MikroTik

Good day,

I have a problem with two different routers and multiple setups where they simply do not allow more than 9 concurrent/simultaneous connections at once. More than 9 connects with certain setups but only 9 physically routes actually works.

Setup1 - RB2011UiAS
ether1 - uplink
ether2,3,4 - running PPPoE servers and has sectors connected to it

Setup2 - RB2011UiAS
ether1 - uplink
ether2,3,4 - running a bridge with rstp and one PPPoE server
ether2-4 has sectors connected to it

Setup3 - RB2011UiAS & x86
on 2011:
ether1 - uplink
ether2-4 - Bridge with EoIP tunnel to x86 bridge.
sfp1 link to x86 ether1
on x86:
ether1- sfp1 of RB2011
ether2 - Internal servers (helpdesk, DNS Billing etc.)
PPPoEBridge - EoIP tunnel to 2011 bridge for ether2-4 of RB2011

The main reason for the last setup is the x86 is much stronger than the 2011. This is why I want to run the PPPoE and main firewalling on it. I use BIND for the internal DNS server which is also setup to be a root caching server (no the DNS server in Mikrotik gives way too much problems).

The problem I have on all of these setups is that only 9 PPPoE connections are allowed to talk at any given time. The rest is simply blocked and not allowed.

RaynoP
[Ticket#2014061766000479] RE: PPPoE server issues

Interesting to see that support does nothing about this and no one else has this problem. We cannot afford any more downtime and will invest in other hardware.

You would get more help if you posted some info that will help troubleshoot this.

Please post the output of these commands from all routers with the problems:
/int exp com
/ppp exp com

Feel free to hide the sensitive information.

I appreciate the fact you mention, would be nice if someone asked. I honestly though that looking at the problem at hand someone will be able to assist. Only 9 connections is allowed.

As soon as I can get into the router again I will post your request.

Hi there,

[RaynoP@Aslan] > int exp com
# jun/24/2014 11:58:57 by RouterOS 6.15
# software id = TMU1
#
/interface bridge
add l2mtu=1598 name=Bridge-Sectors
add l2mtu=1598 name=Bridge-Uplink
add name=Lo0
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Uplink
set [ find default-name=ether2 ] name=ether2-SectorE
set [ find default-name=ether3 ] name=ether3-SectorN
set [ find default-name=ether4 ] name=ether4-SectorW
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6 name=ether10-VircosHQ
/interface l2tp-server
add name=l2tp-Necsa user=Necsa
/interface eoip
add clamp-tcp-mss=yes mac-address=02:1B:20:88:21:CA mtu=1500 name=eoip-Sectors1 \
remote-address=10.0.0.1 tunnel-id=101
add clamp-tcp-mss=yes mac-address=02:47:6A:9D:77:46 mtu=1500 name=eoip-Uplink1 \
remote-address=10.0.0.1 tunnel-id=1
/interface bridge port
add bridge=Bridge-Sectors interface=ether2-SectorE
add bridge=Bridge-Sectors disabled=yes interface=ether3-SectorN
add bridge=Bridge-Sectors disabled=yes interface=ether4-SectorW
add bridge=Bridge-Uplink interface=eoip-Uplink1
add bridge=Bridge-Uplink interface=ether1-Uplink
add bridge=Bridge-Sectors interface=eoip-Sectors1
/interface l2tp-server server
set authentication=chap enabled=yes
/interface pppoe-server server
add authentication=pap,chap default-profile=Sector disabled=no interface=\
ether3-SectorN keepalive-timeout=60 max-mru=1492 max-mtu=1492 mrru=1600 \
service-name=Internet
add authentication=pap,chap default-profile=Sector disabled=no interface=\
ether4-SectorW keepalive-timeout=60 max-mru=1492 max-mtu=1492 mrru=1600 \
service-name=Internet

[RaynoP@Aslan] > pp exp com
# jun/24/2014 12:00:16 by RouterOS 6.15
# software id = TMU1
#
/ppp profile
add name=1M-Async-NAT rate-limit=2M/8M use-ipv6=default
add name=4M-Async-NAT rate-limit=2M/8M use-ipv6=default
add change-tcp-mss=yes dns-server=10.0.2.248 local-address=10.20.31.1 name=\
Sector only-one=no remote-address=RemoteAddr use-compression=no \
use-encryption=no use-ipv6=no use-mpls=no use-vj-compression=no
/ppp secret
add name=3686 password=uc9 profile=1M-Async-NAT service=pppoe
add name=3880 password=3e6 profile=4M-Async-NAT service=pppoe
add name=3888 password=hEp profile=4M-Async-NAT service=pppoe
add name=3995 password=wu4 profile=4M-Async-NAT service=pppoe
add name=3675 password=eth profile=1M-Async-NAT service=pppoe
add name=3688 password=rAk profile=1M-Async-NAT service=pppoe
add name=3735 password=E8U profile=4M-Async-NAT service=pppoe
add name=3804 password=uv8 profile=4M-Async-NAT service=pppoe
add name=3909 password=aTh profile=4M-Async-NAT service=pppoe
add name=3937 password=UcA profile=4M-Async-NAT service=pppoe
add name=3948 password=ere profile=4M-Async-NAT service=pppoe
add name=3959 password=rAf profile=4M-Async-NAT service=pppoe
add name=3970 password=sAw profile=4M-Async-NAT service=pppoe
add local-address=10.20.40.1 name=Necsa password=Sok profile=\
default-encryption remote-address=10.20.40.2 service=l2tp

Anything else required?

Also please post:

/ip pool exp
/ip pool used print

[RaynoP@Aslan] > ip pool exp
# jun/24/2014 14:08:58 by RouterOS 6.15
# software id = TMU1
#
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=RemoteAddr ranges=10.20.31.2-10.20.31.128
[RaynoP@Aslan] > ip pool use pr
POOL ADDRESS OWNER INFO
RemoteAddr 10.20.31.122 PPPoE<24:A4:3C:B4:3... 3888
RemoteAddr 10.20.31.123 PPPoE<24:A4:3C:9A:B... 3675
RemoteAddr 10.20.31.124 PPPoE<24:A4:3C:E8:1... 3909
RemoteAddr 10.20.31.125 PPPoE<24:A4:3C:B4:2... 3880
RemoteAddr 10.20.31.126 PPPoE<24:A4:3C:9A:E... 3804
RemoteAddr 10.20.31.127 PPPoE<24:A4:3C:E8:1... 3948
RemoteAddr 10.20.31.128 PPPoE<DC:9F:DB:5E:8... 3937
[RaynoP@Aslan] >

I can also provide a remote login.