PPPoE Architecture [solved, thanks to sten & tneumann]

jhambronk · Sat Dec 30, 2006 8:43 am

hi,

i have an architecture of pppoe like this :

+------------------+     +------------+
|    Router to     |     |    Radius  |
|     Internet     |     |   Server   |
+------------------+     +------------+
           |                     |
           |                     |
|========ethernet=====================|
                                   |
                                   |
                         +--------------------+
                         | MT PPPoE Server    |
                         +--------------------+
                                  |
                                  |
                             +----------+
                             |   DSLAM  |
                             +----------+   

                                  |
                                  |
            +-----------------------------------+
          /      PPPoE Clients (DSL Router)    /
         +------------------------------------+

when we are connected from DSL Router, the connection is unstable.

this is the configuration

this is the configuration (MT 2.9.38 ) :

[admin@NexcomPPPoE] ppp profile> print detail
Flags: * - default
0 * name="default" use-compression=default use-vj-compression=default use-encryption=default only-one=default
change-tcp-mss=yes dns-server=x.x.x.x

1 name="nexcom" local-address=10.67.1.1 remote-address=pppoe use-compression=yes use-vj-compression=default
use-encryption=default only-one=yes change-tcp-mss=default rate-limit=512000/128000 dns-server=x.x.x.x

2 * name="default-encryption" use-compression=default use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes rate-limit=384000/64000

[admin@NexcomPPPoE] ppp aaa> print
use-radius: yes
accounting: yes
interim-update: 0s

0 service=ppp called-id="" domain="mydomain" address=x.x.x.x secret="mysecret" authentication-port=1812
accounting-port=1813 timeout=1s200ms accounting-backup=no realm=""


[admin@NexcomPPPoE] interface pppoe-server server> print detail
Flags: X - disabled
0 service-name="nexcom" interface=broadcom max-mtu=1480 max-mru=1480 authentication=pap keepalive-timeout=180
one-session-per-host=yes max-sessions=0 default-profile=nexcom

and my friend told me that i have a wrong architecture, these is he suggested :

+------------------+     
|    Router to     |      
|     Internet     |     
+------------------+     
           |
           |
|=============ethernet===========|                            
           |
           |
+--------------+     +-------------+
|    Iptables  |     |    Radius   |
|       NAT    |     |   Server    |
+--------------+     +-------------+
           |                  |
           |                  |
|===================================ethernet=================================|
                                   |                       |
                                   |                       |
                         +--------------------+       +----------+  
                         | MT PPPoE Server    |       | DSLAM    |
                         +--------------------+       +----------+ 
                                                            |
                                                            |
                                                +------------------------------------+
                                               /      PPPoE Clients (DSL Router)   /
                                             +------------------------------------+

which is the best architecture for this PPPoE? and how about the MT configuration?

thanks before

spire2z · Sat Dec 30, 2006 4:43 pm

Don't see a problem with your first layout. In fact I would have thought it better to use the radius etc on a public IP to be accessed by multiple sites. I run it that way but i'm running PPPoE accross wireless. Maybe it's got something to do with MTU over the ATM(ADSL) network. I know ADSL connections have heavy overhead and often cannot support an MTU above 1400?? You could force a lower MTU perhaps on the MT?

tneumann · Sat Dec 30, 2006 5:05 pm

when we are connected from DSL Router, the connection is not stable.

What does that mean exactly? Can you describe your problems in more detail please?

--Tom

jhambronk · Sun Dec 31, 2006 3:15 am

hi,

when i try to connect with DSL router (PPPoE client), the connection is unstable. when i leave the modem connected (idle). the connection is drop and cannot connect again. need to restart the router to establish the connection again. i set the idle time out = 1 hour. but before 1 hour, the connection is drop.

thanks

jhambronk · Tue Jan 02, 2007 7:23 am

please help

mneumark · Tue Jan 02, 2007 7:47 am

You might want to consider using a ping script that runs every 1 minute or 30 seconds that way it will keep the connection alive.

http://www.mikrotik.com/testdocs/ros/2. ... ipting.php

jhambronk · Tue Jan 02, 2007 8:08 am

i think that's not a good idea,

because when i ping, i'll count to user usage and the user have to pay the ping usage.

maybe ping is only 32bytes. but if i need to ping all day all months....

but thanks anyway

mneumark · Tue Jan 02, 2007 8:46 am

What type of DSL modems are you using?

jhambronk · Tue Jan 02, 2007 9:33 am

we use DLINK 3248 for DSLAM and Dlink 504T for DSL Router

mneumark · Tue Jan 02, 2007 9:35 am

One other quick question. What does the log say on the pppoe server when the client becomes disconnected?

jhambronk · Thu Jan 04, 2007 9:58 am

there is no log, because MT still keeping the session

mneumark · Thu Jan 04, 2007 10:09 am

Ok so i'm not understanding this then. When you have a idle period it wil disconnect no matter how long to set your idle timeout to be. The MT log shows nothing because the session doesn't logout or timeout?

If i'm getting this, it sounds like you are having issues with the dsl router and/or dslam.

jhambronk · Thu Jan 04, 2007 10:54 am

hmmm.....that's a good point....

but when i tried a bridge mode (using DHCP) instead a PPPoE...the connection is steady...we have tried it from 2 days a go...and until now...it still connected...

the problem must be not from the DSLAM or the DSL router....

jhambronk · Wed Jan 10, 2007 4:57 pm

so, back to the first question.

which is the best architecture for the PPPoE

thanks

mneumark · Thu Jan 11, 2007 7:40 am

Well i have pretty close to your first setup. The only difference is the backbone to my internet source is directly plugged into the MT and so is the radius server. They both have their own interface. It works PREFECT and i've never had any issues.

jhambronk · Fri Jan 12, 2007 12:44 pm

hi,

may i see your configuration.

thanks

mneumark · Fri Jan 12, 2007 7:52 pm

I have the following

customers -> MT (PPPoE Server)
MT (PPPoE Server) -> Servers (Radius and DNS)
MT (PPPoE Server) -> Backhaul to internet
MT (PPPoE Server) -> Backup internet source

My MT has 4 interfaces:
1) Customers
2) Backhual
3) Backup Internet
4) NOC Servers (Radius, DNS1, DNS2, and such)

sten · Fri Jan 12, 2007 11:14 pm

hi,

i have an architecture of pppoe like this :

+------------------+     +------------+
|    Router to     |     |    Radius  |
|     Internet     |     |   Server   |
+------------------+     +------------+
           |                     |
           |                     |
|========ethernet=====================|
                                   |
                                   |
                         +--------------------+
                         | MT PPPoE Server    |
                         +--------------------+
                                  |
                                  |
                             +----------+
                             |   DSLAM  |
                             +----------+   

                                  |
                                  |
            +-----------------------------------+
          /      PPPoE Clients (DSL Router)    /
         +------------------------------------+

when we are connected from DSL Router, the connection is unstable.

this is the configuration

this is the configuration (MT 2.9.38 ) :

[admin@NexcomPPPoE] ppp profile> print detail
Flags: * - default
0 * name="default" use-compression=default use-vj-compression=default use-encryption=default only-one=default
change-tcp-mss=yes dns-server=x.x.x.x

1 name="nexcom" local-address=10.67.1.1 remote-address=pppoe use-compression=yes use-vj-compression=default
use-encryption=default only-one=yes change-tcp-mss=default rate-limit=512000/128000 dns-server=x.x.x.x

2 * name="default-encryption" use-compression=default use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes rate-limit=384000/64000

[admin@NexcomPPPoE] ppp aaa> print
use-radius: yes
accounting: yes
interim-update: 0s

0 service=ppp called-id="" domain="mydomain" address=x.x.x.x secret="mysecret" authentication-port=1812
accounting-port=1813 timeout=1s200ms accounting-backup=no realm=""


[admin@NexcomPPPoE] interface pppoe-server server> print detail
Flags: X - disabled
0 service-name="nexcom" interface=broadcom max-mtu=1480 max-mru=1480 authentication=pap keepalive-timeout=180
one-session-per-host=yes max-sessions=0 default-profile=nexcom

and my friend told me that i have a wrong architecture, these is he suggested

Your friend does not know what he is talking about.

Don't do VJ compression as its a red herring with most current implementations. Adjust mtu/mru to a maximum of 1492
Set keepalive timeout to a lower value (otherwise face the implications of higher timeout). Dont do "change-tcp-mss" as this feature has been broken since pre 2.8. It should just adjust the mss when it's too high but it just overwrites the mss (which is utterly broken behavior). You need to enforce users to use 1492 and only 1492. Add three proper mss adjustment rules. Instead add two tcp mss rules in forward chain, Don't permit compression or encryption.

Try, try

jhambronk · Tue Jan 16, 2007 3:53 pm

thanks a lot sten,

now my pppoe server working smoothly.

i have another question, but maybe in new topic

regards

me

PPPoE Architecture [solved, thanks to sten & tneumann]

PPPoE Architecture [solved, thanks to sten & tneumann]

Re: [Newbie] PPPoE Architecture

Re: [Newbie] PPPoE Architecture

Who is online