Good day,

I'm in the process of implementing pppoe servers on every high site.

client dials in and gets a public ip address that gets redistributed with ospf.

First of all, I'm not a fan of bridging anything.

I have 2 options, i'm also open to any other suggestions.

1. Bridge the AP's ether and WLAN interface
Then add all the ports of the tower router that connects to ap's on that bridge
Setup the PPPoE server on the Bridge on the tower router.

2. Create A EoIP tunnel on the ap to the main router and bridge the WLAN and EoIP interface
Then create a bridge and bridge all the EOIPs on the tower router
Setup PPPoE server on the bridge with the EoIP's

Both these methods work, but will option 2 Scale(will there be issues with fragmentation and MTU)

I prefer method 2 because in the 6 years of working with mikrotik I have seen a lot of devices damaged by lightning due to our spectacular storms in the area.

If a port that is bridged gets some esd then it will usually show to be running even with no cable attached to it and causes a loop on all or most of the bridged ports.

With the eoip option there is no Ethernet ports bridged, if a port gets damaged the EoIP will go down and only the clients on that AP will be affected vs a loop that causes no connectivity on all the connected clients.

Any suggestions and feedback will be appreciated.

BTW there is 7000 clients on a fully routed network so I will be very busy creating all the users and setting up the pppoe endpoints

First of all, I'm not a fan of bridging anything. ; Why not?


1. Bridge the AP's ether and WLAN interface
Then add all the ports of the tower router that connects to ap's on that bridge
Setup the PPPoE server on the Bridge on the tower router.

Its possible to have each connection as a vlan or something, and run one pppoe server per interface if not preffering tor bridge. Bur i cant se what it will bennefits if you bridge all ports,and use horizion,

If you have 7000 clients. i would consider using MPLS/VPLS or anny other way transporting CPE's to core. btw - MTU is just an issue if you dont have 100% contraol of MTU. In my mind - 100% control ins not to know 100¤ exactly ehat is l2mtu in each link,site, device - but be sure its enough. If you need 1514 bytes..... why run 1514? - and not 1600. I had a tumb finger rule - have all links at at least 1600 bytes - then there will be no problem. There is no reasion what so ever to have the exact perfect l2mtu.A bad compare - but still. lets say you need to fill as glass of beer with 0.5 liters every time to a customer. the beer you need to get at the other side of a road, and carry to the customer. If you need 0.5 liters of beer every time. why make a bucket 0.5 liters big. there migt be some spill beer on the way if you dont go varfully.. make the bucket 0,6 or 0,7 - and there will always be at least 0.5 liters when you arrive destionation.,

Largest possible L2MTU works fine yep, but there's more to it than that and I feel it's important to calculate the correct size. For instance the default MPLS MTU of 1508 is NOT enough when running VPLS and will cause fragmentation (extra eth header in the packet) so you are wasting bandwidth. You can't just pluck a figure out of the sky because do you set MPLS MTU to 1522? 1550? 1600?
1522 is enough, problem solved right? Well not if you want to include a VLAN 'inside' your VPLS packet, now you have fragmentation again. 1600 is too large if theres a VLAN 'outside' i.e. on the interface itself because by default the Mikrotik L2MTU would be 1596. So you'd need to adjust every device from default settings and is too much work

I have a post on these forums with several examples in a spreadsheet to hopefully clear up the confusion

Thanks for all your feedback so far,

I will take the MPLS/VPLS into consideration