Community discussions

MUM Europe 2020
 
SPDurkee

bridge eoip loses internal lan connectivity

Thu Mar 16, 2006 9:44 pm

I am setting up an eoip tunnel between two data centers. I then attempt to bridge the internal lan of each data center with the eoip interface on each router.

As soon as I enable the bridge, I lose connectivity to the internal ip address assigned to the router.

I then assign the internal ip to the bridge interface instead of the nic, however I still have no connectivity to this ip from the internal lan.

Any thoughts?
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Mar 17, 2006 9:19 am

should be working.
did you clear the ARP-cache at the client?
maybe posting the configuration could help.
 
SPDurkee

Fri Mar 17, 2006 2:44 pm

clearing the arp cache on any client didnt help.

Here's my config:
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:5E:80:00:01 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=5s hello-time=2s max-message-age=20s

Router1 is assigned an ip of 192.168.0.51 on the bridge (which contains the eoip connection & the internal nic)

Router2 is assigned an ip of 192.168.0.52 on the bridge (which contains the eoip connection & the internal nic)

I can ping each router from eachother, however I can not ping any computers on either lan, nor can I ping the routers from the computers.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Fri Mar 17, 2006 3:05 pm

Add to bridge local and EoIP interfaces, check if the MAC-addresses for the EoIP tunnels are not the same.
Could you ping computers from the router, they are connected to ?
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Mar 17, 2006 3:24 pm

and the EoIP-Interface should not be in the same bridge with the interface the EoIP-tunnel goes out. an example:
/ interface eoip 
add name="tunnel-101" mtu=1500 mac-address=00:00:5E:80:10:11 arp=enabled remote-address=1.1.1.1 \
    tunnel-id=101 comment="" disabled=no 

/ interface bridge 
add name="lan" disabled=no 

/ interface bridge port 
add interface=ether3 bridge=lan priority=128 path-cost=10 comment="" disabled=no 
add interface=tunnel-101 bridge=lan priority=128 path-cost=10 comment="" disabled=no 
other side:
/ interface eoip 
add name="tunnel-101" mtu=1500 mac-address=00:00:5E:80:10:12 arp=enabled remote-address=2.2.2.2 \
    tunnel-id=101 comment="" disabled=no 

/ interface bridge 
add name="lan" disabled=no 

/ interface bridge port 
add interface=ether3 bridge=lan priority=128 path-cost=10 comment="" disabled=no 
add interface=tunnel-101 bridge=lan priority=128 path-cost=10 comment="" disabled=no 
 
SPDurkee

Fri Mar 17, 2006 3:34 pm

After creating the bridge, I have a total of 4 interfaces on each router:
External
Internal
Bridge1
EOIP-Location1

External
Internal
Bridge1
EOIP-Location2

The bridge for each router contains the Internal and EOIP interfaces.

I can ping Router1 from Router2 but can not ping any computers connected to the same lan Router1 is conencted to from Router1. The same is true for Router2.

Maybe there is another way to do what I'm trying to do?

I need to allow servers in InternalLAN1 connect to servers in InternalLAN2 through some sort of route or tunnel over the public internet.

Your help is greatly appreciated.
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

  [SOLVED]

Fri Mar 17, 2006 5:54 pm

I can ping Router1 from Router2 but can not ping any computers connected to the same lan Router1 is conencted to from Router1. The same is true for Router2.
i can't see a difference, besides that i have enabled proxy-arp at one side, but this is for PPTP only. Did you check if the EoIP-Tunnel is working? That is seeing MAC-Adresses from the other tunnel-side, and check if any traffic is going through the tunnel. Maybe you should post "/interface export" and "ip address print"
Maybe there is another way to do what I'm trying to do?

I need to allow servers in InternalLAN1 connect to servers in InternalLAN2 through some sort of route or tunnel over the public internet.
If no layer 2 is needed, of course a layer 3 connection, e.g. PPTP- or IPSec-tunnel would be better. Do the public interfaces have static IP-addresses? If yes, i would suggest using an IPSec-tunnel.
 
SPDurkee

Fri Mar 17, 2006 6:07 pm

Unfortunately my networking knowledge is limited, but what I'm looking to do is have any server on the internal network in one data center seemlessly connect with any server in the internal network on the other data center.

All the servers are in the 192.168.0.x/24 subnet, ideally the solution would also allow broadcast packets so the windows servers could identify eachother by name.
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Mar 17, 2006 6:34 pm

All the servers are in the 192.168.0.x/24 subnet, ideally the solution would also allow broadcast packets so the windows servers could identify eachother by name.
LAN-Broadcasts could cause a lot of WAN-Traffic, does that matters?
AFAIK Windows-server could interconnect without seeing broadcasts, using the Windows Domain System, Active Directory or something (sorry my Windows-knowledge is limited)

But EoIP is working with MT ROS for sure. BTW which Router OS version is used?
 
SPDurkee

Fri Mar 17, 2006 6:39 pm

WAN traffic will most likely not be an issue, however I can switch to WINS or even use a HOSTS file if need be.

Both routers are 2.9.6.
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Mar 17, 2006 7:10 pm

ok, i'd guess EoIP is the right tunnel, so i still see a few unanswered questions:
...
check if the MAC-addresses for the EoIP tunnels are not the same.

Could you ping computers from the router, they are connected to?
...
Did you check if the EoIP-Tunnel is working? That is seeing MAC-Adresses from the other tunnel-side, and check if any traffic is going through the tunnel.

you should post "/interface export" and "ip address print"
...
 
SPDurkee

Sat Mar 18, 2006 4:44 pm

The mac addresses for the eoip tunnel are different: 00:00:5E:80:00:01 & 00:00:5E:80:00:02

I can not ping the computers from the router they are connected to.

I can ping the router on the other end of the EOIP tunnel, and it does show traffice moving through the eoip interface

Rather than posting all the interface information here. I've created a web page showing it all: http://www.terrasite.com/mikrotik.htm

One additional note, the arp list on the Rochester router seems to populate with the MACs from server in Vienna, however the ARP list in Vienna never seems to populate.
 
SPDurkee

Sat Mar 18, 2006 5:00 pm

Issue solved, well sort of.

The routers were installed as virtual servers using Microsoft Virtual Server 2005 R2. It appears, that this is why I can not ping other computers on the lan. I can ping other virtual servers set up on the same boxes through the tunnel.

It looks like if I setup dedicated servers to do this, the eoip tunnel and brdige would work normally.

Thank you for all the help & suggestions.
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sat Mar 18, 2006 5:11 pm

Looks basically OK.

Here's a few things you might try, based on the configuration you published on the URL you posted.

1. You have configured two IP addresses on the external interface of the Rochester router, and you have configured
the higher-numbered / second one of them (74.39.252.133) as the EoIP tunnel peer on the Vienna router.
Try using 74.39.252.129 as the EoIP tunnel endpoint (change the Vienna router accordingly).

2. Why do you have arp=proxy-arp on the bridge1 interface on the Rochester router?
Try changing it to arp=enabled

3. While you are at it: Since you've added the IP address to the bridge1 interface (that's good) and not
to the interfaces that are members of the bridge (Internal, eoip-*), you can switch off arp altogether on the
Internal and eoip-* interfaces on both routers.
ARP functionality only makes sense on interfaces that actually have IP addresses assigned to them.

--Tom

Who is online

Users browsing this forum: Google [Bot], Zacharias and 135 guests