We started a few months ago to use the CCR serie. CCR2004 for PPPoE on customer-sites and now we want to test with the CCR2216 in our DC for terminating non-owned internet connections to our backbone.
Our idea was simple: a (later redundant) Wireguard Server (CCR2216 with SFP+ 10Gbps interfaces in our datacenter). CPE on-site does PPPoE trough an L2TP-ether-tunnel to the Wireguard Server and this L2TP-ether session need to be coupled to a Tagged VLAN in our backbone for handeling the session by our core routers (non-MikroTik).
So far the global idea. Building the WAN-side (public) to sfp28-1 VLAN 100 (only set-up IP address) and some basic management firewall-rules worked fine. So far no Wireguard etc. configured.
After finding out that we need to bridge the L2TP-ether session to the sfp28-2 with tagged and untagged settings for specified VLAN, I created a TRANSPORT-BRIDGE with VLAN filtering, no other settings! After that I only added the sfp28-2 interface to that specific bridge. After connecting this interface, our whole network flooded/looped or so (trying to find out what is was) and everything goes DOWN.
We checked our core, and there is no way that there was a config mismatch there!
Is this a CCR2216 behavior? When I tested before in a 1Gb situation with a CCR2004 it worked well…
We chose the CCR2216 of its CPU and RAM for the tunnel-capacity for the WireGuard, L2TP-ether set-up…
If anyone want a config-snippet I can provide…
Thanks!