Community discussions

MikroTik App
 
hitek146
Member Candidate
Member Candidate
Topic Author
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

EoIP tunnel needs packets fragmented?

Wed Aug 17, 2005 9:56 am

I have tried to set up two different EoIP tunnels over PPPoE links in two different scenerios, and in both cases, I can ping any website in the world from the far end of the tunnel, with DNS resolution through the tunnel, but browsing the web does not work. Our backhaul uses a both public and private subnets, and I am attempting to bond an RB532 PPPoE client's Ether1 interface directly with our backhaul. All of our backhaul links to and from each tower run through EoIP tunnels in every direction, with all of the EoIP tunnels terminating at each tower bridged into a common bridge. The bridge itself is assigned the tower's backhaul IP address. This works very well, each tower having a bridge interface that is it's part of the backhaul, and now I simply want to bridge an additional EoIP tunnel with the others, but this time going over one of the tower's subscriber's PPPoE connections to the client MT. At the client, as stated before, the EoIP tunnel is bridged to the Ether1 interface. This works exactly as expected, up to a point. The client connected to the remote end of the EoIP(over PPPoE) tunnel is directly connected through the tunnel to our backhaul, exactly as I wanted, and this can be easily seen in the ARP table. All traceroutes to anything on the backhaul are one hop, as expected. Finally, as also stated above, I am unable to browse the internet at all through the EoIP tunnel, even though the other EoIP tunnels that this one is bridged with at the tower work just fine. It's just this tunnel.

And then, I cannot ping the Cisco gateway through this specific tunnel, even though packet do route properly through it for a ping or traceroute aimed at the outside. What is even more crazy, is that I can ping an MT router that has an IP address one up from the Cisco and is connected to the same very switch as the Cisco is. I can ping both that MT and Cisco from other EoIP tunnels in the backhaul.....

Any ideas, anyone? Thanks in Advance....

Hitek
(all 2.9rc10, BTW)

PS- Our backhaul EoIP tunnels run inside encrypted PPTP tunnels, and work very well, so I am wondering if it is not related to the PPPoE, although I would think that the sub-layer(the PPPoE layer) should not affect the operations on the inside of the EoIP tunnel that is running on top of it....
 
wildbill442
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Wed Aug 17, 2005 6:54 pm

Could it be an MTU setting? whats the MTU set to for the EoIP over PPPoE tunnel?

Try setting it to 1462 so you give enough space for overhead from PPPoE (8bytes) and whatever the overhead is from EoIP.
 
User avatar
lastguru
Trainer
Trainer
Posts: 435
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia
Contact:

Wed Aug 17, 2005 7:00 pm

when MTU problems are observed, I usually advise going from 1300 and up to the poing when it stops working.
International MikroTik Certified Trainer and Consultant form Latvia.
I do RouterOS Training and Certification worldwide!

skype: lastguru
 
hitek146
Member Candidate
Member Candidate
Topic Author
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Fri Aug 19, 2005 4:59 am

The MTU for the EoIP tunnel is 1500. Our working EoIP links are configured like this:

Radio on each end is assigned a static IP address, for example 10.1.1.1 at the AP and 10.1.1.2 at the station.

PPTP server is configured on AP end, and a user account(secret) is created that assigns an IP address to both the server and client end of the PPTP tunnel, for example, 10.2.1.1 on the server end of the PPTP link, and 10.2.1.2 on the PPTP client end of the link. The PPTP tunnel is encrypted. This has created a secure PPTP tunnel over the wireless link, with an MTU of 1460.

Of course, next I create a PPTP client, and have it dial the address of the AP's radio, which is 10.1.1.1 in this example. With the proper username and password in the client, the AP and station ends of the PPTP tunnel are assigned their 10.2.1.x addresses.

Next, I create an EoIP interface on the AP, and one on the client. The target address of each end of the EoIP tunnel is the IP address of the PPTP tunnel on the other end. In other words, the EoIP interface on the AP has a remote-address=10.2.1.2, and the EoIP interface on the client has a remote-address=10.2.1.1, creating an EoIP tunnel inside of the PPTP tunnel. The MTU of the EoIP tunnel is 1500.

From many readings of the MT documentation, I have gathered that the whole point of an EoIP tunnel is to allow unfragmented packets to travel over other links that may not be able to otherwise transfer unfragmented packets, and then to bond both ends into a "virtual" ethernet cable. Traffic immediately through an EoIP tunnel should not need to be specially handled, as the EoIP interface is supposed to fragment full ethernet packets to better fit through a "smaller" tunnel, and then reassemble the packets back to their original size transpartently on the other end. This was my understanding, anyhow, and in the above described example, it works perfectly.

The problems begin only when I try to do the same thing above using a PPPoE tunnel in place of the PPTP tunnel. The PPPoE tunnel that the EoIP tunnel is being created over has an MTU of 1488, but I have tried many different MTUs, and that should not matter anyway to an EoIP tunnel, as the EoIP tunnel's job is to deal with outside tunnels that are smaller than the packets that travel through the EoIP tunnel....

Isn't the purpose of the EoIP tunnel to allow full sized packets to pass, no matter what?

TIA

Hitek

Edit: Also, both ends have an identical tunnel ID, and very different MAC addresses....
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Sat Aug 20, 2005 8:01 pm

have you tried to change mtu and mru for PPPoE connections ?
 
hitek146
Member Candidate
Member Candidate
Topic Author
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Tue Aug 23, 2005 2:12 pm

Yes, I have....
The PPPoE tunnel that the EoIP tunnel is being created over has an MTU of 1488, but I have tried many different MTUs, and that should not matter anyway to an EoIP tunnel, as the EoIP tunnel's job is to deal with outside tunnels that are smaller than the packets that travel through the EoIP tunnel....
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Tue Aug 23, 2005 4:21 pm

And your PPPoE link overt EoIP does not work ?
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Aug 23, 2005 5:00 pm

It was more an EoIP over PPPoE problem he was describing... ;)
Best regards,
Christian Meis
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Tue Aug 23, 2005 11:21 pm

i think, he has PPPoE link over EoIP 8)
the main idea is clear, i hope :D
 
hitek146
Member Candidate
Member Candidate
Topic Author
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Wed Aug 24, 2005 2:57 am

I am trying to build an EoIP tunnel on top of an existing PPPoE link, and then transmit my target traffic(which is just http traffic, for now, with no PPPoE tunnel) directly through the EoIP tunnel.

Hitek
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Wed Aug 24, 2005 3:10 pm

I am trying to build an EoIP tunnel on top of an existing PPPoE link
I don't understand why you would need to create an EoIP tunnel because to get PPPoE itself going you'd
already have a working transparent ethernet connection that the PPPoE can run over, dont't you?

--Tom
 
hitek146
Member Candidate
Member Candidate
Topic Author
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Thu Aug 25, 2005 7:03 am

I'm trying to bridge, to our backhaul, the ethernet interface of a wireless client that is logged into a central access point. The only way for a client to get access into our centrally located access point, for securtiy and accounting reasons, is encrypted PPPoE. If I want the ethernet port on one of the AP's client devices transparently bridged to our backhaul, I will need to use an EoIP tunnel over the PPPoE connection, unless anyone knows of another way, without side-stepping the PPPoE Access Concentrator....

Hitek

Who is online

Users browsing this forum: Google [Bot] and 117 guests