Hello all. I am rather new to the mikrotik thing, as you would probably know…
I am changing out the pppoe servers in production right now. I won’t be doing PPPoE at this time on the APs, just changing hte pppoe server here to mikrotik. the server is 2.0 celeron with 256mb ram.
(I hate celerons, but this is another reason I would like to load balance two servers, or cluster, what ever…)
First off, will that run 500+ people? I do have #5 license.
Now, I have all the setting I can think of set right for pppoe and have the radius set to my radius servers with their respective ips. I have the pools in as well. (I’m using winbox by the way). If anyone has a nice instruction set for setting up mikrotik for pppoe with external radius servers, please refer me to that. I have found a few, but they don’t seem to explain the settings very well.
Now the main question-
Right now I have two pppoe servers set for clustering for redundancy. Is there a way to set mikrotik the same way? if not (or in addition) is there a way to set up two servers the same, and have one take over in the event of a failure?
I thought clustering made more sense but any help would be appreciated. If I didn’t’ explain anything very well, please just ask me for the right information.
clustering can be done..or say load balancing…there are different ways like keeping the service name same on both MTz or set max pppoe connections on MT.
So, you are saying that if I have the service name the same, they will load balance? that would mean I need two seperate pools on each server correct? or will they not assign duplicates if they have the same larger pools on each? The reason I ask is, I would like each to have the capability of running the whole PPPoE- I just want two in use for redundancy as well as throughput (since there is 500 + customers that will eventualy be connecting).
well..that will be a problem because one MT won’t be able to identify whether other MT has assigned an ip or not…im not sure if we can manage a shared pool accross multiple MTs.
one way could be to keep different pool on both MTs to avoid IP conflict or if you dont want that, a better and managed way is to let your radius/billing server maintain the pool and assign the IPs to the PPPOE users. you can also set static IP for each users in radius instead of pool.
ok, I have the two servers up and both have seperate pools to assign. they took all the connections fine but I noticed that it was assigning one ip for the user, and one for the local interface (sub-interface I suppose) for that connection. I saw that as when I looked into ip routes, I found that the gateway to the assigned ip was the next ip in number. This is not going to work as I only want one ip address used for each connection.
So, is this setting where the local and remote ip is in the pppoe profile? can I have all users use the same local ip and then set the remote ip for the pool? I am thinking that might be how it should work.
What happened was I could connect but the ips ran out… also, when I was connected, only half of the pings would go through. It was a failed first test lol. So, as it is now, both MTs have the same pppoe name, and one eth int has no ip and is on the switch my wireless network is on, the other eth has an ip and is hooked up to the switch that goes to the gateway (cisco 7200). I know i don’t want to assign an ip to the eth that the pppoe is on, but perhaps the ip shoudl be assigned by the pppoe connection. Any more help will be appreciated, thanks!
Actually you should provide the local address in your ppp profile. And (of course) it can (and usually will/should) be the same for every user connecting.
If configured correctly, you WILL only use one ip address per PPPoE connection (unless you route them a subnet or such).
And you are right - adding an ip address on the PPPoE server interface would be a bad idea, because it would allow usage of your service without logging in (if not explicitely secured against by firewall rules).
So just add a “local address” to the ppp profile and try. Your “remote address” (the one the customers CPE is getting) can be assigned using a MikroTik ip address pool or over RADIUS.
kindly send your ppp profile settings so that we can have a look.
second openion after reading your post is using a central pppoe server, you have 7200 on backbone that runs perfectly as a broadband RAS, so you can just use your MT for traffic shaping and let 7200 do the pppoe. 7200 can handle than 1000’s pppoe clients with minor cpu usage.
I’m going to give this a test run tomorrow morning. where 10.0.0.1 is I had pppoe-2-only set there before. so this should work out I would think.
UPDATE:
The test didn’t work. Does the local-address have to be on the same net as the pppoe pool address (the pool-address are in the 192.168.24.x range)? All connections (about 500 between the two MTs) connected fine, but couldn’t get through. Once in a while, there would be a page that would start to load and then stop. Pings would not work but maybe every 2 min- as in nothing was pingable, then anything was pingable, then nothing again. The resources are not even close to being use up- the server has a 2.0 P4 with 512mb ram.
Funny thing is, the first 4 mins. both of our test connections were working, then after a few mins everything went to crap. I’m not sure if the mikrotiks are routing correct or what. I could see in the ip route field that all connections were there, with their respective ip form the pool and a gateway of the set local address. Any ideas???
If there is any other info that would help, let me know. I may just resort to freeBSD for this application, but really would like to get these MTs going. eventually I need ot segregate/route the network and have an MT at every tower doing pppoe.
Thanks everyone for the help! Keep the ideas comin’.
I have done much reading and will try testing with the following in mind.
“don’t forget to disable “Change TCP MSS” to “no” in pppoe profiles and set one firewall/mangle rule that changes TCP MSS for all pppoe users to such as 1300”
I hope that’s ok for a server… not intended for a client?
I found these on the forum here. The last test I did seemed to have similar problems. I could see a website for a sec, then all would stop loading. Pings were at around 30% successful. the good thing is that everyone is authenticating form my radius just fine. Might I also add, until others connect (I’m the first through) I brows perfect. It isn’t until the first 2 mins pass that all heck breaks loose with the packet loss etc. the system resources are fine… barely touched. So, if anyone has any tips or thought to add, please do so. I will try out the new mangle/firewall rule, but for now, that’s all I got to go on.
As for the routing… I thought that as well, but right now there are two acting pppoe servers running servpoet that these MTs will be replacing. I have the IP’s borrowed from them and simply swap the MT for the servpoet at the time of testing. The IP pools are the same and all. the only thing really changing is the fact that’s it is an MT doing the PPPoE terminating, and that the mac of the MT is different of coarse. Am I overlooking something obvious?
The mikrotik has a static route 0.0.0.0 to the ip of the 7200 (going through a switch that the 7200 and both MTs are connected to with public IPs on the same sub of coarse. The 7200 has static routes of each pool to go to the correct ip of the MT hosting those pools.
I also have the local int in the ppp profile set to one ip and the remote from the pool of public ips. Not sure what else to mention, but let me know if there is more needed.
Ohhhh… I would love to just use the 7200 as the pppoe server… but that is not an option
The resources are not even close to being use up- the server has a 2.0 P4 with 512mb ram.
