Community discussions

MikroTik App
 
wispvt
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Tue May 10, 2011 4:20 pm

Split Horizon Bypass

Fri Aug 12, 2011 3:52 pm

I am using split horizon to isolate traffic on my ports to isolate all my customers. It works well but wouldn't you know I have one customer who needs to communicate with their office which is also in my system over a vpn but the split horizon is stopping it. Is there anyway to get a connection around it so this customer can talk from 1 port to another and still isolate the rest of the traffic.
 
netrat
Member
Member
Posts: 402
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Split Horizon Bypass

Fri Aug 12, 2011 4:54 pm

As long as you have a full mesh the clients should be able to communicate with each other. Split horizon is just used to prevent bridging loops. If you do not have a full mesh then you will need to disable split horizon and use STP or RSTP. Are you using VPLS or BGP signaled VPLS?
 
wispvt
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Tue May 10, 2011 4:20 pm

Re: Split Horizon Bypass

Sat Aug 13, 2011 4:57 am

I am using split horizon to isolate clients connected to AP's on each port. It works well so you don't have to worry about any type of broadcast, dhcp or any other traffic traveling between each port. I don't want to disable it as I want to keep the network isolated, I just want to get around it for 1 customer.
 
netrat
Member
Member
Posts: 402
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Split Horizon Bypass

Sat Aug 13, 2011 6:14 pm

Why don't you just put them on seperate networks? Then you don't have to worry about broadcast traffic and you can use firewalling to (dis)allow clients to talk to one another. I don't believe you should be bridging in this situation.
 
wispvt
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Tue May 10, 2011 4:20 pm

Re: Split Horizon Bypass

Mon Aug 15, 2011 2:50 am

Bridging works best for us and customers as it allows us easily to get to any piece of equipment and a consistent gateway for all customers so its easy to troubleshoot and provision.
 
oeyre
Member Candidate
Member Candidate
Posts: 137
Joined: Wed May 27, 2009 12:48 pm

Re: Split Horizon Bypass

Mon Aug 15, 2011 3:04 am

Use EoIP/VPLS

(I assume you have MikroTik at each customer site)
 
wispvt
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Tue May 10, 2011 4:20 pm

Re: Split Horizon Bypass

Mon Aug 15, 2011 5:59 pm

No we do not. Each client connects to an AP with a wireless unit at their location, there is no need to install a separate mikrotik unit at each house as that adds more to overhead and more headaches. We hand out non-routable IP's via a centralized DHCP server and everything is bridged which makes for ease of maintenance as its easy to communicate with every part of the network.
 
wispvt
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Tue May 10, 2011 4:20 pm

Re: Split Horizon Bypass

Mon Aug 15, 2011 6:15 pm

So is there any way to tunnel around a bridge that is isolated with split-horizon?
 
netrat
Member
Member
Posts: 402
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Split Horizon Bypass

Mon Aug 15, 2011 9:18 pm

No we do not. Each client connects to an AP with a wireless unit at their location, there is no need to install a separate mikrotik unit at each house as that adds more to overhead and more headaches. We hand out non-routable IP's via a centralized DHCP server and everything is bridged which makes for ease of maintenance as its easy to communicate with every part of the network.
I still do not see the need for bridging if you're using DHCP. Separate the networks, get rid of the bridging, and start a DHCP server instance on each network. There is no easy way to "tunnel" through a bridge that is separated with split horizon. If you want to control how clients talk to each other then the safest/easiest way is using an IP firewall. You can disable the split horizon and enable use-ip-firewall under /interface bridge settings. Then segregate clients with /ip firewall filter.
 
oeyre
Member Candidate
Member Candidate
Posts: 137
Joined: Wed May 27, 2009 12:48 pm

Re: Split Horizon Bypass

Tue Aug 16, 2011 11:18 am

So is there any way to tunnel around a bridge that is isolated with split-horizon?
I just told you how...

You've created a layer 2 barrier between these 2 subscribers, so you either need to disable the horizon bridging or encapsulate customer traffic in some form of IP based tunnel (ie EoIP/VPLS) in order to get around it.

So either the customer needs to figure this out for themselves, or you need to work out the commercial details of installing a managed RB at each site.

Who is online

Users browsing this forum: Bing [Bot], giovanni, Google [Bot], qatar2022, sch and 97 guests