[Mikrotik] OSPF flaps and filter rules
Grand Avenue Broadband
grandavebb at grandavebb.com
Sat Jan 7 14:07:10 CST 2017
Input rules work any any port you choose (they also work from the LAN side as well).
Firewall filters and queue trees occasionally get "confused" when interfaces are changed out from under them. When you detect rules in either of these places that should be getting hit but aren't, a good first line of attack is:
export the rules to a file
delete the live rules
re-import the rules from the file
Creating the rules fresh in this manner flushes whatever accumulated cruft is confusing the old ones.
Sometimes just disabling the rules and then re-enabling them works as well, but not as reliably (I used this approach yesterday to correct a predefined queue tree that wasn't shaping traffic on a new gateway interface right after my bandwidth provider activated it.)
As for OSPF, make sure the router IDs on the two new towers are unique; a duplication could cause these symptoms.
> On Jan 7, 2017, at 12:53 PM, Terri Kelley <neteng at farm-market.net> wrote:
> So short version. Due to new land owners we had to chop down a tower, B. Towers A and C were either side passing through B. All running OSPF. We now pass through two new towers going from A to C and ospf flaps like crazy at times. No difference in configs other than changing the neighbors. All are configured that same way as the old path. So it should work. It doesn’t.
> Along with that, the filter rules are the same as always but for some reason the counters are no longer incrementing on the input rules for A and C. The only exception is accept related connections. The only difference I can tell is there is no longer anything plugged into ether1 on A and C. Switching not not being used, they just like most on my network are multi port routers.
> So I guess my two questions are, does port 1 have to be used for the input rules to work? And if that is the case could that cause the flap on OSPF?
> Terri Kelley
> Network Engineer
> Farm to Market Broadband
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20170107/da493501/attachment.html>
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Grand Avenue Broadband -- Wireless Internet Service
Circle City to Wickenburg and surrounding areas
More information about the Mikrotik