Community discussions

MUM Europe 2020
 
flovin
just joined
Topic Author
Posts: 12
Joined: Wed Sep 21, 2005 11:46 am

EoIP tunnel problems.

Sun Feb 26, 2006 10:26 pm

I've setup up an EoIP tunnel between two routers - it was working fine. Then something happened, I don't know what...

I was unable to send large ping packets, 1500 bytes through the tunnel.

I tried making new tunnels, to other routers - works fine to send 1500 bytes packets through some of them, and doesn't for others... where it doesn't work the limit is exactly 1458 bytes.. at 1459 the packet just disappears.

In this particular case I use EoIP tunnels because the client has their own firewalls inside. So the EoIP is bridged to the ethernet interface facing the clients' firewalls. I thought this would be a clever solution as routing etc would be transparent for them, and I wouldn't have to worry about ip's etc they where using.. everything which goes over the tunnels is ipsec traffic.

It seems that it has something to do with the packets traveling over other routers, but I haven't figured out exactly what's happening, as it seems to be fine in some cases... and not in other cases.

Anyone have any clue or suggestion how I can solve this problem?

For the client the result is simple, they can send small packets through - e.g. small pings, but most traffic is simply lost resulting in the link not working for them.

regards,
Flóvin
 
User avatar
dbostrom
Member Candidate
Member Candidate
Posts: 133
Joined: Mon Dec 05, 2005 4:45 pm

Mon Feb 27, 2006 4:24 am

What happens if you increase the MTU on the EoIP tunnel? I've noticed that if I try to ping through an EoIP interface w/ a packet larger than the MTU, RouterOS complains with a message, "packet too large and cannot be fragmented".

It does sound as though there are some misbehaving routers in this picture, though.
 
flovin
just joined
Topic Author
Posts: 12
Joined: Wed Sep 21, 2005 11:46 am

Mon Feb 27, 2006 9:59 am

What happens if you increase the MTU on the EoIP tunnel? I've noticed that if I try to ping through an EoIP interface w/ a packet larger than the MTU, RouterOS complains with a message, "packet too large and cannot be fragmented".

It does sound as though there are some misbehaving routers in this picture, though.
I tried increasing the MTU, RouterOS doesn't let me so I guess 1500 is the max - it's simulating a standard ethernet frame.

When I send these large packets, it just gives a timeout.

Flóvin
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Mon Feb 27, 2006 12:21 pm

i would suggest using EoIP only if a transparent Ethernet-connection is needed actually.

(of course its MTU is fixed to 1500, cause it's the Ethernet-MTU)
 
flovin
just joined
Topic Author
Posts: 12
Joined: Wed Sep 21, 2005 11:46 am

Mon Feb 27, 2006 1:09 pm

i would suggest using EoIP only if a transparent Ethernet-connection is needed actually.

(of course its MTU is fixed to 1500, cause it's the Ethernet-MTU)
It makes things a lot easier in this particular scenario - we're only a carrier for others, and they use their own equipment, this way we dont need to know what they do, and they don't need to know what we do - all there is is an ethernet interface.

Are there any real disadvantages except for some added overhead due to ARP, and the mac headers?

regards,
Flovin
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Mon Feb 27, 2006 5:00 pm

i meant to use some kind of ip-ip-tunnel if layer-2 is not a must have.
 
flovin
just joined
Topic Author
Posts: 12
Joined: Wed Sep 21, 2005 11:46 am

Mon Feb 27, 2006 8:26 pm

Ok, thanks for the suggestion.

Flóvin

Who is online

Users browsing this forum: gibi13, IL76, MSN [Bot] and 108 guests