Page 1 of 1

Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Sep 14, 2019 11:14 pm
by Torontobb
Hi Everyone,

Please see attached hand drawn diagram. Right now there is no Mikrotik installed but I would like to add it like I drew on the diagram. I would like Mikrotik to dedicated 5 Mbps UP/DOWN for phones at all times and to also act as a bottleneck *switch* OR *router* and allows PPPoE to pass through to ISP modem to allow the "3rd party router" to do PPPoE authentication. The "3rd party router" is now connected directly to ISP modem and both ISP modem and "3rd party router" do PPPoE authentication and each get a separate public IP. This ISP allows for two public IPs to be obtained: one by ISP modem and one by a 3rd party router connected to ISP modem.

Problem: "The 3rd party router" is not in my control and uses all the bandwidth and the admin is not willing to help.
Solution trying to implement: Do traffice shaping by MikroTik HeX router and allow ISP modem/router to give IPs and make Ethernet-5 on HeX in switch mode (or router mode) but dedicate it 5 Mbps up / down and allow Ethernet-1 (also in switch mode) for "3rd party router" to obtain it's public IP.

Is this possible by adding Mikrotik? The goal is to allow "3rd party router" have a public IP so no NAT management is required and to give phones switch dedicated 5Mbps up/down.

Image

Thanks,

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Oct 06, 2019 2:14 am
by Torontobb
Anyone?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Oct 06, 2019 8:36 am
by BartoszP
The question is if you are able to make PPPoE connection from "internal" router to receive public address if there is no Mikrotik "in the middle"?
What do Mikrotik should do in your opinion?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Wed Oct 09, 2019 11:25 pm
by Torontobb
The question is if you are able to make PPPoE connection from "internal" router to receive public address if there is no Mikrotik "in the middle"?
What do Mikrotik should do in your opinion?
Yes, internal router CAN PPPoE authenticate and get a public IP from ISP while it's connected downstream to ISP modem (in absentee of Mikrotik).

I would like Mikrotik to be present for the following reasons:
1- To reach it and ping it when I need to test the connection.
2- To segregate VoIP network from Data network (run by Internal Router)
3- Most importantly, to shape bandwidth so that I can allocate 2Mbps to VoIP switch network (at all times) and 8Mbps to Internal Router consumption.

Is this possible?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Wed Oct 09, 2019 11:34 pm
by NetWorker
Yes, it is possible. RouterOS is not going to be a limitation and CPU power in a Hex is plenty for distributing those 8 mbps.

Just use queues and separate the interfaces from the switch chip.

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Thu Oct 10, 2019 12:38 am
by Torontobb
Yes, it is possible. RouterOS is not going to be a limitation and CPU power in a Hex is plenty for distributing those 8 mbps.

Just use queues and separate the interfaces from the switch chip.
Thanks for confirmation.

First step, how should I configure a Mikrotik interface to allow the Internal Router to still PPPoE authenticate to ISP?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 12:27 am
by Torontobb
Anyone?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 12:37 am
by Zacharias
Create a PPPoE client...

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 12:45 am
by Torontobb
Create a PPPoE client...

Create PPPoE client on what device? and how? Not sure what you mean. Internal Route has only one way of connecting PPPoE. Do you mean I should do PPPoE authentication on Mikotik and pass the public IP to Internal Router?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 12:03 pm
by Zacharias
You can do that too.. PPPoE works in layer2.. so as long as you stay there the PPPoE client will discover the PPPoE server...

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 3:31 pm
by Torontobb
You can do that too..
1- What do you mean by that? What is the alternative?
2- Can bandwidth shaping happen for Layer 2 as well?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 3:37 pm
by Zacharias
1. You said you want your internal router to PPPoE authenticate with your ISP right? For this to happen you should have a layer2 tunnel between your internal router and the ISPs router...

2. How does an ISP limit your Up / Down? Yes you can...

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 4:45 pm
by Torontobb
1. You said you want your internal router to PPPoE authenticate with your ISP right? For this to happen you should have a layer2 tunnel between your internal router and the ISPs router...
What should be the port configuration for Layer 2 for:
ISP Modem >(Layer 2)>Mikrotik>(Layer 2)>Internal Router

I will use WAN port on a HeX for ISP Modem to Mikrotik and Eth-2 for Mikrotik to Internal Router.

Should port 1 and 2 be set to Switch mode? Would firewall be enabled for this?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 7:34 pm
by Zacharias
Layer 2 means no routing.. Data link layer.. Mac addresses....

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 8:34 pm
by Torontobb
Layer 2 means no routing.. Data link layer.. Mac addresses....
I understand but new to Mikrotik so what is the command that should run to make eth1 and eth2 prepared for this?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Fri Oct 11, 2019 9:30 pm
by Zacharias
Layer 2 means no routing.. Data link layer.. Mac addresses....
I understand but new to Mikrotik so what is the command that should run to make eth1 and eth2 prepared for this?
If you Bridge two interfaces then they are on the same Layer 2 network.
For example, i could have my ISPs router connected with a mikrotik router that works with a dhcp client.. Lets say i have a bridge named Bridge witch has ports ether1 and ether2. I can use dhcp client on that Bridge so i can have internet to my first router. Then I use either ether1 or ether2 (the one that is free) to connect it to my second mikrotik router that has a PPPoE client on his ether1...

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Oct 12, 2019 12:41 am
by Torontobb
Layer 2 means no routing.. Data link layer.. Mac addresses....
I understand but new to Mikrotik so what is the command that should run to make eth1 and eth2 prepared for this?
If you Bridge two interfaces then they are on the same Layer 2 network.
For example, i could have my ISPs router connected with a mikrotik router that works with a dhcp client.. Lets say i have a bridge named Bridge witch has ports ether1 and ether2. I can use dhcp client on that Bridge so i can have internet to my first router. Then I use either ether1 or ether2 (the one that is free) to connect it to my second mikrotik router that has a PPPoE client on his ether1...
Can I limit speed on that bridge which is layer-2 and used for PPPoE?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Oct 12, 2019 10:21 pm
by Zacharias
Assign a rate limit in the profile of the PPPoE server...
https://wiki.mikrotik.com/wiki/Manual:P ... r_Profiles
Check the rate limit in the above link..

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Oct 13, 2019 5:43 am
by Torontobb
Assign a rate limit in the profile of the PPPoE server...
https://wiki.mikrotik.com/wiki/Manual:P ... r_Profiles
Check the rate limit in the above link..
Is rate limit same as queues?
On IRC channel people said that Queues limits will break PPPoE authentication. Is that true?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Oct 13, 2019 12:53 pm
by Zacharias
Why dont you test it?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Oct 13, 2019 5:55 pm
by IPANetEngineer
Here are some example configs and a diagram that should point you in the right direction. A few notes on this - I tried to keep the config as simplistic as possible since you're dealing with very low speeds. There are more efficient ways to do this, but it requires more config. Also, I used 10M download and 1M upload as the values for the ISP connection - these will need to be adjusted to the actual values.

Here is an overview of the solution

Image


Configuration

First you need to create a bridge for the ports and add them to the bridge.

/interface bridge
add name=Shared-LAN

/interface bridge port
add bridge=Shared-LAN interface=ether1
add bridge=Shared-LAN interface=ether2
add bridge=Shared-LAN interface=ether3

Then you need to add the simple queue rules which will classify the traffic and prioritize accordingly

/queue simple
add max-limit=1M/10M name=All-ISP-Bandwidth target=Shared-LAN
add limit-at=768k/5M max-limit=1M/10M name=Phones parent=All-ISP-Bandwidth priority=1/1 target=192.168.2.0/24
add max-limit=1M/10M name=3rd-party-router parent=All-ISP-Bandwidth priority=2/2 target=""

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Oct 13, 2019 8:43 pm
by Zacharias
IPANetEngineer what if he adds a rate limit in the profile of the PPPoE server? Won't that add a dynamic simple queue?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Mon Oct 14, 2019 2:04 am
by IPANetEngineer
If I read the OP correctly, he does not have control of the PPPoE server.

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Mon Oct 14, 2019 6:24 pm
by Zacharias
Ok.. can you remind me if the rate limit adds a dynamic queue?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Tue Oct 15, 2019 9:26 pm
by Torontobb
Here are some example configs and a diagram that should point you in the right direction. A few notes on this - I tried to keep the config as simplistic as possible since you're dealing with very low speeds. There are more efficient ways to do this, but it requires more config. Also, I used 10M download and 1M upload as the values for the ISP connection - these will need to be adjusted to the actual values.

Here is an overview of the solution

Image


Configuration

First you need to create a bridge for the ports and add them to the bridge.

/interface bridge
add name=Shared-LAN

/interface bridge port
add bridge=Shared-LAN interface=ether1
add bridge=Shared-LAN interface=ether2
add bridge=Shared-LAN interface=ether3

Then you need to add the simple queue rules which will classify the traffic and prioritize accordingly

/queue simple
add max-limit=1M/10M name=All-ISP-Bandwidth target=Shared-LAN
add limit-at=768k/5M max-limit=1M/10M name=Phones parent=All-ISP-Bandwidth priority=1/1 target=192.168.2.0/24
add max-limit=1M/10M name=3rd-party-router parent=All-ISP-Bandwidth priority=2/2 target=""
Thanks for the diagram and the command lines. This is beautifully explained. I have implemented this with bit changes to speed and Upload seems to work just fine but download is splitting between Ether-2 and Ether-3. My tests are done using nperf.com and I have run the tests at the same time OR starting one before the other. In all cases that I tested Upload priority was given to phones network but Download speed was shared.

My average DSL speed is 11.46 upload / 21.30 download so I have run the following commands to test this:
/queue simple
add max-limit=11.46M/21.30M name=All-ISP-Bandwidth target=Shared-LAN
add limit-at=10M/20M max-limit=11.46M/21.30M name=Phones parent=All-ISP-Bandwidth priority=1/1 target=192.168.2.0/24
add max-limit=1M/1M name=3rd-party-router parent=All-ISP-Bandwidth priority=2/2 target=""
This is image of my settings from Queues sections:
Image

I am giving 10Mbps uploaded and 20Mbps uploaded to phone network just to test it and see if the DEDICATED amount is given to it but it failed. It did obtain 10Mbps upload at all times but only 11Mbps for download and gave the remaining 11Mbps to "3rd Party Router" when I run simultaneous tests. What could be the issue?

Thanks,

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Tue Oct 15, 2019 11:05 pm
by xvo
Try setting your max-limit values at least 5-10% lower than your typical ISP speed: you might hit the ISP limits before you hit your own.

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Wed Oct 16, 2019 9:27 pm
by Torontobb
If I read the OP correctly, he does not have control of the PPPoE server.
I am not sure what control means in this context but PPPoE server is on ISP side. Of course, I can run a PPPoE server on Mikrotik too and maybe(?) then pass public IP to 3rd Party Router but seems like your method is the best IF it doesn't break PPPoE connection (can you please confirm this because on IRC channel I heard someone say PPPoE will break with Queues usage).

Also, can you please comment on download limit issue I mentioned in my previous post?

Thanks,

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Oct 19, 2019 6:49 pm
by Torontobb
Anyone can comment why upload speed limit works but not download?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Oct 19, 2019 8:21 pm
by Zacharias
Did you finally add queues for the PPPoE? Can i see those queues?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Oct 19, 2019 10:20 pm
by Torontobb
Did you finally add queues for the PPPoE? Can i see those queues?
I am not sure what you mean by that. Can you add commands please like IPANETEngineer did. PPPoE is done on "3rd Party Router".
This is my current settings:
/interface bridge
add name=Shared-LAN
 
/interface bridge port
add bridge=Shared-LAN interface=ether1
add bridge=Shared-LAN interface=ether2
add bridge=Shared-LAN interface=ether3
 
/queue simple
add max-limit=11.46M/21.30M name=All-ISP-Bandwidth target=Shared-LAN
add limit-at=10M/20M max-limit=11.46M/21.30M name=Phones parent=All-ISP-Bandwidth priority=1/1 target=192.168.2.0/24
add max-limit=1M/1M name=3rd-party-router parent=All-ISP-Bandwidth priority=2/2 target=""

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Oct 19, 2019 10:47 pm
by Torontobb
Here are some example configs and a diagram that should point you in the right direction. A few notes on this - I tried to keep the config as simplistic as possible since you're dealing with very low speeds. There are more efficient ways to do this, but it requires more config. Also, I used 10M download and 1M upload as the values for the ISP connection - these will need to be adjusted to the actual values.

Here is an overview of the solution

Image


Configuration

First you need to create a bridge for the ports and add them to the bridge.

/interface bridge
add name=Shared-LAN

/interface bridge port
add bridge=Shared-LAN interface=ether1
add bridge=Shared-LAN interface=ether2
add bridge=Shared-LAN interface=ether3

Then you need to add the simple queue rules which will classify the traffic and prioritize accordingly

/queue simple
add max-limit=1M/10M name=All-ISP-Bandwidth target=Shared-LAN
add limit-at=768k/5M max-limit=1M/10M name=Phones parent=All-ISP-Bandwidth priority=1/1 target=192.168.2.0/24
add max-limit=1M/10M name=3rd-party-router parent=All-ISP-Bandwidth priority=2/2 target=""
Looking at it again, neither Upload or Download limits work at all. None of the queues work. It was my desktop eating more upload bandwidth compared to a Surface notebook that made me think Upload works.

So, as it stands, your diagram and commands do not create any limits whatsoever. Also disabling them was same as when they were enabled.

Can you please test in lab?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sat Oct 19, 2019 11:45 pm
by Zacharias
Your queues look fine... in the advanced tab of the parent queue add as type pcq upload default and pcq download default...

Also specify your target in your third router...

Then test again...

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Oct 20, 2019 7:49 pm
by Torontobb
Your queues look fine... in the advanced tab of the parent queue add as type pcq upload default and pcq download default...

Also specify your target in your third router...

Then test again...

Setting to PCQ Default for both upload and download did not make a difference. Also setting Target to ether2-master (the 3rd party router connected port) did not make a difference. I am going by the diagram posted by IPANetEngineer by the way.

*I enabled and disabled these Queues and it made absolutely no difference at my tests. I am using nperf.com to test with two different computers simultaneously.

Here is a snap shot:
Image

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Tue Oct 22, 2019 5:35 pm
by Torontobb
Your queues look fine... in the advanced tab of the parent queue add as type pcq upload default and pcq download default...

Also specify your target in your third router...

Then test again...

Setting to PCQ Default for both upload and download did not make a difference. Also setting Target to ether2-master (the 3rd party router connected port) did not make a difference. I am going by the diagram posted by IPANetEngineer by the way.

*I enabled and disabled these Queues and it made absolutely no difference at my tests. I am using nperf.com to test with two different computers simultaneously.

Here is a snap shot:
Image
Anyone can comment on this?

I am surprised traffic shaping is such a convoluted topic on Mikrotik that simple queues can not work on two ports.

Is there a wizard to setup Queues?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Tue Oct 22, 2019 7:15 pm
by Zacharias
Actually its really simple...
Something is preventing it from working on your configuration...

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Tue Oct 22, 2019 7:31 pm
by Torontobb
Actually its really simple...
Something is preventing it from working on your configuration...
Thanks for feedback.
Have you tested this in your lab that you can say for sure?

This is a factory fresh config and up to date router with only these commands so I doubt what you said holds (the something preventing; i.e. other commands run). Looks to me these commands are not the right ones unless someone else can confirm works for them.

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Tue Oct 22, 2019 9:07 pm
by Zacharias
Actually its really simple...
Something is preventing it from working on your configuration...
Thanks for feedback.
Have you tested this in your lab that you can say for sure?
The specific configuration no...
However i have used simple queues, really, in hundreds of configurations...
So i know they do work :D

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Wed Oct 23, 2019 5:43 pm
by Torontobb
Actually its really simple...
Something is preventing it from working on your configuration...
Thanks for feedback.
Have you tested this in your lab that you can say for sure?
The specific configuration no...
However i have used simple queues, really, in hundreds of configurations...
So i know they do work :D
Yeah, I thought there is something wrong. So what is your suggestion or there is no hope for this scenario?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Nov 10, 2019 6:31 pm
by Torontobb
Any gurus can comment on this?

Re: Is MikrotikOS good enough to support two networks independent of each other? (one needs PPPoE)

Posted: Sun Nov 10, 2019 7:49 pm
by sindy
I may have missed that in the previous posts, but it seems to me that the configuration by @IPANetEngineer lacks a significant bit of information - in order for queues to work also for L2 frames, in interface bridge settings, use-ip-firewall must be set to yes; in order that PPPoE frames were handled as well, use-ip-firewall-for-pppoe must be set to yes too.

I also have some doubts regarding the way the three simple queues are organized, but I lack any experience here, so it may be allright. The fact that the last one, which should handle the 3rd party router's PPPoE traffic, has target="" is fine; what bothers me is the first one to match on target=Shared_LAN. I expect that rule to either match everything (which would be wrong) or nothing (which would just mean it is useless) because the Shared_LAN has no L3 configuration assigned to it.

So start from changing the bridge settings and have a look whether the queues start counting packets, drops etc. once you do that. If only the first one wil start counting, disable it.