Portál AbcLinuxu, 5. května 2025 05:04
Ahoj, je zde nejaky makac na OSPF v mikrotiku? Snazim se agregovat odchozi routy OSPF na mikrotiku, cilem je aby aby z mhona statickych router napr. /30 vylezla jen jedna routra /24 protoze stejne cely subnet /24 slouzi jen pro tuto cast site, ale nejak se mi to nedari najit.
Zkousel jsem area range, ale bez uspechu, pak jsou zde nejake /routing filter, ktere zrejme lze aplikovat na OSPF (v instace vidim parametry in/out-filter) ale nejak se mi ty filtry nedari pouzivat.
Dokaze nekdo poradit? Diky Jarda
For example you have many/32 ip addresses /interface bridge add name=lo0 /ip address add address=172.16.1.1/32 interface=lo0 add address=172.16.1.2/32 interface=lo0 add address=172.16.1.3/32 interface=lo0 add address=10.1.1.1/24 interface=ether1 configure ospf as passive on lo0 interface /routing ospf interface add interface=lo0 passive=yes add area and area range /routing ospf area add name=test /routing ospf area range add area=test range=172.16.1.0/24 now add ospf networks /routing ospf network add network=10.1.1.0/24 area=backbone add network=172.16.0.1/24 area=test Now on other backbone routers you will see aggregated 172.16.1.0/24 route instead of three /32 routesNN
Diky, vypada to dobre.
Rovnou se zeptat jeste na jeden problem, aby nedelal novou diskuzi.
---
Mam mikrotik na platforme x86, upgradovany na verzi 5.7 (posledni stable) tento box ma jako jediny problem s OSPF, vidim ostatni routery v /router ospf neighbor ve stavu Init, nikam dal se to neposune v logu se ukazuje hlaska
route,ospf,info Ignoring Link State Acknowledgment packet: wrong peer state
route,ospf,info state=Init
Pokud vedle pripojim jiny box (RB433) nakonfiguruji ji identicky tak vse jede OK.
Nejprve jsem si myslel, ze problem je v natech, protoze je jich na x86 boxu opravdu hodne, s velkou bolesti jsem je vsechny ostavil, taktez /ip firewall filter jsem potlacil, ale bez efektu.
Nekde jsem cetl, ze problem dela ruzny cas na boxem, ten mam srovnany z jednoho zdroje (NTP serveru).
Vyzkousel jsem i prehozeni na jinou sitovku (rozumej, prehodil jsem vlanu na druhy interface), komunikace v ramci vlan (ping chodi bez potizi), ano vim, ze OSPF pouziva defaultne multicast.
Zajimave je, ze pokud udelam na tomto boxu traffic monitor /tool torch interface=vlanXYZ ip-protocol=ospf tak vidim, ze na box prichazeji pakety ospf, ale zadne neodchazeji pryc, co je spatne, tim si to cele vysvetluji, ale bohuzel uz netusim kde hledat a jak hledat problem a proc OSPF neochazi (citace na jinych boxech ukazuji prijate packety od tohoho neibra 0).
Nevedel by nekde jak to diagnostikovat?
Jarda
route,ospf,debug RECV: Hello <- 172.31.15.67 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug RECV: Hello <- 172.31.15.69 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug SEND: Hello 172.31.15.66 -> 224.0.0.5 on vlan101 route,ospf,debug RECV: Hello <- 172.31.15.70 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug RECV: Hello <- 172.31.15.65 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug Received packet from an unknown network: route,ospf,debug source=172.31.15.18 route,ospf,debug RECV: Hello <- 172.31.15.67 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug RECV: Hello <- 172.31.15.69 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug SEND: Hello 172.31.15.66 -> 224.0.0.5 on vlan101 route,ospf,debug RECV: Hello <- 172.31.15.70 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug RECV: Hello <- 172.31.15.65 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug Received packet from an unknown network: route,ospf,debug source=172.31.15.18 route,ospf,debug RECV: Hello <- 172.31.15.67 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug RECV: Hello <- 172.31.15.69 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug SEND: Hello 172.31.15.66 -> 224.0.0.5 on vlan101 route,ospf,debug RECV: Hello <- 172.31.15.70 on vlan101 (172.31.15.66) route,ospf,debug received options: E route,ospf,debug RECV: Hello <- 172.31.15.65 on vlan101 (172.31.15.66) route,ospf,debug received options: E
/ip firewall nat add action=accept chain=srcnat protocol=89pravidlo patri pred vsechny ostatni NAT-y. Jses si opravdu jisty, ze si neblokujes OSPF pakety firewallem ? NN
Diky zkusim,
jak jsem psal na postizenem boxu jsem zakazal vse co bylo /ip firewall filter + /ip firewall nat , mezi boxi neni nic jineho nez switche, ktere tahaji vlanu 101 mezi sebou vyusti ji do trunk na portu smerem k routeru, problem trasy vylucuji, jinak by nefungoval druhy box, ktery je vedle (433ka) a ten jede ok.
Jarda
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.