Community discussions

MikroTik App
 
RealMcCoy
just joined
Topic Author
Posts: 4
Joined: Thu Apr 21, 2022 5:19 am

Filter duplicate packages from broadcast mode bonding

Thu Apr 21, 2022 12:41 pm

Hello everyone,
I have the following situation. I have two Mikrotik routers, one RB5009 and a RB450GX4. They are connected via a IP over radio link, which sees some package loss. I want to make sure that package losses are minimal/none and do so without adding any significant latency (anything more than ~20 ms). My idea now was to add a second radio link, bond both interfaces together and use broadcast mode, to always get a package (assuming that package losses are independent between the links). I was experimenting with the above setup (note, that current experiments are done with cable connections between both routers), and found that this setup is working, but I am now getting duplicate packages when both links are operating. This is inline with the standard behaviour of the linux bonding driver, so no surprises here.
However, I do not want to have duplicate packages, so I am looking for a way to remove them. My current idea is to encapsulate the traffic going over the bonding interface and utilise the encapsulation to remove the duplicate packages. So far I have tried EOIP, but to no avail. The extended GRE header features an optional sequence number, and then drops out of order packages, which would solve my issue. I haven't tested this option yet, but the UI for GRE does not show anything about using the optional sequence, so I am not sure if this is implemented.

So, my questions are: Is the sequence feature part of the GRE or EOIP implementation of Mikrotik?
Is this generally the right way to get rid of duplicate packages or is there something else I could try as well?
And lastly, is there maybe a different way of achieving the redundancy needed (currently I am not interested in the other bonding modes, as they add too much extra time for switching between links)?

Cheers,
McCoy
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Filter duplicate packages from broadcast mode bonding

Thu Apr 21, 2022 9:53 pm

L2TP might filter duplicates, you can use BCP mode to transport at L2, but I have never tried to use it this way.

No sequence numbers in GRE, let alone EoIP, which also misuses the 4 bytes of tunnel ID by using only 2 bytes for tunnel ID and the other 2 bytes for payload frame size, so firewalls identifying GRE connections by tunnel ID get confused.
 
RealMcCoy
just joined
Topic Author
Posts: 4
Joined: Thu Apr 21, 2022 5:19 am

Re: Filter duplicate packages from broadcast mode bonding

Fri Apr 22, 2022 6:00 am

Hey sindy,
thanks for your reply. I have set up a tunnel with L2TP, unfortunately the duplicate packages are not filtered. According to https://man7.org/linux/man-pages/man8/ip-l2tp.8.html the seq configuration defaults to none, and I seem to cannot change this setting from UI. Trying to change it via CLI also throws an error, so it seems to not be accessible via routeros.
 
RealMcCoy
just joined
Topic Author
Posts: 4
Joined: Thu Apr 21, 2022 5:19 am

Re: Filter duplicate packages from broadcast mode bonding

Fri Apr 22, 2022 8:10 am

Thanks for the input re:L2TP, this made me look at IPSEC which inherently has to filter duplicates, to prevent replay attacks. I then created a wireguard interface, running over the broadcast interface which works as intended. All duplicates are filtered out now.
 
papaki
just joined
Posts: 7
Joined: Thu Aug 29, 2013 5:39 pm

Re: Filter duplicate packages from broadcast mode bonding

Sat May 07, 2022 5:26 pm

Broadcast bonding is an excellent and very useful tool, but without duplicate filtering, it is completely useless.
I would expect the RouterOS itself to filter out the duplicates at the remote side. This is a huge boo-boo.
How can we fix this?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Filter duplicate packages from broadcast mode bonding

Sat May 07, 2022 6:05 pm

There is no way to "fix" this at the level of the bonding implementation, as bonding doesn't add any field to the frames being broadcast that would allow to identify the duplicates. Adding such a field would make the RouterOS implementation of bonding incompatible with other ones and would require fragmentation of frames that max out the L2MTU of the interfaces.

So the only available way to filter the duplicates is the one suggested by @RealMcCoy, i.e. to use a VPN protocol that uses replay protection. With IPsec in particular, it is possible to use null encryption to reduce CPU usage if the only purpose it the removal of duplicates.
 
papaki
just joined
Posts: 7
Joined: Thu Aug 29, 2013 5:39 pm

Re: Filter duplicate packages from broadcast mode bonding

Fri May 13, 2022 7:28 pm

I wouldn't complain if Mikrotik offered a proprietary bonding protocol / encapsulation / whatever :-)
Also, if I'm not mistaken, the solution implemented by @RealMcCoy, cannot work over a bridged network; it needs a routed network.

Who is online

Users browsing this forum: No registered users and 73 guests