PPPoE Architecture [solved, thanks to sten & tneumann]

RouterOS General
1

hi,

i have an architecture of pppoe like this :

+------------------+     +------------+
|    Router to     |     |    Radius  |
|     Internet     |     |   Server   |
+------------------+     +------------+
           |                     |
           |                     |
|========ethernet=====================|
                                   |
                                   |
                         +--------------------+
                         | MT PPPoE Server    |
                         +--------------------+
                                  |
                                  |
                             +----------+
                             |   DSLAM  |
                             +----------+   

                                  |
                                  |
            +-----------------------------------+
          /      PPPoE Clients (DSL Router)    /
         +------------------------------------+

when we are connected from DSL Router, the connection is unstable.

this is the configuration

this is the configuration (MT 2.9.38 ) :

[admin@NexcomPPPoE] ppp profile> print detail
Flags: * - default
0 * name="default" use-compression=default use-vj-compression=default use-encryption=default only-one=default
change-tcp-mss=yes dns-server=x.x.x.x

1 name="nexcom" local-address=10.67.1.1 remote-address=pppoe use-compression=yes use-vj-compression=default
use-encryption=default only-one=yes change-tcp-mss=default rate-limit=512000/128000 dns-server=x.x.x.x

2 * name="default-encryption" use-compression=default use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes rate-limit=384000/64000

[admin@NexcomPPPoE] ppp aaa> print
use-radius: yes
accounting: yes
interim-update: 0s

0 service=ppp called-id="" domain="mydomain" address=x.x.x.x secret="mysecret" authentication-port=1812
accounting-port=1813 timeout=1s200ms accounting-backup=no realm=""


[admin@NexcomPPPoE] interface pppoe-server server> print detail
Flags: X - disabled
0 service-name="nexcom" interface=broadcom max-mtu=1480 max-mru=1480 authentication=pap keepalive-timeout=180
one-session-per-host=yes max-sessions=0 default-profile=nexcom



and my friend told me that i have a wrong architecture, these is he suggested :



+------------------+     
|    Router to     |      
|     Internet     |     
+------------------+     
           |
           |
|=============ethernet===========|                            
           |
           |
+--------------+     +-------------+
|    Iptables  |     |    Radius   |
|       NAT    |     |   Server    |
+--------------+     +-------------+
           |                  |
           |                  |
|===================================ethernet=================================|
                                   |                       |
                                   |                       |
                         +--------------------+       +----------+  
                         | MT PPPoE Server    |       | DSLAM    |
                         +--------------------+       +----------+ 
                                                            |
                                                            |
                                                +------------------------------------+
                                               /      PPPoE Clients (DSL Router)   /
                                             +------------------------------------+

which is the best architecture for this PPPoE? and how about the MT configuration?


thanks before

2

Don’t see a problem with your first layout. In fact I would have thought it better to use the radius etc on a public IP to be accessed by multiple sites. I run it that way but i’m running PPPoE accross wireless. Maybe it’s got something to do with MTU over the ATM(ADSL) network. I know ADSL connections have heavy overhead and often cannot support an MTU above 1400?? You could force a lower MTU perhaps on the MT?

3

What does that mean exactly? Can you describe your problems in more detail please?

–Tom

4

hi,

when i try to connect with DSL router (PPPoE client), the connection is unstable. when i leave the modem connected (idle). the connection is drop and cannot connect again. need to restart the router to establish the connection again. i set the idle time out = 1 hour. but before 1 hour, the connection is drop.


thanks

5

please help

6

You might want to consider using a ping script that runs every 1 minute or 30 seconds that way it will keep the connection alive.

http://www.mikrotik.com/testdocs/ros/2.9/system/scripting.php

7

i think that’s not a good idea,

because when i ping, i’ll count to user usage and the user have to pay the ping usage.

maybe ping is only 32bytes. but if i need to ping all day all months…

but thanks anyway

8

What type of DSL modems are you using?

9

we use DLINK 3248 for DSLAM and Dlink 504T for DSL Router

10

One other quick question. What does the log say on the pppoe server when the client becomes disconnected?

11

there is no log, because MT still keeping the session

12

Ok so i’m not understanding this then. When you have a idle period it wil disconnect no matter how long to set your idle timeout to be. The MT log shows nothing because the session doesn’t logout or timeout?

If i’m getting this, it sounds like you are having issues with the dsl router and/or dslam.

13

hmmm…that’s a good point…

but when i tried a bridge mode (using DHCP) instead a PPPoE…the connection is steady…we have tried it from 2 days a go…and until now…it still connected…

the problem must be not from the DSLAM or the DSL router…

14

so, back to the first question.

which is the best architecture for the PPPoE


thanks

15

Well i have pretty close to your first setup. The only difference is the backbone to my internet source is directly plugged into the MT and so is the radius server. They both have their own interface. It works PREFECT and i’ve never had any issues.

16

hi,

may i see your configuration.

thanks

17

I have the following

customers → MT (PPPoE Server)
MT (PPPoE Server) → Servers (Radius and DNS)
MT (PPPoE Server) → Backhaul to internet
MT (PPPoE Server) → Backup internet source

My MT has 4 interfaces:

  1. Customers
  2. Backhual
  3. Backup Internet
  4. NOC Servers (Radius, DNS1, DNS2, and such)
18

Your friend does not know what he is talking about.

Don’t do VJ compression as its a red herring with most current implementations. Adjust mtu/mru to a maximum of 1492
Set keepalive timeout to a lower value (otherwise face the implications of higher timeout). Dont do “change-tcp-mss” as this feature has been broken since pre 2.8. It should just adjust the mss when it’s too high but it just overwrites the mss (which is utterly broken behavior). You need to enforce users to use 1492 and only 1492. Add three proper mss adjustment rules. Instead add two tcp mss rules in forward chain, Don’t permit compression or encryption.

Try, try

19

thanks a lot sten,

now my pppoe server working smoothly.

i have another question, but maybe in new topic


regards

me