Community discussions

MikroTik App
 
DANgerous25
just joined
Topic Author
Posts: 4
Joined: Fri Jun 26, 2020 7:57 am

Bridge between 1G and 10G internal subnets

Fri Jun 26, 2020 8:34 am

Hi folks, quite new to this and struggling so hope someone can help. I'm running RouterOS 6.47 on a CRS305-1G-4S+ router, pretty much out of the box setup.

I have a simple home 1G network where I've recently added some 10G NICs to two hosts in addition to their existing 1G and wifi. All my original 1G addresses work in the 192.168.10.x range via DHCP. The internet gateway is 192.168.10.254.

After adding the 10G cards to two hosts, I've added a Mikrotik router in RouterOS mode. I've given its WAN interface the IP of 192.168.10.2, and LAN 10.10.10.1 mask 255.255.255.0. I've given the two 10G NICs static IPs of 10.10.10.5 and 10.10.10.10 respectively with mask 255.255.255.0. I've connected its 1G interface to the 1G network, and connected to the two 10G hosts via the SFP+ ports.

What I want to achieve: I want hosts on both networks to be able to communicate between each other. I want all hosts to be able to have internet access. I don't need any firewall.
What I don't want: I don't want to put the device in switch mode and have everything on the same subnet, I want to keep the IP ranges separate.
Current state: Hosts on each network can communicate with hosts on the same subnet. The 10G hosts can communicate with each other. All hosts have internet access.
Problem: Hosts on the 1G network can't ping hosts on the 10G network.

I think I need to bridge the subnets, but I don't know how. I've tried putting the router in Bridge mode, no joy, and I've tried adding static routes but clearly I have done this incorrectly as it doesn't work.

I'd appreciate any help, or please let me know if you need more information.
 
User avatar
jvanhambelgium
Member Candidate
Member Candidate
Posts: 292
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Bridge between 1G and 10G internal subnets

Fri Jun 26, 2020 9:56 am

Be aware the performance will be *terrible* if you even consider ROUTING/BRIDGING between the 1G <> 10G subnet.
Your total performance in the best case will only be slightly more then 1G, so I don't understand why you even bother plugging 10G interfaces on the "server" side.
This product is a SWITCH ... with some routing capabilities but nowhere expect to reach any impressive throughput that you think to achieve (why else are you connecting servers with 10G....)

I don't use these products, others will probably provide you some tips & tricks to get things working.
 
User avatar
bpwl
Long time Member
Long time Member
Posts: 666
Joined: Mon Apr 08, 2019 1:16 am

Re: Bridge between 1G and 10G internal subnets

Fri Jun 26, 2020 10:08 am

Bridging is putting the interfaces in the same subnet. That is what you did not want.(yet)

If you want to use routing, then all interfaces must be in different subnets. The WAN and 1G LAN seem to be in the same subnet.

This means that the interface of the router must have an IP in that subnet, and that the DHCP must give that IP address as gateway to the clients.
By adding the IP on the interface there should be an automatic addition of IP routing rules to that subnet.

You will have connection, but be aware of the performance if hardware off-loading is not used. (ROS7 begins with L3 IP routing hw offloading for some devices. " At the moment of writing this article, only CRS317-1G-16S+ supports L3 HW Offloading and RouterOS v7beta6 or newer must be used.". Lets hope others will follow.
 
DANgerous25
just joined
Topic Author
Posts: 4
Joined: Fri Jun 26, 2020 7:57 am

Re: Bridge between 1G and 10G internal subnets

Fri Jun 26, 2020 1:57 pm

Be aware the performance will be *terrible* if you even consider ROUTING/BRIDGING between the 1G <> 10G subnet.
Your total performance in the best case will only be slightly more then 1G, so I don't understand why you even bother plugging 10G interfaces on the "server" side.
This product is a SWITCH ... with some routing capabilities but nowhere expect to reach any impressive throughput that you think to achieve (why else are you connecting servers with 10G....)

I don't use these products, others will probably provide you some tips & tricks to get things working.
Thanks for your response. Perhaps I am going about this all wrong. Can you suggest a way to achieve what I want to achieve? Essentially I want the two hosts that are 10G capable to communicate with each other via 10G, but communicate over 1G LAN/WiFi otherwise. I found that if I use the Mikrotik device as a switch then they communicate via the primary interface (which in this case is 1G LAN or WiFi) instead of 10G. I tried putting static routes to force traffic to host B’s IP via the 10G interface, but I didn’t have great success (host A is a Mac, host B is Unraid that has a host C virtual machine) as the routes don’t persist and seemed unstable, and this doesn’t feel like a clean solution.

The other thing I want to do is host B contains various services that I want exposed to the rest of the network and ultimately the public internet. Owing to the current setup I can’t do this. I wonder whether setting up so NAT/port forwarding would achieve this instead?
 
User avatar
jvanhambelgium
Member Candidate
Member Candidate
Posts: 292
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Bridge between 1G and 10G internal subnets

Fri Jun 26, 2020 4:19 pm

>I have a simple home 1G network where I've recently added some 10G NICs to two hosts in addition to their existing 1G and wifi. All my original 1G addresses work in the 192.168.10.x range via >DHCP. The internet gateway is 192.168.10.254.
>After adding the 10G cards to two hosts, I've added a Mikrotik router in RouterOS mode. I've given its WAN interface the IP of 192.168.10.2, and LAN 10.10.10.1 mask 255.255.255.0. I've given the two >10G NICs static IPs of 10.10.10.5 and 10.10.10.10 respectively with mask 255.255.255.0. I've connected its 1G interface to the 1G network, and connected to the two 10G hosts via the SFP+ ports.

=> What do these 2 servers running on 10G "exchange" with each other ? Why do you want to connected on the switch and why not simply have a cable between them on their 10G ports ?
=> Your "WAN" IP range 192.168.10.2 is conflicting with the LAN range of 192.168.10.x/24
=> IS this Mikrotik also you Internet-gateway ? Or you have a separate router on which ISP is connected ? Because IF you have an external/extra router there is no need to use the "WAN" on your Mikrotik unless you really want additional firewall etc.
=> Simple drawing is 1000x more clear.

-> 10G subnet back2back between servers with cable, NO switchports : 10.10.10.x which is fine
-> 1G subnet for servers and clients on your local LAN 192.168.11.x , configure DHCP to hand out IP's in the 192.168.11.x range, create Bridge interface 192.168.11.254 or something.
-> WAN-subnet, back2back to your ISP device 192.168.10.254=Internet Gateway and put 192.168.10.1 on the Mikrotik for example.
-> Perform rest of config, static-route, firewall-filter etc.

Above je just 1 way of config, but I don't really understand the USECASE for your setup.
 
User avatar
bpwl
Long time Member
Long time Member
Posts: 666
Joined: Mon Apr 08, 2019 1:16 am

Re: Bridge between 1G and 10G internal subnets

Fri Jun 26, 2020 4:22 pm

Without a diagram a misinterpretation is easily made. I'll try anyway.

Your 1G and 10G network should use different subnets.
Lets say WAN =192.168.10.0/24
1G LAN is 192.168.100.0/24
10G LAN is 10.10.10.0/24

The 10G interfaces are bridged together. That bridge gets an IP address like 10.10.10.1/24. (primary bridge, hardware offloaded)
The 1G LAN is separate (or if there are more of those interfaces, on a separate bridge). That interface has an IP address of 192.168.100.1/24 (or that second bridge has it)
The WAN is at what it is now 192.168.10.2/24.

A server with a 1G and a 10G interface (not clear if this is the case here!) will have 192.168.100.x/24 on the 1G interface, and 10.10.10.x/24 on its 10G interface, with respectively gateway 192.168.100.1 and 10.10.10.10.1
Servers speak to each other over the 10.10.10.0/24 subnet, using their 10.10.10.0/24 addresses. That communication will be switched in the Mikrotik (hw offloaded), no gateway or routing involved.

The Mikrotik will route between the 10.10.10.0/24, 192.168.100.0/24 and 192.168.10.0/24 subnets. It will always route according to the source and destination IP address used.

If the server has only one interface , then the Mikrotik will route between 10G and 1G as needed.
 
DANgerous25
just joined
Topic Author
Posts: 4
Joined: Fri Jun 26, 2020 7:57 am

Re: Bridge between 1G and 10G internal subnets

Fri Jun 26, 2020 5:53 pm

Image (in case this doesn't display, try https://imgur.com/a/00meNwd )

Thank you both for your responses. Hopefully you can see the diagram above, I hope it makes it a bit clearer. The setup is not ideal, but I am working with some limitations in my apartment [as best I know how]. Description:

My internet connection is in room 1, from there the internet is served across multiple rooms using wifi [5]. I also have each room served by wired connection using ethernet over power (EoP). My internet connection is 1G, which is great for the devices in the vicinity of the gateway where they enjoy ~900Mb/s... unfortunately for the other rooms, they get around 50Mb/s using the EoP or 150Mb/s using wifi. The thick concrete walls and dense apartment blocks probably don't help!

In room 2 is where I have the 10G capable devices, namely a server and workstation. Each has 10G/1G/wifi but I don't use the wifi on the server. On the server I am hosting a NAS, various VMs and a cloud, and have multiple workflows between the workstation and server that would benefit from exclusive 10G connectivity. The workstation's primary internet connectivity is via wifi, because the 150Mb/s I get is much better than the secondary EoP which gives me 50Mb/s. From the workstation I want to have constant internet access at the best speed I can, which is currently 150Mb/s over wifi. However I want it to be able to work with the server using 10G. (perhaps I could just directly connect them and get rid of the switch/router, but then I limit my expansion possibilities).

In the future I plan to upgrade the wifi setup to wifi 6 which would in theory enable me to take advantage of my good internet bandwidth from all rooms in the apartment, but I don't have enough capable devices yet.

Hence on my workstation my primary network interface is set to wifi to get my internet access at the best speed. I don't have the 10G NIC as the primary interface because that would effectively throttle my internet access to ~50Mb/s as the EoP allows. As a result the connectivity gets more complicated because I want to use the 10G for everything else from this workstation.
 
User avatar
bpwl
Long time Member
Long time Member
Posts: 666
Joined: Mon Apr 08, 2019 1:16 am

Re: Bridge between 1G and 10G internal subnets  [SOLVED]

Fri Jun 26, 2020 8:53 pm

Hi, thanks a lot for your diagram. Helps a lot. There is a lot to talk about, many possibilities but let me try to be brief and understandable (not one of my best skills)
Klembord-2.jpg
In this setup there are 2 routers. Labeled router1 and router2. The rest is configured as switch (bridge in RouterOS)

All ports 192.168.10.0/24 can be switched together in the 2 1G switches.
The second subnet 10.10.10.0/24 is switched together in router2

Router1 (the ISP gateway firewall) has the public IP address and the 192.168.10.254 LAN address. It will do the necessary NAT.
192.168.10.254 is the default gateway (route 0.0.0.0/0) for all devices in the 192.168.10.0/24 subnet.

Router2 has the 192.168.10.2 on the 1G ethernet interface, and 10.10.10.1 IP address on the bridge with the 10 G interfaces as ports.
Router2 will route between 192.168.10.0/24 and 10.10.10.10.0/24.
All devices on 10G must have 10.10.10.1 as default gateway
Router2 itself will have a default (0.0.0.0/0) route to gateway192.168.10.254

One extra step. We must add a dedicated route in router1 towards router2 for the 10.10.10.0/24 network. The gateway is 192.168.10.2, address of router2, for that route.
The reverse path is covered by the default route already.

Actually that's all that is needed.The 1G interfaces in the server and workstation are not of added value. The 1G switch can be removed as well. Those 2 devices will communicate with 192.168.10.0/24 through router2.

You have the extra challenge of the faster wifi connection, than the EoP powerline connection. Your workstation can connect to wifi. I have no idea to what extend MacOS can be used with a routing function, to make smart route selection or set route priority. It probably will use wifi for 192.168.10.0/24 and 10.10.10.20 for the rest. That 1G ethernet line should not be connected, it only confuses things, and brings no extra connectivity.
Adding the wifi connection to router2 could be an idea. The CRS305 does not have an WLAN interface, so there is an extra cost.
But in that case upgrading to a state of the art powerline may also be an option. (500Mbps).
You do not have the required permissions to view the files attached to this post.
 
DANgerous25
just joined
Topic Author
Posts: 4
Joined: Fri Jun 26, 2020 7:57 am

Re: Bridge between 1G and 10G internal subnets

Sat Jun 27, 2020 8:01 am

Thank you @bpwl, you have solved it! The solution to this issue was to add a gateway and static route to router 1 as you suggested. It makes complete sense, router 1 being the DG for all the 192.168.10.x clients would simply need to know where to route for the other network. It was piece of cake to add that route to router 1, and it worked immediately.

Thanks for your patience and logical thought process, I have learned a lot from this thread.

Who is online

Users browsing this forum: No registered users and 25 guests