Category Archives: Network

Networking topics – primary about Cisco.

MIkrotik packet loss (Ping <70%)

Today I experienced an interesting story with my Mikrotik router at home. While updating the PiHole instance the system hat quite some problems obtaining either system updates but also the PiHole update packages. A ping on 9.9.9.9 showed that the Raspberry – on which the PiHole was hosted – had somewhat between 70-80% packet loss. Pinging the same IP from a Windows machine resulted in 0% packet.

All this happened only on wired connections but did not cause any problmes when connected via wifi.

As the Raspberry is directly attached to the Mikrotik router I also tried to connect it via a switch in between as that’s the setup for the windows machine. Same behavior.
Running pings from 3 Linux systems in the network and two Windows systems (even with exchanging network connections to be directly connected to the Mikrotik and connecting through the switch) came up with an interesting result:
All Windows machines had hardly any packet loss in 10 mins (<3%) and all the Linux systems had somewhat between 70%-80% packet loss (tested with a ping).
Any ping that involved the Mikrotik routers L2 functionality seemed to result in packet loss on the Linux machines.
Pinging any other machine on the same subnet worked without problems, but as soon as there was one hob in between the problem occurred.

Interestingly the problem vanished as far as the Torch tool was activated and no more packet loss occurred on any of the systems.

After some additional troubleshooting time (and disabling nearly all Mikrotik-configuration -> Firewall-Rules/Interfaces) the problem seemed to be with the Bridge interface used. It seems that the deactivation of the IP Firewall for the bridge interface caused the problem. After enabling it the behavior vanished and all systems no longer had any packet loss issues.

[admin@MikroTik] /interface bridge settings> /interface bridge settings 
[admin@MikroTik] /interface bridge settings> set use-ip-firewall yes    

Create you onw 4to6-tunnel / Access IPv6 service from IPv4 address

With my recent ISP-change for my internet at home there where quite a lot of changes. One of that changes was, that UPC – my current provider – uses DualStack Lite.
For me it’s the first ISP that really provides IPv6. So that’s pretty cool and I finally had the chance (was forced) into digging deeper into IPv6.

In general everything is working quite well but, as it’s dual stack lite my router doesn’t provide an option to do some portforwarding to one of my hosts inside my local network. At least not for IPv4 connections. So I have no chance to access one of my devices via my public IPv4 address what becomes a problem when I want to connect to my home network via VPN from an IPv4 only network.

I couldn’t find any suitable 4to6 tunnel broker that lets me access my IPv6-devices through an IPv4 address, but luckily I have a VPS that runs on real dualstack and therefor has an IPv4 and IPv6 address.

So to access my IPV6 VPN server in my private network from an IPv4 only network I created an SSH-tunnel from my VPN-server (that runs on a Raspberry PI) to my VPS and forwarded the OpenVPN port.

To do that the VPS’ sshd-configuration needs to be adapted to expose forwarded ports to it’s public IP-address(es). For that the following setting needs to be added to/ changed in the sshd_config:

GatewayPorts yes

 

After that I created the following script on my VPN-Raspberry:

#!/bin/bash

varConnectionString="-nNT -R 1194:localhost:1194 <username>@<servername> -p <port>"

if [[ $(ps aux | grep -v "grep" | grep "$(echo $varConnectionString | sed 's/^-/\\-/g')") ]]; then

echo "Found active connection"

else

echo "No active connection found"
ssh $(echo $varConnectionString) &
fi
create SSH-tunnel

That script is added to be exectuted every half hour as a cronjob. So if the connection (for whatever reason) gets diconnected it will automatically reconnect to the VPS and forward the port again.

 

VMware Workstation Player – No Bridge Adapter available

Lately Microsoft convinced me to upgrade my Windows 7 @ home up to Windows 10. When I upgraded my Windows I checked all the installed tools for Upgrades and also upgrade my old VMware Player 6 to the new VMware Workstation Player 12.
Today I was playing with MDT at home and wanted to set up a test VM to check if everything is working, but I was not able to get the bridged interface working.
I was able to selct it, but I didn’t get an IP from my DHCP so I thought I’ll disable all adapter except the LOM which is connected to my Router, but there were no adapters. šŸ™

VMwareWokrstationPlayerBridge

 

After a little bit of investigating I found out, that my LOM didn’t have the VMware Bridge ServiceĀ installed.Ā VMwareBridgeService

After installing the service I was able to set up the bridge adapter for the VM.

 

 

Cisco Deployment Guide

Today I received an useful link regarding Cisco L2 Access Switch-deployments with some interesting settings I wasn’t aware of till know.
The document is available via the following Link.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Oct2015/CVD-Campus_LAN_L2_Access_Simplified_Dist_Deployment-Oct2015.pdf