Community discussions

MikroTik App
 
auraflex
just joined
Topic Author
Posts: 2
Joined: Tue Jun 04, 2024 2:21 pm

How CHR choose ARP src-ip when there is more 2 ipv4 adressed on same nic

Tue Jun 04, 2024 3:41 pm

Hi community, CHR team,

I would like to validate a CHR setup that requires 2 IPv4 addresses on the same nic.
for isolation consideration we set ip adresses with /32 netmask
the IP 169.254.10.1/32 give the connectivity to the GW IP 169.254.10.6 and publique IP is used for internet routing stuff
the default gw is sourced with pub IP to grant CHR internet connectivité naturally (without nat)
[test@test] > ip/address/print 
 #   ADDRESS            NETWORK         INTERFACE                  
1   82.abc.def.241/32  82.abc.def.241  ether3-INTERCO-PUB             
2   169.254.10.1/32    169.254.10.6    ether3-INTERCO-PUB  
[test@test] > ip/route/print
 #      DST-ADDRESS        GATEWAY                          DISTANCE
 1  As  0.0.0.0/0          169.254.10.6                                   1
 ...
.
the result is a success, all working as expect
However, I need to be sure that CHR will never choose the public ip as ARP src-ip when private is available

so for comparison I did the same test on a linux (debian)
By default linux kernel arbitrarely choose private or public IP at boot for ARP annoucements , so it break my setup
And why it doesnt prefer one ip over the other is because the kernel have no idea which IP need to be prefered
intuitively, we might think that the connected route 169.254.10.6/32 src 169.254.49.1 would do the job, but it doesn't !
it's still possible to force preference with the following configuration :
the private address must have a network that includes the GW ip (enlarge netmask -> 169.254.49.1/23 to include GW ip 169.254.10.6)
set sysfs arp_announce=2 to ensure that the private IP will be prefered for arp announces when it is available
With this settings it fully works

to make sure my setup is fully reliable, I'd like to understand how routerOS ensures that private IP will be prefered for arp announces when the 2 addresses are in /32

best regards

maxime
 
tdw
Forum Guru
Forum Guru
Posts: 2032
Joined: Sat May 05, 2018 11:55 am

Re: How CHR choose ARP src-ip when there is more 2 ipv4 adressed on same nic

Tue Jun 04, 2024 7:34 pm

If the public address is routed via the private address it should not be attached to the interface, but rather exist on a loopback interface and the preferred source address set for traffic originated from the Mikrotik itself.

/interface bridge
add name=local protocol-mode=none
/ip address
add address=169.254.10.1 network=169.254.10.6 interface=ether3-INTERCO-PUB
add address=82.abc.def.241 interface=local
/ip route
add distance=1 gateway=169.254.10.6 pref-src=82.abc.def.241
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether3-INTERCO-PUB to-addresses=82.abc.def.241

Who is online

Users browsing this forum: No registered users and 8 guests