Community discussions

 
jtde
just joined
Topic Author
Posts: 3
Joined: Thu Aug 22, 2019 3:25 pm
Location: Germany; Spain

EoIP no RX on main side of the bridge

Mon Aug 26, 2019 1:50 pm

Hi there, I hope you've had a good start to the new week.

I need to bridge two networks together and I think EoIP is the easiest way to do so - MPLS would be much more complicated. In the GNS3 lab the EoIP configuration worked great, but on the production system one side of the tunnel doesn't receive packets. The other side can send and receive.

Remote side, looks ok:
production-ed2wle-traffic.PNG
Main side, no RX!
production-wle2ed-traffic.PNG
The remote address of the main side is the same as the bridge address, so I can't assign an IP address from this network to the remote office side's bridge and I can't do any diagnosis on the remote office's MikroTik except inspecting the traffic. Torch on the remote side (that can send and receive) shows traffic from the main side.

This is the (simplified, but very close to production) setup that works in GNS3:
gns3-lab.PNG
Any idea goes wrong with the main side, not receiving any packets?

Thank you,
Josef
You do not have the required permissions to view the files attached to this post.
 
Exiver
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Jan 10, 2015 6:45 pm

Re: EoIP no RX on main side of the bridge

Mon Aug 26, 2019 2:47 pm

Without seeing your configuration no one can really tell you whats wrong here ;-)
 
jtde
just joined
Topic Author
Posts: 3
Joined: Thu Aug 22, 2019 3:25 pm
Location: Germany; Spain

Re: EoIP no RX on main side of the bridge

Mon Aug 26, 2019 5:09 pm

I'm not sure which part of the configuration is relevant... please tell me if I'm missing some information.

Main Router

/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1_provider1                         ether            1500  1596       2026 CC:2D:E0:XX:XX:Y1
 1     ether2_provider2                         ether            1500  1596       2026 CC:2D:E0:XX:XX:Y2
 2  RS ether3_lan                          ether            1500  1596       2026 CC:2D:E0:XX:XX:Y3
 3     ether4                              ether            1500  1596       2026 CC:2D:E0:XX:XX:Y4
 4     ether5                              ether            1500  1596       2026 CC:2D:E0:XX:XX:Y5
 5  R  bridge_lan                          bridge           1380  1596            CC:2D:E0:XX:XX:Y3
 6  RS eoip-wle2ed                         eoip             1380 65535            00:00:5E:80:00:01
/interface bridge print
Flags: X - disabled, R - running 
 0 R name="bridge_lan" mtu=auto actual-mtu=1380 l2mtu=1596 arp=enabled arp-timeout=auto 
     mac-address=CC:2D:E0:XX:XX:Y3 protocol-mode=rstp fast-forward=no igmp-snooping=no auto-mac=yes 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 
     vlan-filtering=no dhcp-snooping=no
/interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE               BRIDGE               HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0     ether3_lan              bridge_lan           yes    1     0x80         10                 10       none
 1     eoip-wle2ed             bridge_lan                  1     0x80         10                 10       none
/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                             
 0   192.168.178.3/24   192.168.178.0   ether1_provider1                                                           
 1   192.168.2.3/24     192.168.2.0     ether2_provider2                                                           
 2   192.168.30.2/24    192.168.30.0    bridge_lan                                                            
 3   192.168.30.15/24   192.168.30.0    bridge_lan                                                            
 4   192.168.30.1/24    192.168.30.0    bridge_lan
/interface eoip print
Flags: X - disabled, R - running 
 0  R name="eoip-wle2ed" mtu=auto actual-mtu=1380 l2mtu=65535 mac-address=00:00:5E:80:00:01 arp=enabled 
      arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s 
      loop-protect-disable-time=5m local-address=192.168.30.15 remote-address=10.14.100.81 tunnel-id=5 
      keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes
/ip ipsec policy print where dst-address=10.14.100.0/24
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 
 #     PEER  TUN SRC-ADDRESS                                    DST-ADDRESS                                   
 0  A  ;;; bSH side
       ;;; peer not set
             yes 192.168.30.0/24                                10.14.100.0/24
/ping 10.14.100.81 interface=bridge_lan
  SEQ HOST                                     SIZE TTL TIME  STATUS                                          
    0 10.14.100.81                               56  62 20ms 
    1 10.14.100.81                               56  62 19ms

Remote Router:

/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1                              ether            1500  1598       2028 74:4D:28:XX:XX:Y1
 1  XS ether2                              ether            1500  1598       2028 74:4D:28:XX:XX:Y2
 2  XS ether3                              ether            1500  1598       2028 74:4D:28:XX:XX:Y3
 3  RS ether4                              ether            1500  1598       2028 74:4D:28:XX:XX:Y4
 4     pwr-line1                           ether            1500  1598       2028 74:4D:28:XX:XX:Y5
 5  XS wlan1                               wlan             1500  1600       2290 74:4D:28:XX:XX:Y6
 6  R  ;;; defconf
       bridge                              bridge           1500  1598            74:4D:28:XX:XX:Y2
 7  R  bridge_lan                          bridge           1500  1598            74:4D:28:XX:XX:Y4
 8  R  eoip-ed2wle                         eoip             1458 65535            00:00:5E:80:00:02
/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                               
 0 X ;;; defconf
     192.168.29.1/29    192.168.29.0    bridge                                                                  
 1   10.14.100.81/24    10.14.100.0     ether1
/interface eoip print
Flags: X - disabled, R - running 
 0  R name="eoip-ed2wle" mtu=auto actual-mtu=1458 l2mtu=65535 mac-address=00:00:5E:80:00:02 arp=enabled 
      arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s 
      loop-protect-disable-time=5m local-address=10.14.100.81 remote-address=192.168.30.15 tunnel-id=5 
      keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes
/ping 192.168.30.15
  SEQ HOST                                     SIZE TTL TIME  STATUS                                            
    0 192.168.30.15                              56  62 20ms 
    1 192.168.30.15                              56  62 19ms


Bridge interface packet statistics:
eoip-wle2ed: 77140 Tx, 0 Rx
eoip-ed2wle: 5735 Tx, 74884 Rx
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: EoIP no RX on main side of the bridge

Mon Aug 26, 2019 5:17 pm

You have an MTU Mismatch and it appears to be inheriting it from the bridge. You need to get the MTUs to match even if you have to lower the whole segment MTU

192.168.30.15
actual-mtu=1380

10.14.100.81
actual-mtu=1458
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
jtde
just joined
Topic Author
Posts: 3
Joined: Thu Aug 22, 2019 3:25 pm
Location: Germany; Spain

Re: EoIP no RX on main side of the bridge

Mon Aug 26, 2019 10:42 pm

You have an MTU Mismatch and it appears to be inheriting it from the bridge. You need to get the MTUs to match even if you have to lower the whole segment MTU
[...]
True! I realised that and I expected some fragmentation and higher CPU load, but not a situation where one of the both sides can't receive data from the other. In my lab, the MTUs do mismatch and it works.

One hour ago I synchronized the MTU of the EoIP interface, but not of the bridges. Now the main side still can't receive packets from the remote side. One bridge no longer matches the MTU of its EoIP interface. Is that a problem?

192.168.30.15
bridge_lan mtu=auto actual-mtu=1380 l2mtu=1596
eoip-wle2ed" mtu=1380 actual-mtu=1380 l2mtu=65535

10.14.100.81
bridge_lan mtu=auto actual-mtu=1500 l2mtu=1598
eoip-ed2wle mtu=1380 actual-mtu=1380 l2mtu=65535

Thank you very much.
 
Exiver
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Jan 10, 2015 6:45 pm

Re: EoIP no RX on main side of the bridge

Mon Aug 26, 2019 11:33 pm

Im not 100percent sure but on one router (main device) you are using 192.168.30.15 as local address while this address is bound to the bridge you are binding the eoip tunnel to. Sounds logical wrong to me - can you try to set this local address to your main routers wan address? If that doesnt work please paste the output of /export hide-sensitive since we dont know which firewall / bridge firewall rules you have set (and much other stuff which could interfere here)

Who is online

Users browsing this forum: No registered users and 10 guests