What is wrong with bridges and eoip?

George90 · March 26, 2016, 4:41pm

Hello,

First device is router that have hotspot server, firewall rules, …
On Ethernet 6 is connected gigabit switch and there is 2 computers connected to it.

Second device is RB411A, and it’s used as AP.
one wireless interface is used for public access, and another wlan (virtual ap) for private access.

They are in brigde with eoip tunnels that ends on first device.

This is config from first device:

/interface bridge
add name=bridge-Djole

/interface ethernet
set [ find default-name=ether6 ] name="ether6 - Kuca"

/interface eoip
add !keepalive mac-address=02:39:FD:85:50:B0 mtu=1500 name="eoip-AP 1" \
    remote-address=192.168.0.6 tunnel-id=1
add !keepalive mac-address=02:4B:AD:A7:9D:BC name="eoip-AP 1 (Djole)" \
    remote-address=192.168.0.6 tunnel-id=15

/interface bridge port
add bridge=bridge-Djole interface="ether6 - Kuca"
add bridge=bridge-Djole interface="eoip-AP 1 (Djole)" path-cost=20

This is config from second device:

/interface bridge
add name=bridge_Djole
add name=bridge_korisnici

/interface eoip
add allow-fast-path=no !keepalive mac-address=02:DC:B2:BA:A9:4E mtu=1500 \
    name=eoip-AP1 remote-address=192.168.0.1 tunnel-id=1
add !keepalive mac-address=02:E1:17:76:D3:4D name=eoip-Djole remote-address=\
    192.168.0.1 tunnel-id=15
	
/interface bridge port
add bridge=bridge_korisnici interface=eoip-AP1
add bridge=bridge_korisnici interface=wlan1
add bridge=bridge_Djole interface="wlan2"
add bridge=bridge_Djole interface=eoip-Djole

Everything that is connected to public and private wlan works without any problems.
LAN computers connected to ether6 doesn’t load some sites at all, or at very low speed. When I remove eoip tunnel from bridge on first device, they load all resources as they should.

What can be problem here?

pukkita · March 26, 2016, 4:54pm

A diagram (even a hand drawn) will make things easier.

jarda · March 26, 2016, 4:56pm

Isn’t possible to use vlans instead eoip?

George90 · March 26, 2016, 5:18pm

Here is my hand drawn diagram
Office Lens 20160326-181324.jpg
It’s possible to use vlans, but bridges (or bridge on first device) will be problem as before…

pe1chl · March 26, 2016, 5:27pm

Maybe you have issues with the STP protocol?
(e.g. when both incoming connections come via different VLANs of the same switch)

IntrusDave · March 26, 2016, 5:40pm

I would bet that your MTU changed when you added the EOIP interface to the bridge. While your LAN PC’s are using 1500, your bridge likely shrunk to 1480 or less. This will cause almost all https sites to break, and many normal sites.

George90 · March 26, 2016, 6:36pm

I used vlan instead eoip tunnel and everything seems ok, so problem is in eoip tunnel or somewhere related to eoip.

When I set bridge mtu to 1492 and eoip mtu to 1472 nothing changed.

It’s interesting that eoip tunnel is making problems to traffic that are not passing through it.

Changing stp to stp or none from rstp didn’t give any effects.

pukkita · March 26, 2016, 6:58pm

What routerboard model is device 1? RouterOS and Firmware versions?

IntrusDave · March 26, 2016, 7:03pm

It’s not right, but try setting both MTUs to 1500.

George90 · March 26, 2016, 7:10pm

By default both mtu was 1500, on both sides. I restored original values after testing.

Device 1:
CCR1016-12G
Firmware 3.27
Router OS 6.32.4

Device 2:
RB411A
Firmware 3.24
Router OS 6.34.3

sunblade · December 13, 2016, 1:11pm

I have the same or very similar issue.

On “main site” I have bridged Ethernet interface with EoIP tunel, and it is causing problems (probably with MTU). I am using CCR1036 on the main site and RB750G on remote site.

Any idea to resolve this issue? I need to connect remote site with main site with L2.

Tnx

pe1chl · December 13, 2016, 3:16pm

When you just set the MTU of the EoIP interface to 1500 it will fragment the large frames on the link.
Not desirable, but in your case probably better than frames that are too large and simply dropped.
In the meantime, plan a network layout change so you don’t need EoIP but can use a VPN.

ovidiu · November 8, 2019, 7:01pm

This was my problem. I set MTU to 1500 for the EOIP interface and problem gone. Before ping and voip was working fine but no internet surfing

CZFan · November 9, 2019, 7:04pm

I experienced this before, would you care to elaborate on why this will happen?

sindy · November 9, 2019, 7:20pm

Do you ask why the bridge MTU auto-adjusts to the lowest one of its member interfaces’ MTUs, or why an MTU smaller than 1500 causes trouble when accessing https servers?

Zacharias · November 9, 2019, 7:42pm

The Bridge’s actual MTU just changed to the value of it’s lowest member.
However we can correct it by changing the Bridge’s MTU to 1500 again…
Most sites indeed won’t load, not all, because of fragmentation problems caused by the smaller MTU…

CZFan · November 10, 2019, 7:46pm

i asked why MTU of bridge changes, was not aware that bridge auto adjust to lowest member MTU, but did find the info about an hour after my post

Rezakaffash · July 19, 2023, 3:56am

Hello friends,
I have same problem and its not solving with changing MTU. What should i do!?

sindy · July 19, 2023, 4:40am

First of all, elaborate on “same problem”. Multiple issues have been discussed throughout this topic so describe your particular configuration and your particular problem.