MikroTik

Please, help. Let me show my problem: Take a simple hardware with two interfaces, a pub one and a local one. The pub interface has a valid IP config, i.e: 192.168.2.2/30 and NO IP on the local ones. Default route pointing to 192.168.2.1. So far, my routing table looks like this:

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 AS 0.0.0.0/0 r 192.168.2.1 1 ether1
1 ADC 192.168.2.0/30 192.168.2.2 0 ether1

Then I start a PPPOE server on the local interface. My routing table now looks like this:

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 AS 0.0.0.0/0 r 192.168.2.1 1 ether1
1 ADC 192.168.2.0/30 192.168.2.2 0 ether1
2 ADC 192.168.3.1/32 192.168.2.2 0 <pppoe-client1>
3 ADC 192.168.3.2/32 192.168.2.2 0 <pppoe-client2>
4 ADC 192.168.3.3/32 192.168.2.2 0 <pppoe-client3>
5 ADC 192.168.3.4/32 192.168.2.2 0 <pppoe-client4>
6 ADC 192.168.3.5/32 192.168.2.2 0 <pppoe-client5>

Thats OK so far. People are surfing good. Unfortunately, packets coming from outside to a destination 192.168.3.x that is NOT connected go back through the default route and come back again until it expires TTL. I thought that OSPF could solve this problem, then I started OSPF for 192.168.3.0/24. Now my routing table looks like this:

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 AS 0.0.0.0/0 r 192.168.2.1 1 ether1
1 ADC 192.168.2.0/30 192.168.2.2 0 ether1
2 ADoU 192.168.3.0/24 110
3 ADC 192.168.3.1/32 192.168.2.2 0 <pppoe-client1>
4 ADC 192.168.3.2/32 192.168.2.2 0 <pppoe-client2>
5 ADC 192.168.3.3/32 192.168.2.2 0 <pppoe-client3>
6 ADC 192.168.3.4/32 192.168.2.2 0 <pppoe-client4>
7 ADC 192.168.3.5/32 192.168.2.2 0 <pppoe-client5>

The only way I found to solve this was by assign a IP from that network on the local interface. Now my routing table looks like this and finally there is a ICMP host unreachable for hosts from 192.168.3.0/24 that are NOT there:

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 AS 0.0.0.0/0 r 192.168.2.1 1 ether1
1 ADC 192.168.2.0/30 192.168.2.2 0 ether1
2 ADC 192.168.3.0/30 192.168.3.10 0 wlan1
3 ADC 192.168.3.1/32 192.168.2.2 0 <pppoe-client1>
4 ADC 192.168.3.2/32 192.168.2.2 0 <pppoe-client2>
5 ADC 192.168.3.3/32 192.168.2.2 0 <pppoe-client3>
6 ADC 192.168.3.4/32 192.168.2.2 0 <pppoe-client4>
7 ADC 192.168.3.5/32 192.168.2.2 0 <pppoe-client5>

So, here is my questions:
- Why the route number 2 is unreachable via OSPF?
- Is there a way to solve the TTL expire problem other than assign an IP from 192.168.3.x in the local interface?

Thanks in advance.
Ozelo

*sigh* Guess Ive been doing nothing right nor wrong...

Hi there,

i played a little with PPPoE and had simmilar unconclusive results. Still do not know how to set it up correctly with ospf.
How did you set up your Areas? Was it all backbone?

nejc

Hi there,

i played a little with PPPoE and had simmilar unconclusive results. Still do not know how to set it up correctly with ospf.
How did you set up your Areas? Was it all backbone?

nope, backbone area on the "wan" iface... there are stub areas on the other side with inject summary LSA. Ive reading about how to blackhole a network to try solve the TTL expired in transit, but couldn't put it in practice yet.

Do you redistribute connected? Starting it for 192.168.3.0/24 is not going to help alot, seeing that ospf is very aware of subnet masks and the pppoe interface is a /32

no redistribute connected;
no ip, just /32s

Try it. I do about the same, exept I have 2 pppoe-servers that are redundant/loadbalancing. For that I also need to redistibute the route for each pppoe, because any user can authenticate on any pppoe server.

Ive done it already, but nothing changed. If I remove the stub area and let it just redistributing connected, then all /32s are published without any summary. Let me ask: Is there anyone who DONT have that rule flagged as unreachable? Active, dynamic, ospf but NOT unreachable? Without ip on the interface, of course, just pppoe.

I just want the router to answer "host unreachable" instead of "ttl exceeded"...