Page 1 of 1
lan users --> multiple pppoe gateways
Posted: Wed Jan 02, 2013 8:09 pm
by cylent
Ok here goes
I would like your feedback if this is possible with RouterOS on a RB600 (as an example)
To start with I have 16 users at the work location.
Then i have 4 PPPoE accounts for internet access from the provider.
What i want is to create 4 subnets each allowing ONLY 4 (ips) users. so i figured i'd use the /29 network bit.
192.168.1.x/29
192.168.2.x/29
192.168.3.x/29
and
192.168.4.x/29.
this should allow me enough IPs in the /29 network.
Now, when a new user joins he randomly pulls an ip from lets 192.168.1.x/29 until that fills up then the router should give IPs from the next subnet 192.168.2.x/29 and so on.
The most imporatnt part here thats required is each subnet has to have its own PPPoE dialout client login and work on that with its own route and so on.
so for
192.168.1.x/29 we give pppoeDial1 and it has to use that.
192.168.2.x/29 we give pppoeDial2 and it has to use that.
and so on
we dont want a user from 192.168.2.x to be using the internet from 192.168.1.x.
is this workable? if so can you please assist me on how to do this ?
[edit] my current idea is as follows:
- 1 dhcp server with multiple pools each pool with 4 ip limits
i add then a prerouting mangle rule that actions "mark-routing" with a new-mark-routing mark then in the /ip route i select that routing mark
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=192.168.100.x-people passthrough=no src-address=\
192.168.100.0/24
2 obviously set masquerade to the subnets in the pools
3 add the pppoe accounts
and am somewhat still stuck and could use some advise.
please help!
Re: lan users --> multiple pppoe gateways
Posted: Wed Jan 02, 2013 8:51 pm
by CelticComms
You could do something along those lines certainly. You also wopuld have to ensure that the routing table had the appropriate route entries for those routing marks - e.g. a default route entry for the corresponding PPPoE client.
Since what you are proposing seems to assign clients randomly to a PPPoE client for internet access have you considered PCC?
http://wiki.mikrotik.com/wiki/Manual:PCC
Re: lan users --> multiple pppoe gateways
Posted: Wed Jan 02, 2013 8:57 pm
by cylent
i am not sure about pcc.
the thing is each bunch of clients have to go via one pppoe link cause each pppoe link only has so much bandwidth thus the next 3 or 4 people have to be on a different pppoe link.
Re: lan users --> multiple pppoe gateways
Posted: Wed Jan 02, 2013 9:24 pm
by CelticComms
PCC is designed to spread the connection load over multiple streams (PPPoE connections in your case). You should probably at least be aware of the PCC approach before you decide what to use. PCC shares at the connection level which has the advantage that one user can be using multiple PPPoE connections when things are quiet (on different connections) but you still spread the (connection) load when things are busy.
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 12:39 pm
by cylent
heres the problem so far.
one machine would continue working and the would drop yet on the winbox it shows both PPPoE connections (clients) as connected. As if its giving machine B priority and ignoring machine A. They should both be working together.
Yes. All PPPoE connections are going out on the same WAN port but that should be ok.
What am I doing wrong? This has got to be something simple.
this is my configuration:
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=1600 max-message-age=20s mtu=1500 \
name=LAN-Bridge priority=0x8000 protocol-mode=rstp transmit-hold-count=6
/interface bridge port
add bridge=LAN-Bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=LAN-Bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=yes disabled=no interface=WAN max-mru=1480 max-mtu=1480 \
mrru=disabled name=ppp10 password=2764 profile=default service-name="" \
use-peer-dns=no user=ppp1
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=yes disabled=no interface=WAN max-mru=1480 max-mtu=1480 \
mrru=disabled name=ppp20 password=2764 profile=default service-name="" \
use-peer-dns=no user=ppp2
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=yes disabled=no interface=WAN max-mru=1480 max-mtu=1480 \
mrru=disabled name=ppp30 password=2764 profile=default service-name="" \
use-peer-dns=no user=ppp3
/ip address
add address=192.168.10.1/29 disabled=no interface=LAN-Bridge network=\
192.168.10.0
add address=192.168.20.1/29 disabled=no interface=LAN-Bridge network=\
192.168.20.0
add address=192.168.30.1/29 disabled=no interface=LAN-Bridge network=\
192.168.30.0
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no new-routing-mark=10users \
passthrough=no src-address=192.168.10.0/29
add action=mark-routing chain=prerouting disabled=no new-routing-mark=30users \
passthrough=no src-address=192.168.30.0/29
add action=mark-routing chain=prerouting disabled=no new-routing-mark=20users \
passthrough=no src-address=192.168.20.0/29
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ppp10 \
src-address=192.168.10.0/29
add action=masquerade chain=srcnat disabled=no out-interface=ppp30 \
src-address=192.168.30.0/29
add action=masquerade chain=srcnat disabled=no out-interface=ppp20 \
src-address=192.168.20.0/29
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ppp10 routing-mark=\
10users scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ppp20 routing-mark=\
20users scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ppp30 routing-mark=\
20users scope=30 target-scope=10
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 2:25 pm
by CelticComms
I suggest that you add routing entries to the relevant 192.168.x.y subnets with the appropriate routing marks - I have seen weird things happen without such routes when using mangle to mark routing.
Incidentally, are all those PPPoE clients being serviced by the same host? The typical problem with multiple PPPoE sessions in one broadcast domain is that unless the service name is specified the startup process will see the PPPoE clients trying their user/pwd combination on the first service to respond and it can take some time for all the clients to find their corresponding service.
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 2:34 pm
by cylent
I suggest that you add routing entries to the relevant 192.168.x.y subnets with the appropriate routing marks
I don't understand can u pls show example
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 4:47 pm
by CelticComms
e.g.
add disabled=no distance=1 dst-address=192.168.10.0/29 gateway=LAN-Bridge routing-mark=\
10users scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.20.0/29 gateway=LAN-Bridge routing-mark=\
20users scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.30.0/29 gateway=LAN-Bridge routing-mark=\
30users scope=30 target-scope=10
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 7:26 pm
by cylent
e.g.
add disabled=no distance=1 dst-address=192.168.10.0/29 gateway=LAN-Bridge routing-mark=\
10users scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.20.0/29 gateway=LAN-Bridge routing-mark=\
20users scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.30.0/29 gateway=LAN-Bridge routing-mark=\
30users scope=30 target-scope=10
Thats exactly what i was doing. the only thing you changed in that example is the gateway which would be invalid ... because i need to use the pppoe client connections as gateways.
still makes no sense ... why one pc gets the internet then stops then the other gets it.
yet by looking at the pppoe connections are all active.
it should be routing traffic through both at the same time.
Incidentally, are all those PPPoE clients being serviced by the same host? The typical problem with multiple PPPoE sessions in one broadcast domain is that unless the service name is specified the startup process will see the PPPoE clients trying their user/pwd combination on the first service to respond and it can take some time for all the clients to find their corresponding service.
this would be an issue if there were multiple pppoe hosts. i guess it wouldnt hurt to try adding the service name.
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 8:18 pm
by CelticComms
Thats exactly what i was doing. the only thing you changed in that example is the gateway which would be invalid ... because i need to use the pppoe client connections as gateways.
.
No. These entries are placing rules in the relevant routing table to provide a path back the the originating IPs.
In theory if a route does not exist for a path with the relevant routing mark the router will look for a "no mark" route but I have seen cases where a system only worked as expected once the entries for the return traffic were made as above.
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 8:33 pm
by cylent
i appreciate you assisting me on this issue, CelticComms
lets pause on that routing issue for a minute and delve into the dhcp networks one.
obviously i'd want a dhcp server with multiple pools to server the users.
i can setup a dhcp server with a starting pool and have pool1 be next and pool2 and so on.
pool 1 would be 192.168.10.2-192.168.10.5
next
pool 2 would be 192.168.20.2-192.168.20.5
next
pool 3 would be 192.168.30.2-192.168.30.5
heres where the problem comes in. on the Networks tab in the dhcp server confiuration i obviously can setup a network for 192.168.10.x and 192.168.20.x and 192.168.30.x with the correct configuration however... will the router assign people it gives the 192.168.10.3 address the correct network config?
example if the router gives ip 192.168.10.3 and then gives gateway 20.1 or how would that work?
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 8:48 pm
by CelticComms
Indeed it should, but let's roll back a bit further. Why place the 3 ranges on different subnets? You could have 3 pools within the same subnet which means the same gateway and then just mark routing using mangle rules which have the Src. Address set to a range such as 192.168.10.1-192.168.10.x . If you are using Winbox you can type a hyphenated range into the Src. Address box....
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 9:09 pm
by cylent
part1:ok great i'll have to try again.
i figured each subnet would be a pppoe-out connection. and it makes life easier on the mangle and nat rules in the src address box.
for each subnet i want to have 3 pcs (192.168.10.2-192.168.10.5) 20.2-20.5 and so on.
i am not sure i follow you on one subnet how i could do that...
but ya itd be a deal breaker if the router assigns 192.168.10.4 to a pc and gives them a gateway of 192.168.20.1... but youre saying it should be ok with the networks configured correctly.
part2: on a side note i made a weird discovery. my issue with one pc losing internet and the other continuing maybe something to do with the rb600a router. because at home i have done the same test project but with a rb2011 router and i didnt notice the "interruptions". maybe the router is to blame. i'd need to do more tests. not 100% sure on this. i hope i am right and the rb2011 works.
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 9:42 pm
by CelticComms
As far as I see the 3 different subnets are all on the same physical network so quite what purpose they server is a mystery to me.
You can specify IP ranges in the Src Address field of a mangle rule - so why not keep it simply and just use one subnet? I suspect that you went down that path because you didn't know that the Src Address field in the mangle rule can take an IP range (e.g. 192.168.10.2-192.168.10.4) - not just a single address or subnet.
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 10:47 pm
by cylent
As far as I see the 3 different subnets are all on the same physical network so quite what purpose they server is a mystery to me.
You can specify IP ranges in the Src Address field of a mangle rule - so why not keep it simply and just use one subnet? I suspect that you went down that path because you didn't know that the Src Address field in the mangle rule can take an IP range (e.g. 192.168.10.2-192.168.10.4) - not just a single address or subnet.
The reason is each pppoe-out (gateway) connection only has enough bandwidth to support 2-3 pcs thus the subnetting.
and no i didnt know i can do ip ranges in the "Src Address" field. It still shouldnt matter though cause subnets should be ok.
i have to do about 30 pppoe-out gateways so thats another reason why subnets maybe a good idea. 192.168.10.x 192.160.20.x and so on. until i run out.
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 11:26 pm
by CelticComms
The reason is each pppoe-out (gateway) connection only has enough bandwidth to support 2-3 pcs thus the subnetting.
OK - so you want to share the traffic over the PPPoE connections, but from what you have said so far you don't need to create multiple subnets in order to do that! You can simply use IP ranges in the Mangle Src Address fields. Each subnet you add means another gateway entry and another network entry - more opportunities for typos..... and all I am saying is that I have not seen any justification for that approach.
Quite separately you should probably look at PCC anyway.....
Re: lan users --> multiple pppoe gateways
Posted: Thu Jan 03, 2013 11:36 pm
by cylent
ok ok ok now i understand.
one subnet 192.168.10.0/24 and separate mangle rules with "src-address=192.168.10.2-192.168.10.5" for each mangle rule and then go with that.
this is great! no need to worry about dhcp problems and only one gateway as you said.
i'll proceed to try this.
in reference to pcc. i dont know how to even start ... i read and watched some youtube demos and still cant grasp it.
can i give pcc 30 pppoe connections and have it work with that? its vital that no pppoe connection take on more than 3 pcs max!
Re: lan users --> multiple pppoe gateways
Posted: Fri Jan 04, 2013 2:02 pm
by cylent
Ok i rearranged everything into one subnet.
still having the same 1 pc pauses while another goes then the other pauses.
my question is in the nat rules do i have to specify the "out-interface" to be the pppoe-out connection corresponding to that rule?
also in the mangle rules should the in-interface be set also to the local-lan interface?
i left them empty because i figured in the routing they are set per the routing rules.
yet still having issues.
Re: lan users --> multiple pppoe gateways
Posted: Fri Jan 04, 2013 4:46 pm
by cylent
i am so happy i found the problem.
on my test pppoe server i had "one session per host" selected and thus it wasnt allowing multiple pppoe sessions to work at the same time.
now my fear is the ISP may have that option selected also and i am probably sure they do.
is there a way to have each pppoe client create a new "mac address" so that they pppoe server sees a different host?