Sunday, May 29, 2011

IPIP Tunnel Interfaces

General Information



Summary


The IPIP tunneling implementation on the MikroTik RouterOS is RFC 2003 compliant. IPIP tunnel is a simple protocol that encapsulates IP packets in IP to make a tunnel between two routers. The IPIP tunnel interface appears as an interface under the interface list. Many routers, including Cisco and Linux based, support this protocol. This protocol makes multiple network schemes possible.

IP tunneling protocol adds the following possibilities to a network setups:


  • to tunnel Intranets over the Internet

  • to use it instead of source routing




Quick Setup Guide


To make an IPIP tunnel between 2 MikroTik routers with IP addresses 10.5.8.104 and 10.1.0.172, using IPIP tunnel addresses 10.0.0.1 and 10.0.0.2, follow the next steps.


  • Configuration on router with IP address 10.5.8.104:


    1. Add an IPIP interface (by default, its name will be ipip1):
      [admin@MikroTik] interface ipip> add local-address=10.5.8.104 \
      remote-address=10.1.0.172 disabled=no


    2. Add an IP address to created ipip1 interface:
      [admin@MikroTik] ip address> add address=10.0.0.1/24 interface=ipip1




  • Configuration on router with IP address 10.1.0.172:


    1. Add an IPIP interface (by default, its name will be ipip1):
      [admin@MikroTik] interface ipip> add local-address=10.1.0.172 \
      remote-address=10.5.8.104 disabled=no


    2. Add an IP address to created ipip1 interface:
      [admin@MikroTik] ip address> add address=10.0.0.2/24 interface=ipip1







Specifications


Packages required: system
License required: Level1 (limited to 1 tunnel) , Level3 (200 tunnels) , Level5 (unlimited)
Submenu level: /interface ipip
Standards and Technologies: IPIP (RFC 2003)
Hardware usage: Not significant

Additional Resources




IPIP Setup


Submenu level: /interface ipip

Description


An IPIP interface should be configured on two routers that have the possibility for an IP level connection and are RFC 2003 compliant. The IPIP tunnel may run over any connection that transports IP. Each IPIP tunnel interface can connect with one remote router that has a corresponding interface configured. An unlimited number of IPIP tunnels may be added to the router. There may only be one tunnel between a pair of IP addresses, so if you need various different tunnels between same hosts, use more than one IP address. For more details on IPIP tunnels, see RFC 2003.


Property Description


local-address (IP address) - local address on router which sends IPIP traffic to the remote hostmtu (integer; default: 1480) - Maximum Transmission Unit. Should be set to 1480 bytes to avoid fragmentation of packets. May be set to 1500 bytes if mtu path discovery is not working properly on linksname (name; default: ipipN) - interface name for referenceremote-address (IP address) - the IP address of the remote host of the IPIP tunnel - may be any RFC 2003 compliant router

Notes




Use /ip address add command to assign an IP address to the IPIP interface.

There is no authentication or 'state' for this interface. The bandwidth usage of the interface may be monitored with the monitor feature from the interface menu.

MikroTik RouterOS IPIP implementation has been tested with Cisco 1005. The sample of the Cisco 1005 configuration is given below:
interface Tunnel0
 ip address 10.3.0.1 255.255.255.0
 tunnel source 10.0.0.171
 tunnel destination 10.0.0.204
 tunnel mode ipip


Application Examples



Description


Suppose we want to add an IPIP tunnel between routers R1 and R2:



At first, we need to configure IPIP interfaces and then add IP addresses to them.

The configuration for router R1 is as follows:
[admin@MikroTik] interface ipip> add
local-address: 10.0.0.1
remote-address: 22.63.11.6
[admin@MikroTik] interface ipip> print
Flags: X - disabled, R - running, D - dynamic
  #    NAME                               MTU   LOCAL-ADDRESS   REMOTE-ADDRESS
  0 X  ipip1                              1480  10.0.0.1        22.63.11.6

[admin@MikroTik] interface ipip> enable 0
[admin@MikroTik] interface ipip> /ip address add address 1.1.1.1/24 interface=ipip1

The configuration of the R2 is shown below:
[admin@MikroTik] interface ipip> add local-address=22.63.11.6 remote-address=10.0.0.1
[admin@MikroTik] interface ipip> print
Flags: X - disabled, R - running, D - dynamic
  #    NAME                               MTU   LOCAL-ADDRESS   REMOTE-ADDRESS
  0 X  ipip1                              1480  22.63.11.6      10.0.0.1

[admin@MikroTik] interface ipip> enable 0
[admin@MikroTik] interface ipip> /ip address add address 1.1.1.2/24 interface=ipip1

Now both routers can ping each other:
[admin@MikroTik] interface ipip> /ping 1.1.1.2
1.1.1.2 64 byte ping: ttl=64 time=24 ms
1.1.1.2 64 byte ping: ttl=64 time=19 ms
1.1.1.2 64 byte ping: ttl=64 time=20 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 19/21.0/24 ms
[admin@MikroTik] interface ipip>

© Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registered trademarks mentioned herein are properties of their respective owners.
Posted by I Nyoman Suryasa, S.Kom, M.Kom at 6:27:00 PM
Labels:

No comments:

Post a Comment

Terima kasih atas komentar yang anda sampaikan , sehingga dapat menambah wawasan saya sebagai penulis dan membuat blog ini semakin berguna banyak orang

Subscribe to: Post Comments (Atom)