OSPF bug on 6.34.2?

wa4zlw · Sat Feb 27, 2016 5:11 pm

Hi there!

I have a x86 ROS running as an amateur radio gateway (AMPRNet). My Watchguard firewall appliance handles gatewaying everything else. Both devices have a dynamic public IP provided by my cable ISP and managed my DynDns.com.

I think I found a ROS bug. I wanted to make sure none of AMPRnet (including my scope) did NOT appear in my OSPF.

Marius YO2TM created a script to automatically import AMPRnet routes. AMPRnet is treated as a separate VLAN to the world since public internet traffic can't get to it except through a gateway to eliminate unauthorized traffic. IPIP tunneling is used site-2-site.

I removed the WA4ZLW (44.56.53.1/28) interface from OSPF and on the instance said NO to redistribute RIP as well as no to redistribute connected routes. I removed 44.56.53.0/26 as a network from the network tab as well as from my backbone on the area ranges tab.

When I look at the OSPF routing table is shows all the RIP routes as IMPORTED EXT 1 and that is propagating out to the Watchguard:

Here's just a snippet at the watchguard:

Status report for 'BackWoods-XTM520' from Sat Feb 27 09:14:18 2016

Version : 11.10.5.B492938
sysb :
Serial #: 80B103B5423AF
Model : XTM520
CPU cores: 1

Current local time: Sat Feb 27 09:14:18 2016
Current UTC time : Sat Feb 27 14:14:18 2016
Uptime : 18m 58s

Network Configuration
------------
Enabled If-# Dev-Name Name Address Zone*/MTU Status IP-Assignment
Yes 0 eth0 BackDoor 192.168.88.1/24 TR/1500 down static
Yes 1 eth1 100M 70.44.1.91/22 EX/1500 up dhcp
Yes 2 eth2 LAN 0.0.0.0/0 VL/1500 up static
Yes 3 eth3 FW-core100 10.0.3.1/30 OP/1500 up static
Yes 4 eth4 AMPR-WA4ZLW 44.56.53.3/28 OP/1500 up static
Yes 5 eth5 Optional-4 10.0.4.1/24 OP/1500 down static
No 6 eth6 DVR 0.0.0.0/0 OP/1500 down static
Yes 1 vlan1 Data VLAN 10.161.51.3/24 TR/0 up static
Yes 100 vlan100 VoIP VLAN 10.195.13.3/24 TR/0 up static
Yes 50 vlan50 Wireless Data VLAN 10.195.11.3/24 TR/0 up static
Yes 51 vlan51 Wireless Guest Data VLAN 10.195.12.3/24 TR/0 up static

* Zone: TR = trusted, EX = external, OP = optional, CS = custom, LA = link aggregation, VL = vlan, BR = bridge, CL = cluster

IPv4 Routes
------------
Destination Gateway Genmask Flags Metric Interface
0.0.0.0 70.44.0.1 0.0.0.0 UG 5 eth1
10.0.3.0 0.0.0.0 255.255.255.252 U 0 eth3
10.0.4.0 0.0.0.0 255.255.255.0 U 0 eth5
10.161.51.0 0.0.0.0 255.255.255.0 U 0 vlan1
10.195.10.0 10.161.51.2 255.255.255.0 UG 20 vlan1
10.195.10.0 10.195.11.2 255.255.255.0 UG 20 vlan50
10.195.10.0 10.195.13.2 255.255.255.0 UG 20 vlan100
10.195.10.0 10.195.12.2 255.255.255.0 UG 20 vlan51
10.195.10.0 10.161.51.1 255.255.255.0 UG 20 vlan1
10.195.10.0 10.195.11.1 255.255.255.0 UG 20 vlan50
10.195.10.0 10.195.13.1 255.255.255.0 UG 20 vlan100
10.195.10.0 10.195.12.1 255.255.255.0 UG 20 vlan51
10.195.11.0 0.0.0.0 255.255.255.0 U 0 vlan50
10.195.12.0 0.0.0.0 255.255.255.0 U 0 vlan51
10.195.13.0 0.0.0.0 255.255.255.0 U 0 vlan100
10.195.54.0 10.0.3.2 255.255.255.0 UG 1 eth3
10.195.55.0 10.0.3.2 255.255.255.0 UG 1 eth3
44.0.0.0 44.56.53.1 255.0.0.0 UG 1 eth4
44.2.2.0 10.161.51.1 255.255.255.0 UG 30 vlan1
44.2.2.0 10.195.11.1 255.255.255.0 UG 30 vlan50
44.2.2.0 10.195.13.1 255.255.255.0 UG 30 vlan100
44.2.2.0 10.195.12.1 255.255.255.0 UG 30 vlan51
44.2.4.0 10.161.51.1 255.255.255.248 UG 30 vlan1
44.2.4.0 10.195.11.1 255.255.255.248 UG 30 vlan50
44.2.4.0 10.195.13.1 255.255.255.248 UG 30 vlan100
44.2.4.0 10.195.12.1 255.255.255.248 UG 30 vlan51
44.2.5.0 10.161.51.1 255.255.255.128 UG 30 vlan1
44.2.5.0 10.195.11.1 255.255.255.128 UG 30 vlan50
44.2.5.0 10.195.13.1 255.255.255.128 UG 30 vlan100
44.2.5.0 10.195.12.1 255.255.255.128 UG 30 vlan51
44.2.10.0 10.161.51.1 255.255.255.248 UG 30 vlan1
44.2.10.0 10.195.11.1 255.255.255.248 UG 30 vlan50
44.2.10.0 10.195.13.1 255.255.255.248 UG 30 vlan100
44.2.10.0 10.195.12.1 255.255.255.248 UG 30 vlan51
44.2.14.0 10.161.51.1 255.255.255.248 UG 30 vlan1
44.2.14.0 10.195.11.1 255.255.255.248 UG 30 vlan50
44.2.14.0 10.195.13.1 255.255.255.248 UG 30 vlan100
44.2.14.0 10.195.12.1 255.255.255.248 UG 30 vlan51
44.2.50.0 10.161.51.1 255.255.255.248 UG 30 vlan1
44.2.50.0 10.195.11.1 255.255.255.248 UG 30 vlan50
44.2.50.0 10.195.13.1 255.255.255.248 UG 30 vlan100
44.2.50.0 10.195.12.1 255.255.255.248 UG 30 vlan51
44.4.2.152 10.161.51.1 255.255.255.248 UG 30 vlan1
44.4.2.152 10.195.11.1 255.255.255.248 UG 30 vlan50
44.4.2.152 10.195.13.1 255.255.255.248 UG 30 vlan100
44.4.2.152 10.195.12.1 255.255.255.248 UG 30 vlan51
44.4.4.64 10.161.51.1 255.255.255.224 UG 30 vlan1
44.4.4.64 10.195.11.1 255.255.255.224 UG 30 vlan50
44.4.4.64 10.195.13.1 255.255.255.224 UG 30 vlan100
44.4.4.64 10.195.12.1 255.255.255.224 UG 30 vlan51
44.4.10.40 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.10.40 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.10.40 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.10.40 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.12.0 10.161.51.1 255.255.255.0 UG 30 vlan1
44.4.12.0 10.195.11.1 255.255.255.0 UG 30 vlan50
44.4.12.0 10.195.13.1 255.255.255.0 UG 30 vlan100
44.4.12.0 10.195.12.1 255.255.255.0 UG 30 vlan51
44.4.28.50 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.28.50 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.28.50 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.28.50 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.32.192 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.32.192 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.32.192 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.32.192 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.38.27 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.38.27 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.38.27 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.38.27 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.39.0 10.161.51.1 255.255.255.248 UG 30 vlan1
44.4.39.0 10.195.11.1 255.255.255.248 UG 30 vlan50
44.4.39.0 10.195.13.1 255.255.255.248 UG 30 vlan100
44.4.39.0 10.195.12.1 255.255.255.248 UG 30 vlan51
44.4.50.1 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.50.1 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.50.1 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.50.1 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.50.2 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.50.2 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.50.2 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.50.2 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.50.3 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.50.3 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.50.3 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.50.3 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.50.4 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.50.4 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.50.4 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.50.4 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.50.5 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.50.5 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.50.5 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.50.5 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.50.6 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.50.6 10.195.11.1 255.255.255.255 UGH 30 vlan50
44.4.50.6 10.195.13.1 255.255.255.255 UGH 30 vlan100
44.4.50.6 10.195.12.1 255.255.255.255 UGH 30 vlan51
44.4.50.9 10.161.51.1 255.255.255.255 UGH 30 vlan1
44.4.50.9 10.195.11.1 255.255.255.255 UGH 30 vlan50
...498 more routes.

IPv6 Routes
------------
Destination Next Hop Flags Metric Interface

Dynamic Routing
------------
ZEBRA
Pid: 1598
State: ENABLED RUNNING LICENSED CFGSYNC

RIP
Pid: 0
State: LICENSED

OSPF
Pid: 1599
State: ENABLED RUNNING LICENSED CFGSYNC

BGP
Pid: 0
State: LICENSED

RIPng
Pid: 0
State: LICENSED

OSPFv3
Pid: 0
State: LICENSED

RIP
------------
Feature is not enabled

OSPF
------------
OSPF Routing Process, Router ID: 10.161.51.3
Supports only single TOS (TOS0) routes
This implementation conforms to RFC2328
RFC1583Compatibility flag is disabled
Initial SPF scheduling delay 200 millisec(s)
Minimum hold time between consecutive SPFs 1000 millisec(s)
Maximum hold time between consecutive SPFs 10000 millisec(s)
Hold time multiplier is currently 1
SPF algorithm last executed 6m29s ago
SPF timer is inactive
Refresh timer 10 secs
This router is an ASBR (injecting external routing information)
Number of external LSA 523. Checksum Sum 0x010fdf96
Number of areas attached to this router: 3

Area ID: 0.0.0.0 (Backbone)
Number of interfaces in this area: Total: 6, Active: 6
Number of fully adjacent neighbors in this area: 8
Area has no authentication
SPF algorithm executed 12 times
Number of LSA 8
Number of router LSA 3. Checksum Sum 0x00023103
Number of network LSA 5. Checksum Sum 0x00023067
Number of summary LSA 0. Checksum Sum 0x00000000
Number of ASBR summary LSA 0. Checksum Sum 0x00000000
Number of NSSA LSA 0. Checksum Sum 0x00000000

Area ID: 10.0.0.4
Shortcutting mode: Default, S-bit consensus: ok
Number of interfaces in this area: Total: 0, Active: 0
Number of fully adjacent neighbors in this area: 0
Area has no authentication
Number of full virtual adjacencies going through this area: 0
SPF algorithm executed 12 times
Number of LSA 1
Number of router LSA 1. Checksum Sum 0x00003c60
Number of network LSA 0. Checksum Sum 0x00000000
Number of summary LSA 0. Checksum Sum 0x00000000
Number of ASBR summary LSA 0. Checksum Sum 0x00000000
Number of NSSA LSA 0. Checksum Sum 0x00000000

Area ID: 10.196.4.1
Shortcutting mode: Default, S-bit consensus: ok
Number of interfaces in this area: Total: 0, Active: 0
Number of fully adjacent neighbors in this area: 0
Area has no authentication
Number of full virtual adjacencies going through this area: 0
SPF algorithm executed 12 times
Number of LSA 1
Number of router LSA 1. Checksum Sum 0x00003c60
Number of network LSA 0. Checksum Sum 0x00000000
Number of summary LSA 0. Checksum Sum 0x00000000
Number of ASBR summary LSA 0. Checksum Sum 0x00000000
Number of NSSA LSA 0. Checksum Sum 0x00000000

============ OSPF network routing table ============
N 10.0.3.0/30 [20] area: 0.0.0.0
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N 10.161.51.0/24 [10] area: 0.0.0.0
directly attached to vlan1
N 10.195.10.0/24 [20] area: 0.0.0.0
via 10.161.51.2, vlan1
via 10.195.11.2, vlan50
via 10.195.13.2, vlan100
via 10.195.12.2, vlan51
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N 10.195.11.0/24 [10] area: 0.0.0.0
directly attached to vlan50
N 10.195.12.0/24 [10] area: 0.0.0.0
directly attached to vlan51
N 10.195.13.0/24 [10] area: 0.0.0.0
directly attached to vlan100
N 44.56.53.0/28 [10] area: 0.0.0.0
directly attached to eth4
N 192.168.112.0/24 [10] area: 0.0.0.0
directly attached to tun0

============ OSPF router routing table =============
R 10.161.51.1 [10] area: 0.0.0.0, ASBR
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
R 10.161.51.2 [10] area: 0.0.0.0, ASBR
via 10.161.51.2, vlan1
via 10.195.11.2, vlan50
via 10.195.13.2, vlan100
via 10.195.12.2, vlan51

============ OSPF external routing table ===========
N E1 44.2.2.0/24 [30] tag: 0
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N E1 44.2.4.0/29 [30] tag: 0
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N E1 44.2.5.0/25 [30] tag: 0
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N E1 44.2.10.0/29 [30] tag: 0
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N E1 44.2.14.0/29 [30] tag: 0
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N E1 44.2.50.0/29 [30] tag: 0
via 10.161.51.1, vlan1
via 10.195.11.1, vlan50
via 10.195.13.1, vlan100
via 10.195.12.1, vlan51
N E1 44.4.2.152/29 [30] tag: 0

Do you agree this looks like an ROS bug?

Here's a snippet from my ROS config:

/interface ipip
add !keepalive local-address=24.115.112.147 name=ampr-2.14.5.97 \
remote-address=2.14.5.97
add !keepalive local-address=24.115.112.147 name=ampr-2.87.29.190 \
remote-address=2.87.29.190
add !keepalive local-address=24.115.112.147 name=ampr-5.174.15.97 \
remote-address=5.174.15.97
add !keepalive local-address=24.115.112.147 name=ampr-5.51.216.19 \
remote-address=5.51.216.19
...
add !keepalive local-address=24.115.112.147 name=ampr-220.233.86.207 \
remote-address=220.233.86.207
add !keepalive local-address=24.115.112.147 name=ampr-220.245.50.125 \
remote-address=220.245.50.125
add comment="UCSD AMPR Gateway" !keepalive local-address=24.115.112.147 name=\
ucsd-gw remote-address=169.228.66.251

set "Ether 3 - HAMnet" comment="Ether 3 - HAMnet"
set "Local LAN" comment="Ether 1 - Trusted (Local LAN)"
set "SECV Cable 100m" comment="Ether 0 - External"
set ampr-2.14.5.97 discover=no
set ampr-2.87.29.190 discover=no
set ampr-5.174.15.97 discover=no
set ampr-5.51.216.19 discover=no
set ampr-5.9.41.21 discover=no
set ampr-8.25.156.142 discover=no
...
set ampr-216.253.203.30 discover=no
set ampr-217.173.179.95 discover=no
set ampr-220.233.86.207 discover=no
set ampr-220.245.50.125 discover=no
set ucsd-gw comment="UCSD AMPR Gateway"
/routing ospf area
add area-id=10.196.4.1 name=shul
/routing ospf instance
set [ find default=yes ] redistribute-static=as-type-1 router-id=10.161.51.1
/ip address
add address=10.161.51.1/24 interface="Local LAN" network=10.161.51.0
add address=10.195.11.1/24 interface=vlan50 network=10.195.11.0
add address=10.195.10.1/24 interface="Local LAN" network=10.195.10.0
add address=192.168.88.1/24 comment="Mikrotik default LAN network" interface=\
Backdoor network=192.168.88.0
add address=10.195.55.254/24 comment=BentLimbFarms disabled=yes interface=\
"Local LAN" network=10.195.55.0
add address=10.195.56.254/24 comment="farm barn lan - test" disabled=yes \
interface="Local LAN" network=10.195.56.0
add address=10.0.3.2/30 interface=FW-Core100 network=10.0.3.0
add address=10.195.12.1/24 interface=vlan51 network=10.195.12.0
add address=10.195.13.1/24 interface=vlan100 network=10.195.13.0
add address=44.56.53.1/28 comment="HamVLAN 44.56.53.0/28" interface=\
"Ether 3 - HAMnet" network=44.56.53.0
add address=44.56.53.1/8 interface=ucsd-gw network=44.0.0.0
/ip firewall filter
add chain=input comment="RIP - AMPRNet" dst-port=520 in-interface=ucsd-gw \
log=yes log-prefix="Accept RIP: " protocol=udp src-address=44.0.0.1 \
src-port=520
add chain=input comment="IP Encap - AMPRnet" in-interface="SECV Cable 100m" \
log=yes log-prefix="Accept IP Encap: " protocol=ipencap
add chain=input comment="allow AMPRNet traffic in" log=yes log-prefix=\
"AMPR Net Accept: " src-address-list=AMPRNet
add chain=input comment="allow ICMP" log=yes log-prefix="ICMP Accept: " \
protocol=icmp
add chain=input comment="allow traffic from dude" src-address-list=Dude
add action=drop chain=input comment="drop inbound DNS" dst-port=53 \
in-interface="SECV Cable 100m" log=yes log-prefix="DROP DNS: " protocol=\
udp
add action=drop chain=input comment="drop any ntp inbound" disabled=yes \
dst-port=123 in-interface="SECV Cable 100m" log=yes log-prefix=\
"DROP NTP: " protocol=udp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 log=\
yes log-prefix="DROP FTP: " protocol=tcp src-address-list=ftp_blacklist
/ip firewall nat
add action=redirect chain=dstnat comment=\
"Force going through router DNS cache" dst-port=53 protocol=tcp to-ports=\
53
add action=redirect chain=dstnat comment="Force using router DNS cache" \
dst-port=53 protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="50m modem" dst-port=8888 protocol=\
tcp to-addresses=192.168.100.1 to-ports=80
add action=masquerade chain=srcnat comment="WA4ZLW AMPRNet --> Internet NAT" \
log=yes log-prefix="WA4ZLW NAT --> Internet" out-interface=\
"SECV Cable 100m" src-address-list=wa4zlw
add action=masquerade chain=srcnat comment=\
"NAT for local outbound traffic needs to be last rules" log=yes \
log-prefix="DATA NAT: " out-interface="SECV Cable 100m" src-address-list=\
BWW
/ip route
add comment="Default UCSD reply route" distance=250 gateway=ucsd-gw \
routing-mark=44net
add check-gateway=ping distance=5 dst-address=10.196.4.0/24 gateway=\
10.161.51.3
add distance=50 dst-address=44.2.2.0/24 gateway=ampr-157.130.198.190 \
pref-src=44.56.53.1
add distance=50 dst-address=44.2.4.0/29 gateway=ampr-50.250.204.153 pref-src=\
44.56.53.1
add distance=50 dst-address=44.2.5.0/25 gateway=ampr-176.183.139.74 pref-src=\
44.56.53.1
add distance=50 dst-address=44.2.10.0/29 gateway=ampr-71.130.72.52 pref-src=\
44.56.53.1
....
add distance=50 dst-address=44.208.0.0/16 gateway=ampr-94.101.48.134 \
pref-src=44.56.53.1
add distance=50 dst-address=44.208.58.0/28 gateway=ampr-82.61.68.61 pref-src=\
44.56.53.1
add distance=50 dst-address=44.224.0.0/15 gateway=ampr-141.75.245.225 \
pref-src=44.56.53.1
add check-gateway=ping distance=1 dst-address=192.168.0.0/24 gateway=\
10.161.51.2 scope=5
/ip route vrf
add interfaces=ucsd-gw routing-mark=44rip
/routing ospf area range
add area=backbone disabled=yes
add area=backbone range=10.161.51.0/24
add advertise=no area=shul range=10.196.4.0/24
add advertise=no area=shul range=10.196.5.0/24
add advertise=no area=shul range=10.196.6.0/24
add advertise=no area=farm disabled=yes range=10.195.55.0/24
add advertise=no area=farm disabled=yes range=10.195.54.0/24
add area=backbone range=10.0.3.0/24
add area=backbone range=10.195.10.0/24
add area=backbone range=10.195.11.0/24
add area=backbone range=10.195.12.0/24
add area=backbone range=10.195.13.0/24
add area=backbone range=10.195.14.8/30
add area=backbone disabled=yes range=44.56.53.0/28
/routing ospf network
add area=backbone disabled=yes
add area=backbone network=10.161.51.0/24
add area=shul network=10.196.4.0/24
add area=farm disabled=yes network=10.195.55.0/24
add area=farm disabled=yes network=10.195.54.0/24
add area=backbone network=10.0.3.0/24
add area=backbone network=10.195.10.0/24
add area=backbone network=10.195.11.0/24
add area=backbone network=10.195.12.0/24
add area=backbone network=10.195.13.0/24
add area=backbone network=10.195.14.8/30
add area=backbone disabled=yes network=44.56.53.0/28
/routing prefix-lists
add action=discard chain=ampr prefix=44.0.0.1/32
add chain=ampr prefix=44.0.0.0/8
add action=discard chain=ampr
add action=discard chain=none
add chain=all
/routing rip
set distribute-default=if-installed garbage-timer=20m redistribute-connected=\
yes routing-table=44rip timeout-timer=10m update-timer=5m
/routing rip interface
add authentication=simple authentication-key=<password> in-prefix-list=\
ampr interface=ucsd-gw out-prefix-list=none passive=yes receive=v2
/routing rip network
add network=44.0.0.0/8
/system scheduler
add comment="AMPRNet RIP Updater every 15 minutes" interval=15m name=AMPRNet \
on-event=AMPRNet policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
/system script
add name=AMPRNet owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
\n# -------------------------------------------------------------\r\
\n# Setup parameters (change as needed)\r\
\n# -------------------------------------------------------------\r\
\n# your gateway IP\r\
\n:local myip \"24.115.112.147\" ;\r\
\n# router local AMPR IP\r\
\n:local myampr \"44.56.53.1\" ;\r\
\n# routing distance for AMPR routes\r\
\n:local mydistance 50 ;\r\
\n# -------------------------------------------------------------\r\
\n\r\
\n#\r\
\n# process tunnels from RIPv2 information\r\
\n#\r\
\n:foreach tunnel in=[/routing rip route find from=44.0.0.1] do={\r\
\n :local subnet [/routing rip route get \$tunnel dst-address] ;\r\
\n :local gw [/routing rip route get \$tunnel gateway] ;\r\
\n :local ifname (\"ampr-\" . \$gw) ;\r\
\n :local runtime [/system clock get date] ;\r\
\n\r\
\n :delay 10ms\r\
\n\r\
\n # only if it is not our gateway\r\
\n :if (\$gw != \$myip) do={\r\
\n # create tunnel if it doesn't exist\r\
\n :if ([/interface ipip find name=\$ifname] = \"\") do={\r\
\n /interface ipip add !keepalive clamp-tcp-mss=yes\r\
\nlocal-address=\$myip remote-address=\$gw name=\$ifname comment=(\"Added \
on \".\r\
\n\$runtime)\r\
\n /ip neighbor discovery set \$ifname discover=no\r\
\n }\r\
\n\r\
\n # change/add route\r\
\n :local amprupd false ;\r\
\n # we can have nore than one route\r\
\n :foreach myroute in=[/ip route find dst-address=\$subnet\r\
\n!routing-mark] do={\r\
\n :delay 10ms\r\
\n :if ( \$myroute != \"\") do={\r\
\n # gateway is an array !!! Get the first string\r\
\n :local intf [:pick [/ip route get \$myroute gateway] 0] \
;\r\
\n # check if the interface starts with 'ampr-'\r\
\n :if ([:pick \$intf 0 [:find \$intf \"-\"]] = \"ampr\") d\
o={\r\
\n # update if needed\r\
\n :if ( \$intf != \$ifname) do={\r\
\n /ip route remove \$myroute\r\
\n /ip route add dst-address=\$subnet gateway=\$ifn\
ame\r\
\ndistance=\$mydistance pref-src=\$myampr comment=(\"Updated on \". \$runt\
ime)\r\
\n :set \$amprupd true ;\r\
\n } else={\r\
\n # route is up to date\r\
\n :set \$amprupd true ;\r\
\n }\r\
\n }\r\
\n }\r\
\n }\r\
\n\r\
\n # if not updated previously add the route\r\
\n :if (\$amprupd = false) do={\r\
\n /ip route add dst-address=\$subnet gateway=\$ifname\r\
\ndistance=\$mydistance pref-src=\$myampr comment=(\"Added on \". \$runtim\
e)\r\
\n }\r\
\n\r\
\n }\r\
\n\r\
\n}\r\
\n\r\
\n# check obsolete stuff only if RIP data is available\r\
\n:if ([/routing rip route find from=44.0.0.1] != \"\") do={\r\
\n\r\
\n # check and remove obsolete routes\r\
\n :foreach myroute in=[/ip route find pref-src=\$myampr] do={\r\
\n :delay 10ms\r\
\n :if ( \$myroute != \"\") do={\r\
\n # gateway is an array !!! Get the first string\r\
\n :local intf [:pick [/ip route get \$myroute gateway] 0] ;\r\
\n # check if the interface starts with 'ampr-'\r\
\n :if ([:pick \$intf 0 [:find \$intf \"-\"]] = \"ampr\") do={\
\r\
\n :local mysubnet ([/ip route get \$myroute dst-address]) \
;\r\
\n # check if the subnet is in RIP data, remove if not ther\
e\r\
\n :if ([/routing rip route find dst-address=\$mysubnet] = \
\"\")\r\
\ndo={\r\
\n /ip route remove \$myroute\r\
\n }\r\
\n }\r\
\n }\r\
\n }\r\
\n\r\
\n # check and remove obsolete interfaces\r\
\n :foreach mytunnel in=[/interface ipip find] do={\r\
\n :delay 10ms\r\
\n # check if the interface starts with 'ampr-'\r\
\n :local intf [/interface ipip get \$mytunnel name] ;\r\
\n :if ([:pick \$intf 0 [:find \$intf \"-\"]] = \"ampr\") do={\r\
\n # check if tunnel is used by any route\r\
\n :if ([/ip route find gateway=\$intf] = \"\") do={\r\
\n /interface ipip remove \$mytunnel\r\
\n }\r\
\n }\r\
\n }\r\
\n}\r\
\n\r\
\n\r\
\n:log info \"AMPR script end\"\r\
\n"
/system watchdog
set watchdog-timer=no

wa4zlw · Mon Feb 29, 2016 1:26 pm

anyone from Mikrotik here?: THis i s a problem!

thank you Leon

Mon Feb 29, 2016 6:10 pm

This is too much to go through (at least for me)

A network diagram might be much more helpful here, as I'm not clear on what your goals are.
In general, if your OSPF process doesn't have redistribute static/connected/rip/bgp active, then it should be pretty much isolated from the rest of the protocols, and won't share anything with other routers in the OSPF domain...

Could another OSPF device be the source of the EXT1 routes?
Open one and look at the originating router ID to make sure.

EDIT: The Originator is shown on EXT routes in the LSA tab.

wa4zlw · Tue Mar 01, 2016 1:08 pm

good morning...looking at my ospf routing table it seems the AMPRnet routes are IMPORTED EXT 1. THe only place it's coming from is RIP. If I have Redistribute RIP routes set to know why is OSPF distributing it? The way I see it the gateway should have all the routes.Having a static in my local network for 44.0.0.0/8 --> 44.56.53.1 should be all that is necessary to route AMPRNet traffic in my LAN. OSPF should not distribute stuff I am telling it not to.

That's the simple question.

leon

StubArea51 · Tue Mar 01, 2016 5:41 pm

It doesn't look like this is a bug

It appears you are redistributing static routes in OSPF and the prefixes listed in OSPF as external match the static routes in your config. My guess is that's where your OSPF routes are coming from and not RIP.

The other clue is they are showing up as Type 1 external and that's exactly what your static routes are set to redistribute as.

wa4zlw · Tue Mar 01, 2016 9:08 pm

this is confusing me more and more...I'll look at it again tonight. SO the RIP routes are being imported as statics? I think I even disabled redistributing statics and nothing happened

leon

StubArea51 · Tue Mar 01, 2016 9:22 pm

Might be helpful to post a supout.rif.

I'm familiar with 44.0.0.0/8 a little bit since I am also KE5JKE

wa4zlw · Wed Mar 02, 2016 4:20 am

ah another ham great!

i didnt have time to do some work in the basement tonight; will try tomorrow.

I'll get a suppout too

leon

docmarius · Wed Mar 02, 2016 2:40 pm

Leon, the RIP routes are just the input data for the script, which create connected routes in the main routing table.
So yes, if your OSPF is set to redistribute connected, it will redistribute them, but the source is not RIP, it is the list of script generated routes.
But you can create and use an output filter on OSPF, to drop 44.0.0.0/8 with prefix length 8-32:

/routing filter
add action=discard chain=no-44net prefix=44.0.0.0/8 prefix-length=8-32
add action=accept chain=no-44net

Marius, YO2LOJ

wa4zlw · Wed Mar 02, 2016 3:21 pm

Hi Marius....RESDISTRIBUTE CONNECTED is NO on both RIP and OSPF.
I added the filter and I still see the entries in the routing table and it is propagating out too.

73 leon

Wed Mar 02, 2016 6:06 pm

This leads me to believe that another OSPF router is injecting the routes. Can you confirm which router is injecting the E1 routes by checking the LSA table?

wa4zlw · Thu Mar 03, 2016 1:25 am

Hi folks...the other night I noticed something weird on my spare MTK where I was putting my local hamnet on a VLAN. I think there may be something happening here. This box has an interface now with a local AMPRnet address but I havent had time to go into the basement and connect that cable to my managed switch. I think it's looping back around thru this box possibly. I want to be downstairs not only to connect it up but make sure I dont get a loop created too.

standby till tomorrow

thanks leon

wa4zlw · Thu Mar 03, 2016 1:27 am

looking at the router the LSA table shows the AMPRnet RIP routes as external. That would seem to make sense to me.

leon

Thu Mar 03, 2016 10:47 pm

looking at the router the LSA table shows the AMPRnet RIP routes as external. That would seem to make sense to me.

leon

There's a column in the LSA table "Originator"

Look at that IP and see who is originating the E1 routes - it might be some other OSPF router. (note that the "address" there is actually the originating router's OSPF-ID which is not necessarily an actual IP address on the router itself....

wa4zlw · Fri Mar 04, 2016 3:20 am

Hi there...won't be able to do work in basement till weekend. I checked the LSA table and the originator is the same router. the AMPRNet gateway

Leon

Fri Mar 04, 2016 9:32 pm

Out of curiosity - when you created the filter that Docmarius suggested - did you actually apply it to anything or did you just create the filter?
It should be applied as "Out Filter" on the OSPF instance (it seems like it should be an in filter, but I think it only works on the out filter)

Let's take a step back and think logically:
- there are E1 external routes in OSPF
- external routes occur whenever a router redistributes them into OSPF
- therefore some OSPF router MUST be configured to redistribute something

If you go through the OSPF instance configuration and set redistribute ____ routes = NO for all possible sources, then these routes should go away.
If not, then one of two things is possible:
- some other router is the one doing the redistribution
- your router has a serious flaw where it just chooses to redistribute routes no matter what you tell it.

Almost certainly all of the E1 routes should go away if you disable all forms of redistribution...

- enable only one redistribution source - if the routes return, then you know that is their source. It could be connected routes, it could be RIP, it could be static, it could be lots of things. According to those who've read the script source more thoroughly than I, the script creates static routes based on the RIP routes. It could be that this is the source. The filter is really what you need to have implemented if you want to use any form of redistribution.

wa4zlw · Sat Mar 05, 2016 1:50 am

Hi there! I think I just fixed it!

In the OSPF instance I had redistribute statics ON. Turned it off and bingo!

I'll have to peruse the network and see what else it's doing.

The OSPF instance and In Filter as ospf-in and Out filter as ospf-out.

I think we got it but want to muck around with things this weekend and fine tune some more.

thanks all will keep everyone in the loop

leon

StubArea51 · Sat Mar 05, 2016 6:48 pm

That was my guess from earlier in the thread as it showed up in your export....glad you figured it out!

wa4zlw · Sat Mar 05, 2016 7:22 pm

yeah thanks I just didnt see it - senior moments

Leon

StubArea51 · Sun Mar 06, 2016 3:11 pm

yeah thanks I just didnt see it - senior moments

Leon

,

No worries, I'm only 38, but with two small children I have many, many "Senior" moments

OSPF bug on 6.34.2?

OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Re: OSPF bug on 6.34.2?

Who is online