Often, we come across a combination of Ruckus ICX switches and MikroTik RouterOS gateways. This is a common setup especially in Hospitality and Education because MikroTik offers very high performance routing functionality at a low cost. Ruckus offers the same on the LAN wired and Wi-Fi side, so they’re a perfect combination.
MikroTik routers also have a DNS cache feature, where the MikroTik router is configured to query a public DNS server such as Google DNS (8.8.8.8), while internal devices are configured to use MikroTik as their DNS server, keeping private DNS traffic within the network.
Network Time Protocol is a less well-known protocol but it is used by virtually all devices. It’s a simple protocol to synchronise the time of a device with a public time server. This is especially useful for devices like switches which will lose track of time (literally) when they are rebooted or powered off.
The issue is caused by a specific combination of NTP server and DNS server.
Specifically, if you use a specific private DNS server (MikroTik router v6.49.7), and set pool.ntp.org as the NTP server, the switch crashes as soon as it tries to resolve the NTP address.
Any other combination (using Google DNS servers or use time.nist.gov or ntp.ruckuswireless.com instead of pool.ntp.org), and the switch doesn’t crash.
In summary:
| IP assignment | Gateway set? | DNS set? | Address defined as NTP server | Crashes? |
|---|---|---|---|---|
| DHCP | Yes (from DHCP) | Yes (internal, from DHCP) | none | No |
| DHCP | Yes (from DHCP) | Yes (internal, from DHCP) | Pool.ntp.org | YES |
| DHCP | Yes (from DHCP) | Yes (internal, from DHCP) | 129.6.15.28 (NIST) | No |
| Static | No | No | Pool.ntp.org | No |
| Static | Yes | Yes (internal) | Pool.ntp.org | YES |
| Static | Yes | Yes (internal) | 193.136.152.72* | No |
| Static | Yes | Yes (internal) | Time-a.nist.gov | No |
| Static | Yes | Yes (internal) | ntp.ruckuswireless.com | No |
| Static | Yes | Yes (8.8.8.8) | Pool.ntp.org | No |
| Static | Yes | Yes (8.8.8.8) | Time-a.nist.gov | No |
*This is the IP that was resolved when I tried to ping from the switch to pool.ntp.org.
It’s pretty obvious. Simply don’t use MikroTik DNS as the DNS server for your switches, or use a different NTP server. I chose the latter as MikroTik DNS otherwise works perfectly fine.
Thank you for playing - please call again.
This is an independent blog written and maintained by Andrea Coppini. Any errors and omissions excepted.