Probably not relevant to your problem, but where we blackhole route a block for a tower PPPoE pool, we also put in an ospf-out route filter to discard /32 prefix lengths, to avoid the individual /32 routes going in every routing table around our network. Now if you had mobile CPE with static IP assignments that you wanted to follow the CPE around your network, that would be different. But you could still do that with a non-pool address.
From: Robert Haas Sent: Thursday, August 25, 2016 1:44 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness No, I double checked for any more specific routes that encompass that range. I do have my /20 to a null route to keep from ping-pong’ing at edge routers, but I disabled it temporarily with no change. No summary routes – the /32’s end up in the routing table as the sessions terminate. Routing at other sites was correct – I could ping the customer and traceroute to them from the Braggcity router. Directly on the Bernie router it just times out and goes no where. No MPLS I added a static route – one to .208 and a second to .206 (to compare). The correct result would be a ping-pong between Bernie and Braggcity. I attached the screen shot, the .208 just times out while the .206 ping-pongs like it should.. To expand on that – I then added .208 onto the loopback at Hayti. The screen shot shows the Bernie router having the route in the routing table but still the traffic is blackholed.. I’m scratching my head.. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jesse DuPont Sent: Thursday, August 25, 2016 12:47 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik OSPF weirdness Is it possible another router somewhere is announcing x.x.x.208/28 (or /29 or /30)? You mentioned there is no x.x.x.208/32 router in the route table, but what about other prefix lengths? Are you summarizing your PPPoE prefixes into OSPF by putting them into another area and using area-ranges or do all the /32s just end up in all your routers' tables as PPPoE sessions come up? Did you look at the route tables at Braggcity and Ross to ensure they show the correct outgoing iface for that /32 to reach the Hayti router? Are you using MPLS at all? If you add a static route for x.x.x.208/32 to Bernie, Braggcity and Ross, does that make any difference? Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 8/25/16 11:22 AM, Robert Haas wrote: Alright, this problem has raised it head again on my network since I started to renumber some PPPoE pools. Customer gets a new IP address via PPPoE x.x.x.208/32 (from x.x.x.192/27 pool). Customer can’t surf and I can’t ping them from my office: [office] – [Bernie Router] – [Braggcity Router] – [Ross Router] – [Hayti Router] – [customer] A traceroute from my office dies @ the Bernie router but I am not getting any type of ICMP response from the Bernie router ie no ICMP Host Unreachable/Dest unreachable etc – just blackholes after my office router. A traceroute from the Customer to the office again dies at the Bernie router with no type of response. Checking the routing table on the Bernie router shows a valid route pointing to the Braggcity router. It is also in the OSPF LSA’s. -- Another customer gets x.x.x.207/32 and has no issue at all. -- Force the original customer to a new ip address of x.x.x.205/32 and the service starts working again. -- Now – even though there is no valid route to x.x.x.208/32 in the routing table – traffic destined to the x.x.x.208/32 IP is still getting blackholed.. I should be getting a Destination host unreachable from the Bernie router. This is correct the correct response .206 is not being used and there is no route to it: C:\Users\netadmin>ping x.x.x.206 Pinging x.x.x.206 with 32 bytes of data: Reply from y.y.y.1: Destination host unreachable. Reply from y.y.y.1: Destination host unreachable. Ping statistics for x.x.x.206: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), C:\Users\netadmin>tracert 74.91.65.206 Tracing route to host-x.x.x.206.bpsnetworks.com [x.x.x.206] over a maximum of 30 hops: 1 6 ms 6 ms 7 ms z.z.z.z 2 6 ms 6 ms 6 ms y.bpsnetworks.com [y.y.y.1] 3 y.bpsnetworks.com [y.y.y.1] reports: Destination host unreachable. Trace complete. This is what I see to x.x.x.208 even though it is not being used and there is no route to it. C:\Users\netadmin>ping x.x.x.208 Pinging x.x.x.208 with 32 bytes of data: Request timed out. Request timed out. Ping statistics for x.x.x.208: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), C:\Users\netadmin>tracert x.x.x.208 Tracing route to host-x.x.x.208.bpsnetworks.com [x.x.x.208] over a maximum of 30 hops: 1 6 ms 6 ms 6 ms z.z.z.z 2 * * * Request timed out. 3 * * ^C -- I’ve verified there is no firewall that would affect the traffic – I even put an accept rule in the forward chain for both the source and destination of x.x.x.208 and neither increment at all. So the traffic is not even making out of the routing flow and into the firewall.. Any pointers are where to start troubleshooting next?
