Community discussions

MikroTik App
 
upower3
Member
Member
Topic Author
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Way to Internet via EoIP is broken for MTU issue?

Fri Jul 07, 2017 10:15 am

Frankly I'm still sure it is my own misunderstanding of MTU along the path, but looks like I need some magic spell to fix it, so I decided to ask:

I have two MT routers in different locations (no direct link between, only via WAN), and we migrate from one location to another. We'd like to keep the same LAN addresses in new location, too. The idea was to create virtual L2 link between routers so we can share the same LAN subnet in both LANs, then move devices from one location to another one by one.

So I set up EoIP link between these routers (for simplicity let's say there is no IPSec, just a EoIP as pure L2 link). As indented, I added these eoip-tunnel's to bridges on both router (LAN IPs are on these bridges, and in both locations we use the IPs from the same LAN subnets), after that hosts behind first router were able to see second router and hosts behind it (at least pings went ok).

But when I try to set up default gateway for host at first location to IP of the router at second location (so default gateway become behind of eoip tunnel) it won't work. I try to set mangle rule for eoip tunnel to change MTU but got error that I have to set up that rule on master interface which is bridge, which is not what I want.

MTU of WAN link is 1500, MTU of eoip tunnel is 1458. Where should I add the rule to fix the issue?
 
andriys
Forum Guru
Forum Guru
Posts: 1543
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Way to Internet via EoIP is broken for MTU issue?

Fri Jul 07, 2017 1:29 pm

Where should I add the rule to fix the issue?
I don't think this is easily doable.

I would simply set MTU of your EoIP tunnel to 1500 and made sure the fragmentation is allowed. That of course (potentially) means some performance penalties, but we are talking about a temporary setup anyways, right?
 
upower3
Member
Member
Topic Author
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: Way to Internet via EoIP is broken for MTU issue?

Fri Jul 07, 2017 3:05 pm

I would simply set MTU of your EoIP tunnel to 1500 and made sure the fragmentation is allowed. That of course (potentially) means some performance penalties, but we are talking about a temporary setup anyways, right?
Have done this, no luck: eoip MTU is 1500, "Dont fragment" set to "no", "Clamp TCP MSS" is checked, allow fast path is unchecked (all this is on both sides), but web sites still won't open via this link.

May I should play with "Clamp"?
 
troffasky
Member
Member
Posts: 436
Joined: Wed Mar 26, 2014 4:37 pm

Re: Way to Internet via EoIP is broken for MTU issue?

Sat Jul 08, 2017 9:20 am

You're going to have to give more detailed diagnostic information than "web sites still won't open" if you want a useful response. What troubleshooting have you tried and what was the outcome?
 
upower3
Member
Member
Topic Author
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: Way to Internet via EoIP is broken for MTU issue?

Sat Jul 08, 2017 7:23 pm

You're going to have to give more detailed diagnostic information than "web sites still won't open" if you want a useful response. What troubleshooting have you tried and what was the outcome?
I did some tests and I saw packets arrived broken.
But as a result, looks like all issues were introduced with FastTrack. Before I disabled fasttrack rules on firewall I was able o see changes made by me won't actually change anything in traffic.

My idea was this: as I mark connection as fasttrack, all following processing will be done until the connection end without any chance to change anything. So even when I change tunnel MTU etc in fact the connection it won't affect the connection.

Sounds silly but as I disabled fasttrack the problem went away.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: Way to Internet via EoIP is broken for MTU issue?

Tue Jul 11, 2017 5:32 am

You're going to have to give more detailed diagnostic information than "web sites still won't open" if you want a useful response. What troubleshooting have you tried and what was the outcome?
I did some tests and I saw packets arrived broken.
But as a result, looks like all issues were introduced with FastTrack. Before I disabled fasttrack rules on firewall I was able o see changes made by me won't actually change anything in traffic.

My idea was this: as I mark connection as fasttrack, all following processing will be done until the connection end without any chance to change anything. So even when I change tunnel MTU etc in fact the connection it won't affect the connection.

Sounds silly but as I disabled fasttrack the problem went away.
My recent tests, and previous posts from Mikrotik support, suggest to me that the normal behaviour of EoIP is that you can't get 1500 true MTU if the tunnel is layer 2 bridged on both ends instead of routed?

EDIT: Ignore what I said above. I'm glad I found this thread, yes it does actually work, I apparently misunderstood an old post from two years ago thinking it wouldn't, was a problem with my configuration when I tested it.

Who is online

Users browsing this forum: CGGXANNX and 18 guests