Disclaimer! This is important!
Every Network is different , so one solution cannot be fit/applied to all. Therefore try to understand logics & create or modify the solutions as per your network scenario. Never follow copy paste blindly.
My humble request is that kindly donot consider me as an expert on this stuff, I am NOT certified in anything Mikrotik/Cisco/Linux or Windows. However I have worked with some core networks and I read , research & try stuff all of the time. So I am not speaking/posting about stuff I am formerly trained in, I pretty much go with experience and what I have learned on my own. And , If I don’t know something then I read & learn all about it.
So , please don’t hold me/my-postings to be always 100 percent correct. I make mistakes just like everybody else. However – I do my best, learn from my mistakes and try to share tips that worked for me.
Regard’s
Syed Jahanzaib~
PPP Common Problems
From some time we were getting following complains from few ISP’s regarding
- User pppoe dial stuck , not able to reach to mikrotik pppoe server
- User pppoe connectivity frequent/intermittent disconnection/termination
- User pppoe yellow mark at user device/workstation , No internet
Try to diagnose the issue one by one by below tips
- Pay attention to mikrotik CPU, if you have high number of users on single Tik, OR if you have
NATTINGenabled, then disconnection of pppoe users can cause CPU spikes resulting in Tik freezing for a minute or more causing other users disconnection, creating looping as well. Use separate router for natting. If you have high number of PPP users along with some NATTING rules, Stop using Masquarade on same router that have a lot of dynamic interfaces. DO NOT use NAT on any router that have high number of connecting/disconnecting interfaces , like pppoe/vpn. Place an additional router connected with your PPPoE NAS, and route NAT traffic there. Make sure to disable CONNECTION TRACKING on PPPoE NAS router. As a rule of thumb, to divide load (& as a failover) , if you are using ccr1036 , add another ccr1036 after every 1200-1500 users. - PPP is sensitive to high delays and network timeouts, Make sure you dont have layer 2 level broadcast/delays
- If you Cisco switch with VLANs , set
STP/RSTPtononeon switch TRUNK [*** This sorted the ppp disconnection at few networks] - If you have Cisco switches with VLANs, Do Not allow
allVLANSonTRUNKports, Allow only limited/designated vlans on TRUNK port [*** This sorted dialup stuck / yellow signs issues at few networks] - Changing the MTU [sometimes it sorts websites & few apps related issues , examples whatsAPP , Telegram, etc]
- Try to disable
Encryptionon the profile of the pppoe - Choosing only (
pap) for pppoe server [This sorts some old freeradius related issues] - Disable
RSTPon all ports/VLANS [Test with caution, for temporary basis only] - Disable
LOOPprotection in mikrotik ports settings [Test with caution, for temporary basis only] - Do Not disable
ICMPSome user end routers checks for icmp reachability to detect internet access. It’s quite worse when there are operators that think that ICMP is dangerous and it has to be blocked. Make sure you are not blocking all ICMP traffic, just fine tune it to allow at least certain type of icmp packets, however, when someone further upstream does that, you will have problems - Do Not disable NTP protocol, [it is being used by many devices like android devices like android TV’s, Gaming devices etc]
Part 3/4 Annexure Example: [Test it with caution or preferably in LAB tests]
no spanning-tree vlan 1-1014 interface GigabitEthernet2/0/1 description Trunk-LAN-2-Mikrotik switchport trunk encapsulation dot1q switchport trunk allowed vlan 2-16,99 switchport mode trunk
Personnel Opinion!
Well TBH, Mikrotik is a cheap/affordable solution & overall Mikrotik is excellent for core routing too BUT its not made for large scale ppp NATTING. Mikrotik is not an enterprise grade solution with reference to pppoe concentrator. It have it’s architecture’s limitations. As a rule of thumb/In general , We suggest that after crossing 1200-1400 ppp users (& max 2Gb of traffic), just add another mikrotik (ccr1036 or likewise) & so on. I knows few ISp’s locally who are using mikrotik who have used Mikrotik routers just start up their journey in the SP business but later they moves to more mature products like cisco/juniper/vBNG. One ISP in particular using 10-12 Mikrotiks to cater 15k users load (in routing mode only, no natting). With natting situation gets worse when ppp users disconnects in large quantity resulting in CPU hiking/freezing creating nightmares for admins)
If you have thousands of users , then you are in serious business, go with *Huawei/Juniper/Cisco* (which are much mature but comparatively costly products ) & as an alternate, you may look for *VBNG* which have pay as per you go modules.
Syed Jahanzaib
