Hi,
I'm trying to configure two Mikrotik devices to mirror ethernet traffic remotely:
I want to get all the ethernet traffic from one ethernet interface of MT1,
tunnel this traffic using EoIP to MT2, send out this traffic from an ethernet interface of MT2.
I was able to do that by bridging the EoIP tunnel with the ethernet interface,
disabling FDB (external-fdb=yes) on both bridge ports
and redirecting the incoming traffic on MT1 to the cpu (redirect-to-cpu=yes)
You can find below all the significant configuration
The devices I'm using are RB493G or RB450G (the results don't change if I'm using one or the other)
To test this configuration I send a pcap captured traffic (it's mostly SCP encrypted traffic)
to MT1 (via tcpreplay on a pc) and I'm checking if the same traffic is sent out from MT2.
My problem is that with the current release of RouterOS (6.33) I have packet loss even at relatively low speed (100 pps)
The problem appeared to be on the MT2 device in the bridge between EoIP tunnel and ethernet interface.
So I followed a suggestion found on this forum to downgrade the version of RouterOS to 4.17 on MT2
and I was very surprised to see that the older version performed much better than the current one.
For example with 5000 pps, I have no packet loss if MT2 is version 4.17 of routerOS,
while I have close to 1% packet loss if MT2 is version 6.33.
Again, it makes no difference which device I'm using as MT2 (RB493G or RB450G): if it is with the current version I have packet loss, if I use the older version no packets are lost.
Do you have any clue why this is happening?
Thank you
Alex
MT1 configuration
/interface ethernet print detail
name="ether3-slave-local" default-name="ether3" mtu=1500 l2mtu=1520
mac-address=E4:8D:8C:26:AF:E6 orig-mac-address=E4:8D:8C:26:AF:E6
arp=enabled auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
master-port=none bandwidth=unlimited/unlimited switch=switch1
name="ether5-slave-local" default-name="ether5" mtu=1500 l2mtu=1520
mac-address=E4:8D:8C:26:AF:E8 orig-mac-address=E4:8D:8C:26:AF:E8
arp=disabled auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
master-port=none bandwidth=unlimited/unlimited switch=switch1
/ip address print detail
address=192.168.89.3/24 network=192.168.89.0 interface=ether3-slave-local
actual-interface=ether3-slave-local
/interface eoip print detail
name="eoip-tunnel2" mtu=1600 actual-mtu=1600 l2mtu=65535
mac-address=00:00:5E:80:00:05 arp=disabled local-address=0.0.0.0
remote-address=192.168.89.4 tunnel-id=200 dscp=inherit clamp-tcp-mss=no
dont-fragment=no allow-fast-path=no
/interface ethernet switch rule print detail
Flags: X - disabled, I - invalid
switch=switch1 ports=ether5-slave-local copy-to-cpu=no redirect-to-cpu=yes
mirror=no
/interface bridge print detail
name="bridge3" mtu=auto actual-mtu=1500 l2mtu=1520 arp=disabled
mac-address=00:00:5E:80:00:05 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
/interface bridge port print detail
interface=ether5-slave-local bridge=bridge3 priority=0x80 path-cost=10
edge=auto point-to-point=auto external-fdb=yes horizon=none
auto-isolate=no
interface=eoip-tunnel2 bridge=bridge3 priority=0x80 path-cost=10
edge=auto point-to-point=auto external-fdb=yes horizon=none
auto-isolate=no
MT2 configuration
/interface ethernet print detail
name="ether3-slave-local" default-name="ether3" mtu=1500 l2mtu=1520
mac-address=E4:8D:8C:29:7D:A4 orig-mac-address=E4:8D:8C:29:7D:A4
arp=enabled auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
master-port=none bandwidth=unlimited/unlimited switch=switch1
name="ether5-slave-local" default-name="ether5" mtu=1500 l2mtu=1520
mac-address=E4:8D:8C:29:7D:A6 orig-mac-address=E4:8D:8C:29:7D:A6
arp=disabled auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
master-port=none bandwidth=unlimited/unlimited switch=switch1
/ip address print detail
address=192.168.89.4/24 network=192.168.89.0 interface=ether3-slave-local
actual-interface=ether3-slave-local
/interface eoip print detail
name="eoip-tunnel2" mtu=1600 actual-mtu=1600 l2mtu=65535
mac-address=00:00:5E:80:00:06 arp=disabled local-address=0.0.0.0
remote-address=192.168.89.4 tunnel-id=200 dscp=inherit clamp-tcp-mss=no
dont-fragment=no allow-fast-path=no
/interface bridge print detail
name="bridge3" mtu=auto actual-mtu=1500 l2mtu=1520 arp=disabled
mac-address=00:00:5E:80:00:06 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
/interface bridge port print detail
interface=eoip-tunnel2 bridge=bridge3 priority=0x80 path-cost=10
edge=auto point-to-point=auto external-fdb=yes horizon=none
auto-isolate=no
interface=ether5-slave-local bridge=bridge3 priority=0x80 path-cost=10
edge=auto point-to-point=auto external-fdb=yes horizon=none
auto-isolate=no