How to: Edge router and BNG optimization for ISPs

DarkNate · June 25, 2021, 10:56am

Source:
https://www.daryllswer.com/edge-router-bng-optimisation-guide-for-isps/

JJT211 · July 23, 2021, 4:35am

This is amazing

DarkNate · July 23, 2021, 9:01am

I’m not the author. Give them the shout out.

anav · July 24, 2021, 7:22pm

I love how the article labels the RoS version 6 kernel as ANCIENT :-))

DarkNate · July 24, 2021, 7:58pm

Everybody knows it is. Check the current mainline versions and compare it.

rextended · July 24, 2021, 10:14pm

Yes, is ancient with no doubt.

6.x use the 3.3.5 May 2012

7.1beta6 use the 5.6.3 Jun 2020

8 years are one abyss on technology…

Ask moderators/staff to pin this topic

DarkNate · July 24, 2021, 10:28pm

I don’t know how to reach them? You can ask them to pin it if you want to.

rextended · July 24, 2021, 10:29pm

Done, I hope someone reply.

DarkNate · July 24, 2021, 10:46pm

Yeah.

rextended · July 24, 2021, 10:52pm

You right, but i do not understand why some basic settings are not set as default like rp-filter=loose instead of no, permit blank/not strong password, still use “admin”, just for example.
I hope 7 on new kernel work faster and stronger.

rextended · July 25, 2021, 1:08pm

Well, thanks moderatos/staff to pin this topic.

JJT211 · April 12, 2022, 2:01pm

BUMP

FYI, Author is regularly optimizing guide. And there’s some recent updates in there for Route loop prevention that all networks seem to have. Check out his blog

https://www.daryllswer.com/edge-router-bng-optimisation-guide-for-isps/

Ana128 · September 21, 2022, 10:51am

Very amazing, indeed.

DarkNate · March 5, 2023, 2:55am

Time Bump.

The author is still updating and maintaining the article as of 2023.

anav · March 6, 2023, 12:38am

Questions.
Q1: Is the connection tracking tables value useful for my home router CCR1009 setup?

Q2. Should I ask my ISP what is the largest size of MTU they are providing.

Q3. Should I be maximizing my L2 MTU value on all devices in the house or more clearly, find the largest common value amongst devices and use that.

Q3. In contrast it appears I should attempt to set the max L3 MTU values on devices regardless of what others do (APs, switches, routers).

Q4. Assume the bogon table minus own subnets and own WANIPs involved and of course loopback 127… is also applicable on home router.

Q5. Talking mss clamping and wireguard, when dealing with third party vendors. Is this what the author means by let the router do it, in an automated fashion vice set any specific numbers?? I know we are talking apples and oranges as this is not ppp.
/ip firewall mangle
add action=change-mss chain=forward comment=“Clamp MSS to PMTU for Outgoing packets” new-mss=clamp-to-pmtu out-interface=wireguard1 passthrough=yes protocol=tcp tcp-flags=syn

Q7. Is there any application for home router for these config settings…
interface bridge
add arp=disabled comment=“For Static Loop Protection” mtu=1500 name=loopback_1 protocol-mode=none
/ip address
add address=192.168.0.1/31 comment=“For Static Loop Protection” interface=loopback_1 network=192.168.0.0
/ip firewall nat
add action=dst-nat chain=dstnat comment=“Static Loop Protection” dst-address=103.176.189.0/25 to-addresses=192.168.0.1

Realizing fully the answers may all be → doesnt apply move on!

DarkNate · March 6, 2023, 10:14am

Conn_track values is for everybody, every host, every device, the world.

WAN MTU should be capped to 1500 at home. I’ve never heard of an ISP that can carry jumbo frames inter-AS for residential.

Largest possible MTU on LAN everywhere is fine, as long as L3 MTU matches on all routers, switches, whatever. The bridge will auto select smallest MTU like 2290 on MikroTik Wireless APs.

The RFC6890 route to black hole is applicable for every network device excluding hosts.

TCP MSS clamping is never required in a properly implemented set up i.e. proper MTU end to end. I never needed it for WireGuard or anything else.

No, you don’t need that bridge loop prevention in a home environment.

anav · March 12, 2023, 11:53am

THanks, in another thread you noted to use two raw rules to stop private IPs from leaking in or out of a router when using NAT.
Is this a replacement for bogon rules or an addition to? I have used bogon rules but prefer doing so in ip routes - blackhole.

BrateloSlava · March 12, 2023, 6:09pm

Please explain, what is the meaning of such a MTU replacement? The final (home) users will still be 1500. For example, to install 9000 on the server, NAS and switch, through which you will do backup, I still understand. And just change on all devices - I don’t understand what the point is.

DarkNate · March 12, 2023, 11:20pm

I don’t remember what you mean. The blackhole routes stop loops aka packets destined towards unused RFC6890 space. The RAW rules prevent NAT related exploits like NAT Slipstreaming etc, using RAW.

DarkNate · March 12, 2023, 11:22pm

You need to do your own study on TCP Windowing, TCP tuning and Jumbo frames, why, when and where. I’m not going to teach 10+ years worth of knowledge into a random forum post.

Try this:
https://www.ietf.org/proceedings/82/slides/grow-2.pdf

The Edge router article is generally not meant for home users, it is meant for ISPs. Though you can use some parts of it at home.

If you are an ISP then you should understand why we deploy jumbo frames in the backbone, for MPLS/VPLS, MACSec, VXLAN and L2 transport services for our customers.