-fdb=no horizon=1 interface=\
vlan30-eth4-Hotspot point-to-point=no
add bridge=Hotspot edge=yes external-fdb=no horizon=1 interface=\
vlan30-eth5-Hotspot point-to-point=no
add bridge=PPPoE edge=yes external-fdb=no horizon=1 interface=ether1 \
point-to-point=no
add bridge=Hotspot edge=no external-fdb=no horizon=9 interface=\
vpls-HotSpot-FAE point-to-point=yes
add bridge=PPPoE disabled=yes edge=no external-fdb=no horizon=9 interface=\
vpls-PPPoE-FAE point-to-point=yes
/interface ethernet poe settings
set ether1-poe-in-long-cable=yes
/interface vpls cisco-bgp-vpls
add bridge=PPPoE bridge-cost=0 bridge-horizon=9 export-route-targets=\
10.19.1.1:0 import-route-targets=10.19.1.1:0 l2router-id=10.0.9.1 name=\
PPPoE-FAE route-distinguisher=10.19.1.1:0 vpls-id=10.19.1.1:0
add bridge=Hotspot bridge-cost=0 bridge-horizon=9 export-route-targets=\
10.19.1.1:1 import-route-targets=10.19.1.1:1 l2router-id=10.0.9.1 name=\
HotSpot-FAE route-distinguisher=10.19.1.1:1 vpls-id=10.19.1.1:1
/ip address
add address=10.19.1.1/32 interface=lo0 network=10.19.1.1
add address=10.19.1.129/25 interface=PPPoE network=10.19.1.128
add address=10.19.1.65/26 interface=MGNT network=10.19.1.64
add address=10.255.254.35/28 interface=ether2 network=10.255.254.32
/ip dhcp-relay
add dhcp-server=10.255.255.244 disabled=no interface=PPPoE name=relay1
add dhcp-server=10.255.255.244 disabled=no interface=MGNT name=relay2
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip service
set api disabled=yes
/mpls ldp
set enabled=yes lsr-id=10.19.1.1 transport-address=10.19.1.1
/mpls ldp interface
add interface=ether2
/routing bgp peer
add address-families=l2vpn-cisco name=FAE remote-address=10.0.9.1 remote-as=\
65530 route-reflect=yes ttl=default update-source=lo0
/routing ospf interface
add interface=ether2 network-type=ptmp
/routing ospf network
add area=backbone network=10.0.0.0/8
/snmp
set contact=ddlan enabled=yes location=MndsA8
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=DD-MndsA8-BR-19.1
/system logging
add disabled=yes topics=ospf
/system ntp client
set enabled=yes primary-ntp=10.255.255.225
/tool graphing interface
add


As u can see the Wireless Connection is good, the ccq is stable

The MTU at the Bridges is 1524 because of Backbone VLANS

Routeros on both MTs is 6.26



The Problem is both spams the Logs and sometimes the PPPoE Connection over the VPLS Tunnel flaps, But not the BGP.

So what could i do to kill the Problem,

Thanks for any Help

If the CCQ has even a momentary dip due to a sudden interference, reflection, whatever, then the OSPF hello packets might be the ones which were "on the air" - if this happens, then OSPF can get broken as you're seeing.
Also, if there is bandwidth congestion, OSPF might be getting dropped.

BGP survives this because it uses TCP as its transport - tcp will simply retransmit packets that do not receive an ACK from the other end, and it also has longer timeout values than OSPF, so it's much more tolerant. Worst of all - ospf uses multicast which most radios have a "basic rate" for multicasting. They have to transmit slowly because some receivers might be using a lower modulation rate than others. In order for one transmission to reach all clients, it must send slowly enough that nobody misses it.

Setting DSCP 46 (mangle table) on OSPF packets will cause ubnt to treat these as top priority.
Tweaking hello timers to send more hello packets but require missing more before failing will help.
Setting a higher basic rate for multicast can help (as long as the connections are always better than this basic rate)

I also see that you have multiple clients attached to this single AP (6 connections in the screenshot) - are all of these OSPF neighbors, or just one particular site? If there are only 2 ospf speakers on this network, I would set the OSPF interface to be point-to-point network type (no DR election). If there are multiple neighbors, then I would make sure that the router at the AP site is the one which is DR because all communications are to the DR. If DR is at a station site, then hellos between it and its neighbors on other station radios will cross the air twice. (doubling the chance that they get dropped by errored transmission)

Oh not enough screenshot,


it is so that only the 2 stations are opsf neighbors. The rest are costumer Modems


Can u explain what DR means?

I Would first change the hello intervall.


Sorry my English is not the best....

Remember when changing the hello interval that both neighbors must use the same interval or it will fail.

DR = designated router. Basically, suppose a LAN with 12 OSPF-speaking routers. In stead of a full mesh of communication (132 sessions!), one router is elected the designated router. All routers on the network just talk to the DR, and the DR updates the neighbors that need to know any changes. There is a DR, a BDR (backup designated router) and DROTHER - which just means the same as 'client' really. Two routers which are DROTHER don't communicate directly with each other.

This is what a router's priority value means - I can't remember right this second whether this value is set on the ospf interface parameters, or the instance. (I think interface).

Anyhow - since you only have 2 routers talking to each other, I would just set them to network type point-to-point so this is not even an issue. You may also try setting the station ubnt's airmax priority to high and have all others on the AP be set to normal (or medium, I forget the exact terms). If there is one station with low CCQ on this AP, it is dragging down the entire sector - so you could set that station's priority to low in order to help a little more.

yeah i know should the hello intervall higher or lower than default?

Basically, lower interval means to send them more often, but by default, dead interval is 4x hello interval, so:

lower hello interval AND dead interval -> faster fault detection.
higher hello AND dead intervals -> slower to detect failure
If you make hello lower, but keep the dead interval the same, (choose an even multiple of hello interval) then it means that while it takes roughly the same amount of time for a link to appear dead, the routers more aggressively "ping" the link....

The default settings mean that you have to miss 4 hellos in a row. This seems excessive, but it happens. I had this happen with Cisco routers talking across UBNT links, so this is not really a 'milkrotik' problem but an OSPF over UBNT problem. I've seen other threads on this forum about this exact thing, too.

If your links hit 100% saturation very much, then I suggest trying to QOS++ the ospf packets.