Dear Users,
I’we got a problem.
I have this setup:
CHR1 on DC1 with 1 interface and much static public IP
CHR2 on DC2 with 2 interface 1 on wan 1 on lan side where i would like to use the IP’s
I would like to use the DC1 IP addresses on DC2 like layer 2 connect.
I read about EoIP and other type of setups but not work for me.
Maybe the EoIP is good but if I bridge the WAN with the Tunnel on CHR1 I loose the connection.
Somebody can help me to setup this?
Bridging together a physical interface and a local end of an EoIP tunnel transported via that very bridge normally works, except that it means that every packet to those forwarded addresses has to go twice via DC1’s WAN connection and that large packets will get fragmented into two.
However, as we talk about virtual Mikrotiks (x86 or CHR) here, I would suspect the blocking issue to be the setting of datacenter’s virtual switch which by default doesn’t accept frames from/to any other MAC address than that of the VM. If this is the case, you would have to use double dst-nat - on the address-rich DC you would dst-nat incoming packets to a private IP address, route them via a tunnel (which may thus be an L3 one wasting less packet space on its overhead as compared to an L2 one) to the address-scarce DC, and there dst-nat them back to the public address which would be up on the machine terminating the tunnel or on machines connected to it. And similarly you would use src-nat rules for connections established from the address-scarce DC side.
Your DC2 WAN side stays the same and you don’t bridge the EoIP tunnel at the remote side with the WAN interface. You can bridge it with a VLAN that’s not your active WAN if you have other devices in DC2 that need to be physically connected directly to the outside. You also can NAT addressing if you want to and from the EoIP interface. You will need to bridge the DC1 WAN to the EoIP interface on that side.
The only traffic that will traverse the WAN to DC2 will be broadcast traffic or anything that is unicast that should go to that side.