Hi there,
I’m having a bit of trouble setting up an environement where:
The client has to get IP throught PPPoE
Every client connection is received in an independent VLAN
I do not want to create a PPPoE server on every VLAN
Maybe working with bridges.. something like bridge all the VLANs and then creating a PPPoE server over this bridge could solve the issue but then I dont know if it could be any performance problem (each connection is up to 300Mb/300Mb) or security (bridge a lot of vlans..)
Someone tried this scenario with good results, how di you have done it?
In case the only solution is to create a PPPoE server if anyone have any information how it behaves a Mikrotik with 1000-2000 PPPoE servers (one client on each PPPoE server)
Create an interface list (e.g. vlan-list) with all the vlans declared over ether5
Create a bridge (e.g. br-PPPoE), add all the vlans declared previously as this bridge ports
Add ether5 to the bridge br-PPPoE
Create a bridge filter on forward chain with in interface list “vlan-list” and out interface list “vlan-list” ← not necessary but will ensure L2 isolation
Create PPPoE server over br-PPPoE
Done! It works!
I have some regards on performance, do you think a CCR1036 (everything created over the bonding of the two sfp+ ports) can handle 1500+ vlans declared and couple of gigs of traffic with this setup?
Your solution will work but the bridge firewalling will chew cpu cycles.
Rather use split horizon bridging by setting the same horizon value on all the interfaces in the bridge (eg 100), this will prevent packets coming in one interface leaving an interface with the same horizon value. Then you do not need the firewalling.
