Community discussions

MikroTik App
 
TheWeegee
just joined
Topic Author
Posts: 6
Joined: Fri Sep 03, 2021 6:20 pm

Using RB5009 in bridge mode

Sat Apr 13, 2024 12:28 pm

Hello,

I was recently given an RB5009 as my current Ubiquiti device blows with PPPoE and fiber, and is dropping a considerable amount of performance. I was told to put the RB5009 in bridge mode and let it create the PPPoE connection, and then put the other router behind it in DHCP mode to let it get the IP and avoid double NAT shenanigans. I can successfully use the RB5009 in router mode and get a connection and get full 2,5G down, but once in bridge mode it will not forward the IP to the second router in DHCP mode. Been reading the docs and some other places on the internet that "supposedly", mikrotik bridge mode is not a classic bridge mode, which to me sounds sus. What's the correct way to get this work?

Again, setup is ONT -> Rb50009 (bridge mode, handle PPPoE) -> second router in DHCP (avoid double NAT) -> clients/lan/rest of network
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11770
Joined: Thu Mar 03, 2016 10:23 pm

Re: Using RB5009 in bridge mode

Sat Apr 13, 2024 4:25 pm

PPPoE can't really be in bridge mode because bridge is L2 and PPPoE is L3. IP address is "integral part" of L3 interface, it can't be "forwarded" elsewhere.

What usually "put in bridge mode" means is that that device is L2-transparrent ... passing either DHCP handshake or PPOoE frames left and right. Any (dumb) ethernet switch does this perfectly.

The reason for popularity of "bridge mode" on ISP devices is that those often work with "weird" L1 technology on WAN side (e.g. xDSL, DOCSIS, GPON, etc.) which many "off the shelf" home routers can't. So when put in bridge mode, those ISP devices act only as (large and expensive) media converters between "weird" L1 technology and UTP (where both sides transport normal ethernet frames as L2 protocol). ONT is a bit more than simple media converter, usually it also does authentication (I'm talking about simple ONT devices, some are ONT/router combo).

So I wonder what makes connection of "second router" directly to ONT impossible/impractical?
 
TheWeegee
just joined
Topic Author
Posts: 6
Joined: Fri Sep 03, 2021 6:20 pm

Re: Using RB5009 in bridge mode

Sat Apr 13, 2024 5:50 pm

If you read the post you would have noticed I said the performance is awful and there is loss.

I was told to put another device in front of this router since it can't handle the performance over PPPoE or to deal with it, I was given this RB5009 and told it could be bridged to handle the WAN and give it back to the second router behind it in DHCP mode and it would acquire the WAN. Even Ubuiqiti support told me to put the router in DHCP and put another router in front of it to be the main PPPoE interface.

If you're telling me that's not possible then I will gladly give this device back since I'm not ready to ditch my entire Unifi system just yet, I was testing a potential stop gap.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19765
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Using RB5009 in bridge mode

Sat Apr 13, 2024 6:22 pm

What you need to figure out or tell us, is what is the internet signal coming from?
Does the ISP provide a modem or ONT, from which an ethernet cable is used to connection to the RB5009?

If so, then the RB5009 can do everything you need and you should throw the second router into the garbage, (or use it as a back up )
 
infabo
Forum Veteran
Forum Veteran
Posts: 780
Joined: Thu Nov 12, 2020 12:07 pm

Re: Using RB5009 in bridge mode

Sat Apr 13, 2024 7:36 pm

Again, setup is ONT -> Rb50009 (bridge mode, handle PPPoE) -> second router in DHCP (avoid double NAT) -> clients/lan/rest of network
why this second router?
 
TheWeegee
just joined
Topic Author
Posts: 6
Joined: Fri Sep 03, 2021 6:20 pm

Re: Using RB5009 in bridge mode

Thu Apr 18, 2024 12:57 pm

To answer everyone's question, because I've had a dream machine pro for the last 4-5 years and now that I upgraded from gigabit to 2,5, the pppoe performance is awful leaving a gigabit on the table in loss (~40%). Before I gave up on Ubiquiti completely, I got hold of an Rb5009 and was told I could put it in bridge, setup pppoe and with the dream machine pro in DHCP mode it would acquire the IP from the mikrotik and avoid the performance issues. I have a large unifi environment, including LTE failover, and at the moment I can't replace everything and budget this upgrade/switch until the summer, so I was trying to guinea pig this setup into holding me over until I make a decision.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1131
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Using RB5009 in bridge mode

Thu Apr 18, 2024 11:03 pm

You only need ISP/ONT <-> (PPPoE) Rb50009 <-> LAN (unless the 'second router' has a magical feature set you can't live without). The Rb50009 will manage both PPP and DHCP.
 
almdandi
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Sun May 03, 2015 5:22 pm

Re: Using RB5009 in bridge mode

Fri Apr 19, 2024 4:03 am

I think TheWeegee is asking for a way to offload only the pppoe stuff to the RB5009 and than pass through the public ip by dhcp to the UDM. The UDM should stay because his whole network is build around Unifi.

I think this should be possible with two VRF instances and two mangle rules.

Not teste btw.
/ip vrf
add interfaces=pppoe-out1 name=vrf-wan
add interfaces=ether2 name=vrf-lan
/ip address
add address=100.64.1.1/24 interface=ether2 network=100.64.1.0
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!100.64.1.1 in-interface=ether2 log=yes log-prefix=LAN new-routing-mark=vrf-wan passthrough=no
add action=mark-routing chain=prerouting in-interface=pppoe-out1 new-routing-mark=vrf-lan passthrough=no
/ip dhcp-server
add add-arp=yes interface=ether2 name=server-lan
/ip dhcp-server lease
add address=<public ip> mac-address=<mac of UDM> server=server-lan
 
TheWeegee
just joined
Topic Author
Posts: 6
Joined: Fri Sep 03, 2021 6:20 pm

Re: Using RB5009 in bridge mode

Fri Apr 19, 2024 6:04 pm

I think TheWeegee is asking for a way to offload only the pppoe stuff to the RB5009 and than pass through the public ip by dhcp to the UDM. The UDM should stay because his whole network is build around Unifi.

I think this should be possible with two VRF instances and two mangle rules.

Not teste btw.
/ip vrf
add interfaces=pppoe-out1 name=vrf-wan
add interfaces=ether2 name=vrf-lan
/ip address
add address=100.64.1.1/24 interface=ether2 network=100.64.1.0
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!100.64.1.1 in-interface=ether2 log=yes log-prefix=LAN new-routing-mark=vrf-wan passthrough=no
add action=mark-routing chain=prerouting in-interface=pppoe-out1 new-routing-mark=vrf-lan passthrough=no
/ip dhcp-server
add add-arp=yes interface=ether2 name=server-lan
/ip dhcp-server lease
add address=<public ip> mac-address=<mac of UDM> server=server-lan
This is the closest I've managed to get it to work, PPPoE is up but once I do this ping timeouts all the time saying no route to host, and while it says my public ISP IP is bound to my UDM and "working", the DHCP for server-lan is red and I have no traffic activity in interfaces for the SFP port which I'm using instead of ether2. What you described makes sense, I guess I've been accustomed to easy-mode with GUIs for far too long.
 
almdandi
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Sun May 03, 2015 5:22 pm

Re: Using RB5009 in bridge mode  [SOLVED]

Sat Apr 20, 2024 1:49 am

Maybe you should share the config with
export hide-sensitive

Also i missed something in the last post. You need to also add a route to your public ip in the "vrf-lan" instance.
add dst-address=<public ip> gateway=ether2@vrf-lan routing-table=vrf-lan

This should work. 100.64.0.24 is the public ip in this example.
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ont
set [ find default-name=ether2 ] name=ether2-udmp
set [ find default-name=ether3 ] name=ether3-lan
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-ont name=pppoe-out1 user=user1
/ip dhcp-server
add add-arp=yes interface=ether2-udmp lease-time=5m name=server-lan
/ip vrf
add interfaces=pppoe-out1 name=vrf-wan
add interfaces=ether2-udmp name=vrf-lan
/ip address
add address=100.64.1.1 interface=ether2-udmp network=100.64.1.1
/ip dhcp-client
add interface=ether3-lan
/ip dhcp-server lease
add address=100.64.0.24 mac-address=0C:48:07:B6:00:00 server=server-lan
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!100.64.1.1 in-interface=ether2-udmp log-prefix=LAN new-routing-mark=vrf-wan passthrough=yes
add action=mark-routing chain=prerouting in-interface=pppoe-out1 new-routing-mark=vrf-lan passthrough=yes
/ip route
add dst-address=100.64.0.24 gateway=ether2-udmp@vrf-lan routing-table=vrf-lan
/system identity
set name=PPPoE-Client

A red marked dhcp server usually means that the dhcp server interface is on a slave port, e.g. form a bridge, or the port is disabled.

A problem that could also occur is, if you have a dynamic IPv4 address via pppoe because the the dhcp lease will not automatically change. But this could be easily solved with scripting.
 
rplant
Member
Member
Posts: 347
Joined: Fri Sep 29, 2017 11:42 am

Re: Using RB5009 in bridge mode

Sat Apr 20, 2024 3:28 am

Also i missed something in the last post. You need to also add a route to your public ip in the "vrf-lan" instance.
add dst-address=<public ip> gateway=ether2@vrf-lan routing-table=vrf-lan

A problem that could also occur is, if you have a dynamic IPv4 address via pppoe because the the dhcp lease will not automatically change. But this could be easily solved with scripting.
I had a play with this and it works, with a bit of fiddling. Cool :)

Note on mine I also added the following (The dhcp client I am using is windows 10 though)

/ip dhcp-server network
add address=STATIC_PPPOE_IP/32 comment="for pppoe passthru" dns-server=\
DNS_SERVER_IP gateway=100.64.1.1

I thought about some scripting for dynamic IP, and discovered (again) there is no on-Up Script functionality in the pppoe client :(
 
CGGXANNX
Member Candidate
Member Candidate
Posts: 132
Joined: Thu Dec 21, 2023 6:45 pm

Re: Using RB5009 in bridge mode

Sat Apr 20, 2024 6:41 am

I thought about some scripting for dynamic IP, and discovered (again) there is no on-Up Script functionality in the pppoe client :(
But there is. You just have to go to PPP -> Profiles, and make a new one (or a copy of default). In the profile you can put your On Up/On Down scripts. Next step is to edit the pppoe-out interface to use the new profie.
 
almdandi
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Sun May 03, 2015 5:22 pm

Re: Using RB5009 in bridge mode

Sat Apr 20, 2024 3:52 pm

Note on mine I also added the following (The dhcp client I am using is windows 10 though)

/ip dhcp-server network
add address=STATIC_PPPOE_IP/32 comment="for pppoe passthru" dns-server=\
DNS_SERVER_IP gateway=100.64.1.1
Yeah for a Windows 10 client this shoud be fine but for a router i would specify a public dns resolver manuell on the pass through device. Cascading dns resolvers with there own cache is a bad idea in my opinion.

I think this should do the trick. passMACAddress can be empty. Then the first device asking for an ip will get the public ip. Change to the /ip/dhcp/network, for example to the dns server, are persistent.

UP Script
:local passInterface "ether2-udmp";
:local passMACAddress "0C:48:07:B6:00:00";

### Internal varaibles

:local ip $"local-address";
:local passVRFName [ /ip/vrf/get [ find interfaces=$passInterface ] name ];
:local dhcpServerName [ /ip/dhcp-server/get [ find interface=$passInterface ] name ];
:local ipPoolName "pass-through-ip";
:local gatewayVRF ($passInterface . "@" . $passVRFName);
:local gatewayAddressCidr [ /ip/address/get [ ( [ find interface=ether2-udmp]->0 ) ] address ];
:local gatewayAddress [ :pick $gatewayAddressCidr 0 [ :find $gatewayAddressCidr "/" ] ];
:local dhcpServerPool [ /ip/dhcp-server/get [ find interface=$passInterface ] address-pool ];
:local commentIdentifier "pppoe pass through script";

### Code

/ip/dhcp-server/lease/remove [ find server=$dhcpServerName ];
/log/info message="Removing old dhcp leases from server $dhcpServerName";

:if ( [ :len $passMACAddress ] = 0 ) do={

    :if ( $dhcpServerPool = "static-only" ) do={
    
        /ip/pool/add name=$ipPoolName ranges=$ip;
        /ip/dhcp-server/set [ find interface=$passInterface ] address-pool=$ipPoolName;
    } else={
        /ip/pool/set [ find name=$dhcpServerPool ] ranges=$ip;
    }
    
    /log/info message="Updated dhcp range to $ip";
    
} else={
    /ip/dhcp-server/lease/add server=$dhcpServerName mac-address=$passMACAddress address=$ip;
    /ip/dhcp-server/set [ find interface=$passInterface ] address-pool="static-only";
    /ip/pool/remove [ find name=$ipPoolName ];
    /log/info message="Added dhcp lease for pass through device ($passMACAddress)";
}

:local dhcpNetworks [ /ip/dhcp-server/network/find comment=$commentIdentifier ];

:if ( [ :len $dhcpNetworks ] > 0) do={
    
    :local first [ :toid ($dhcpNetworks->0)];
    /ip/dhcp-server/network/remove [ find comment!=$commentIdentifier address="$ip/32" ];
    /ip/dhcp-server/network/set $first address="$ip/32" comment=$commentIdentifier gateway=$gatewayAddress netmask=32
} else={
    /ip/dhcp-server/network/add comment=$commentIdentifier address="$ip/32" gateway=$gatewayAddress netmask=32;
}

/ip/dhcp-server/network/remove [ find comment=$commentIdentifier address!="$ip/32" ];

/ip/route/remove [ find routing-table=$passVRFName static=yes ];
/ip/route/add dst-address=$ip gateway=$gatewayVRF routing-table=$passVRFName;

/ip/dhcp-server/enable [ find interface=$passInterface disabled=yes ];

Down Script
:local passInterface "ether2-udmp";

## Code

/ip/dhcp-server/disable [ find interface=$passInterface disabled=no ]
 
TheWeegee
just joined
Topic Author
Posts: 6
Joined: Fri Sep 03, 2021 6:20 pm

Re: Using RB5009 in bridge mode

Sat Apr 20, 2024 4:32 pm

That works thanks. Ironically this proved either the UDM itself is a hunk of junk or mine being a first day one is a hunk of junk as htop paints a grim picture with CPU usage even in DHCP mode. I will admit I did not give this the time and energy it deserved and could have figure that out myself, my head has been full steam ahead in dealing with a non IT related issue so I did not give this setup much love over the last few weeks.
 
rplant
Member
Member
Posts: 347
Joined: Fri Sep 29, 2017 11:42 am

Re: Using RB5009 in bridge mode

Sun Apr 21, 2024 12:26 pm

But there is. You just have to go to PPP -> Profiles, and make a new one (or a copy of default)
Yay, Thank you :)

Who is online

Users browsing this forum: esebm, renierwoo and 30 guests