Hi everyone,
In my networks I have configured PPPoE service for my Wireless customers. I have Public addressing and each customer has a public IP.
To give a public IP to customer I use a pool called 'public-pool'. This pool is enough large for all my customers and more.
On the another hand, I use RADIUS in my auth for PPPoE accounts, and SOME clients has a fixed public IP inside the ip pool.
My problem is the following:
public-pool = 10.2.0.2 - 10.2.0.254
client_1 has a fixet publioc IP address = 10.2.0.30
client_2 has a dynamic addresing.
client_1 authenticates successfully in my PPPoE server and IP 10.2.0.30 is present in active connections.
[*]Why does client_2 hace the same ip address 10.2.0.30 when this IP is used yet? I have a duplicate IP addrees in my network.
[*] Why does ROS not detect the ip 10.2.0.30 as used IP?
[*] Is it significative that client_1 user a radius attribute Framed-IP-Address to get IP and client_2 uses a local pool?
We detect this behaviour in previous ROS versions.
Thansk for the answer,
Santiago
Re: PPPoE service duplicate customer IP
Very gratefully, MikroTik Support team caught my question.
Let's inform you the final solution.
Let's inform you the final solution.
Re: PPPoE service duplicate customer IP
The answer by MikroTik Team was:
So, I ask for an improving the PPP server to embrace this requirement.Unfortunately you have to remove this address form pool manually. Client also might configure static addresses on client and they also will not be removed from pool so address assignation from pool only check if address has been assigned from itself.
Re: PPPoE service duplicate customer IP
>>> SOME clients has a fixed public IP inside the ip pool.
Why INSIDE and not before or after?
>>>public-pool = 10.2.0.2 - 10.2.0.254
why not 10.2.0.3 - 10.2.0.254 ?
>>>client_1 has a fixet publioc IP address = 10.2.0.30
why not 10.2.0.2? and the next 10.2.0.3 etc. reducing consequentially the pool by one?
>>>[*]Why does client_2 hace the same ip address 10.2.0.30 when this IP is used yet? I have a duplicate IP addrees in my network.
Obviously: Because you use twice the same address for the pool and for fix IP address...
>>>[*] Why does ROS not detect the ip 10.2.0.30 as used IP?
Because you have instructed RouterOS to use twice that address...
Actually RouterOS has not all the knowledge to remedy for all the wrong configurations set from user side...
>>> [*] Is it significative that client_1 user a radius attribute Framed-IP-Address to get IP and client_2 uses a local pool?
No.
>>>We detect this behaviour in previous ROS versions.
And also on the future versions...
>>>So, I ask for an improving the PPP server to embrace this requirement.
Simply you can stop to use twice the same address.
Is more easy than to waste resources to make one program to warn you about your error.
Case study A:
User 1 has 1.1.1.1 as IP address, obtained from pool, and is already online.
User 2 has fixed IP 1.1.1.1 on RADIUS, and just try to access.
When User 2 try the access, what ppp must do?
1) Disconnect User 1 and let User 2 go online?
2) Forbidden the access to User 2, because the address is already used?
Case study B:
User 1 has fixed IP 1.1.1.1 on RADIUS, and is already online.
User 2 must obtain one IP address from the pool because it try to access, and from pool user get 1.1.1.1.
When User 2 try the access, what ppp must do?
1) Disconnect User 1 and let User 2 go online with the IP from the pool?
2) Forbidden the access to User 2, because the address is already used from User 1?
Case study C:
For some unspecified reason, .30 must be out of pool.
Simply change the pool:
public-pool = 10.2.0.2 - 10.2.0.29, 10.2.0.31 - 10.2.0.254
Case study D:
The network administrator use separate pools for user with dynamic IP and user with static IP.
No more action or decision required about duplicate IP.
Why INSIDE and not before or after?
>>>public-pool = 10.2.0.2 - 10.2.0.254
why not 10.2.0.3 - 10.2.0.254 ?
>>>client_1 has a fixet publioc IP address = 10.2.0.30
why not 10.2.0.2? and the next 10.2.0.3 etc. reducing consequentially the pool by one?
>>>[*]Why does client_2 hace the same ip address 10.2.0.30 when this IP is used yet? I have a duplicate IP addrees in my network.
Obviously: Because you use twice the same address for the pool and for fix IP address...
>>>[*] Why does ROS not detect the ip 10.2.0.30 as used IP?
Because you have instructed RouterOS to use twice that address...
Actually RouterOS has not all the knowledge to remedy for all the wrong configurations set from user side...
>>> [*] Is it significative that client_1 user a radius attribute Framed-IP-Address to get IP and client_2 uses a local pool?
No.
>>>We detect this behaviour in previous ROS versions.
And also on the future versions...
>>>So, I ask for an improving the PPP server to embrace this requirement.
Simply you can stop to use twice the same address.
Is more easy than to waste resources to make one program to warn you about your error.
Case study A:
User 1 has 1.1.1.1 as IP address, obtained from pool, and is already online.
User 2 has fixed IP 1.1.1.1 on RADIUS, and just try to access.
When User 2 try the access, what ppp must do?
1) Disconnect User 1 and let User 2 go online?
2) Forbidden the access to User 2, because the address is already used?
Case study B:
User 1 has fixed IP 1.1.1.1 on RADIUS, and is already online.
User 2 must obtain one IP address from the pool because it try to access, and from pool user get 1.1.1.1.
When User 2 try the access, what ppp must do?
1) Disconnect User 1 and let User 2 go online with the IP from the pool?
2) Forbidden the access to User 2, because the address is already used from User 1?
Case study C:
For some unspecified reason, .30 must be out of pool.
Simply change the pool:
public-pool = 10.2.0.2 - 10.2.0.29, 10.2.0.31 - 10.2.0.254
Case study D:
The network administrator use separate pools for user with dynamic IP and user with static IP.
No more action or decision required about duplicate IP.
Re: PPPoE service duplicate customer IP
IMHO some use cases are kind of incorrect (case B)...
DHCP server correct behavior:
- Client A has an allocated address of 1.1.1.1 for whatever reason.
- Client B should get 1.1.1.1 from the DHCP pool.
- DHCP server issues an ARP request for 1.1.1.1 on the network and gets an answer, meaning 1.1.1.1 is in use.
- Next address in pool is selected.
- Repeat until a free address is found.
- If none is available, drop the DHCP request.
DHCP server correct behavior:
- Client A has an allocated address of 1.1.1.1 for whatever reason.
- Client B should get 1.1.1.1 from the DHCP pool.
- DHCP server issues an ARP request for 1.1.1.1 on the network and gets an answer, meaning 1.1.1.1 is in use.
- Next address in pool is selected.
- Repeat until a free address is found.
- If none is available, drop the DHCP request.
Re: PPPoE service duplicate customer IP
I have the exactly the same problem
public IP pool is from 10.10.10.10.-10.10.10.20
in radius I have assigned with framed-ip-address
10.10.10.11 - client 1
10.10.10.12 - client 2
10.10.10.13 - client 3
10.10.10.14 - client 4
but some client who just use dynamic IP address from that same pool, pick up sometime IP address from some framed IP clients.
The only solution is to shorten ip pool in mikrotik and remove static IP's from pool.
Just to say, pool is not aware that there is some framed IP addresses from same pool.
public IP pool is from 10.10.10.10.-10.10.10.20
in radius I have assigned with framed-ip-address
10.10.10.11 - client 1
10.10.10.12 - client 2
10.10.10.13 - client 3
10.10.10.14 - client 4
but some client who just use dynamic IP address from that same pool, pick up sometime IP address from some framed IP clients.
The only solution is to shorten ip pool in mikrotik and remove static IP's from pool.
Just to say, pool is not aware that there is some framed IP addresses from same pool.
Re: PPPoE service duplicate customer IP
Manually defining a pool that does not include any statically assigned IP addresses is completely normal, and it's how we've been doing things - since at LEAST the mid 1990s when I got started in this business......
Imagine that you bought season tickets to your favorite team's home games - your seats are your seats for the entire season, even when you can't make it to one particular game. If you arrive at the statdium and someone's in your seat, what are you going to do? If you leave a static IP customer's address as part of a pool, this would be the same as if a stadium sold your seat to another person if you didn't arrive at the stadium 30 minutes before the game.....
It is best practice to ensure that your dynamic pools do not include static assigned addresses.
The "case study C" is exactly how it should be done if a "fragmented" allocation is required.
Imagine that you bought season tickets to your favorite team's home games - your seats are your seats for the entire season, even when you can't make it to one particular game. If you arrive at the statdium and someone's in your seat, what are you going to do? If you leave a static IP customer's address as part of a pool, this would be the same as if a stadium sold your seat to another person if you didn't arrive at the stadium 30 minutes before the game.....
It is best practice to ensure that your dynamic pools do not include static assigned addresses.
These are excellent, excellent, EXCELLENT suggestions. - especially the first one.>>>client_1 has a fixet publioc IP address = 10.2.0.30
why not 10.2.0.2? and the next 10.2.0.3 etc. reducing consequentially the pool by one?
...
Case study C:
For some unspecified reason, .30 must be out of pool.
Simply change the pool:
public-pool = 10.2.0.2 - 10.2.0.29, 10.2.0.31 - 10.2.0.254
The "case study C" is exactly how it should be done if a "fragmented" allocation is required.
Re: PPPoE service duplicate customer IP
What I want to remark is when a static IP is current ly assigned and with traffic in PPP, for example: 10.2.0.30, the PPPoE server assign this same IP to one dynamic client.
PPPeE server should know that IP 10.2.0.30 is been used by a client.
The others issues are opened to disccuss the best strategy.
PPPeE server should know that IP 10.2.0.30 is been used by a client.
The others issues are opened to disccuss the best strategy.
Re: PPPoE service duplicate customer IP
If you use freeradius a radius server, you can do the following:
when you offer the IP for the user, list the item in a temporary table (like successful leases) with a timestamp (like 24hrs) what is longer than the expiry time of the IP. (periodically clear the exipered IPs from the table)
Before offering the new IP, just check the table above against the IP, if the IP is free, offer it.
when you offer the IP for the user, list the item in a temporary table (like successful leases) with a timestamp (like 24hrs) what is longer than the expiry time of the IP. (periodically clear the exipered IPs from the table)
Before offering the new IP, just check the table above against the IP, if the IP is free, offer it.