I am planning on having 2 Mikrotik boxes at a remote site acting as routers and PPPOE servers for Wireless ISP Customers. The Mikrotik boxes will be both connected to a switch that has my AP’s connected and I will be backhauling Radius to the radius server at my central POP. What is the best way to set this up so my Mikrotik boxes will both handle PPPOE in the event one fails. Specifically I am trying to figure out the following:
Should I use VRRP with my two Mikrotik Boxes or should I run them as separate independant gateways?
Can I overlap IP address scopes leased to our subcribers between the 2 Mikrotik boxes or do they need to be unique?
What is the best way to set this up so the secondary Mikrotik takes over PPPOE automatically in the event of a failure. Can I do an active/standby setup for PPPOE?
Your task is easy to accomplish:
put two boxes with the same configuration (with only one exception explained below) running as your current pppoe server.
The only exception is for the ip addresses. If they are assigned statically (or dynamically) by your radius server, there’s nothing to change.
If they are assigned by ip pools, make sure the pools don’t overlap. There’s not sync between pppoe servers in mikrotik (yet)
If the hardware of the pppoe servers are similar or exactly the same, they will loadbalance the users between them automatically. If one dies, the other one will take all the requests.
There’s no need of VRRP or 1:1 configs
Hope it helps
Thanks for the recomendation. That sounds easy enough. I am currently using IP Pools but may switch to using radius to distribute them so I can use one address scope for both PPPOE servers since IPV4 address space is getting harder to get.
I would also be interested in further explanation.
I would assume that the clients are getting IP addresses from radius but the PPPoE servers are both statically assigned.
It is not clear to me if you mean that setting up two nearly identical PPPoE servers next to each other allows them to functionally load balance simply by luck, as in first to PPPoE server to respond is used and the one with greater load should in theory respond slightly more slowly so the lesser loaded box responds. Is this what you are saying?
Just duplicate your pppoe server, change the Tunnel ID to the remote Base Station (and accordingly add another EoIP on the Base Station with the same Tunnel ID to the Second PPPoE Server).
It might be confusing, but it’s easier than you might think
Slightly offtopic.
How many sessions do you have ?
Is it possible that MT can handle up to 2000 sessions - shape the traffic and nat them - without problem?
i have MT with ip ex. 10.10.10.2 lan side and X.X.X.X wan side.
how can i add another MT with same config and same ip address so that MT will be redundand???
I am about to set up the same thing but my RADIUS server is handing out static, public, ip addresses. What I am trying to figure out is how to route packets coming back in (from Internet). How do I know which of the two MikroTik PPPoE servers
is the appropriate “next hop”?
When i mean identical servers, i mean same profiles. It’s obvious that they should have different ip addresses, and they will NAT accordingly to the IP you assigned.
Your configuration requires some kind of dynamic routing (usually IBGP does the job) between the PPPoE servers and your gateway
My scenario is:
One provider - uplink 10.10.10.1 ex.(actually public ip is there)
Main router:
wan:10.10.10.2 ex.
lan:10.100.100.1/24
clients:10.200.200.1/24
I want to add second router and to be redundand if main router stop ,second to take over.
Notice:only one provider and that provider route ip blocks via that 10.10.10.2
You might need to ask to your provider another IP (10.10.10.2) which shouldn’t be a problem since it is already a private IP
Put a switch (or a QoS) between your Gateway and the two PPPoE Servers, and configure them like this (Example)
Main router:(PPPoE 1)
wan:10.10.10.2 ex.
lan:10.100.100.1/24
clients:10.200.200.1/24
Second Router:(PPPoE 2)
wan:10.10.10.3 ex.
lan:10.100.200.1/24
clients:10.200.100.1/24
Then again put both client interfaces on a switch which will be the gateway for your clients.
i have public ip block which is routed via my provider, ex. class ips X.X.X.X/21 is routed via X.X.X.2/30 (my side wan)
customers have public ips from block x.x.x.x/21
Maybe only solution is vrrp? I tru vrrp on wan ip its worked, but problem is lan segment where is radius server (if i put vrrp ip on that interface radius server dont comm. with radius client on MT) and also problem i have on customers interface i cannot get master /slave combination, i always get master/master - VRID was set properly
1 ether - wan public ip.2/30
2 ether - lan network to comunicate with radius(public ips /28)
3 ether - clients (public ips /24)
how can i put one more router which would be redundand router , backup router, but traffic will not goes via that router, only when main router was down then backup router take over.
I thought I would share my experience of recently setting up redundant PPPoE servers w/ RADIUS. So far, it would seem that redundancy is not possible. I am testing on a small portion of our 400 CPEs. We are a WISP and the PPPoE servers (RB493s) are located in our central location. I have both servers plugged into our main switch and there are five backhaul radios which leave this location.
On the backend, the servers share a common VLAN which includes dual RADIUS servers and the interface to our main router; a Juniper J4350. I am running OSPF between the Routerboards and the Juniper. The RADIUS server hands out static public IP addresses (from RADIUS) and the Routerboards send the appropriate OSPF messages so that the Juniper learns the correct routes. All this seems to work fine however, what I am seeing is that several CPE routers have active connections in both PPPoE servers.
I am guessing that when a CPE connection drops, it sometimes will re-connect to the alternate server. My Keep-Alive timeout is currently set to 180 although I’ve tried the default of 10 (connections would be dropping all the time) and I’ve also set it to zero; which just seems to make the dual-connection problem worse.
What I don’t understand is why the server with the inactive connection fails to drop the session after the Keep Alive timeout has expired? In general, I have not really been able to determine if the Keep Alive is even working; or what the correct value should be. This is RouterOS 4.11. Has anyone else had a similar problem or success?