Manual:BCP bridging (PPP tunnel bridging): Difference between revisions
No edit summary |
No edit summary |
||
Line 121: | Line 121: | ||
[[Category:Manual]] | [[Category:Manual]] | ||
[[Category:Interface]] | |||
[[Category:VPN]] | |||
[[Category:Case Studies]] |
Revision as of 08:42, 12 March 2010
Applies to RouterOS: v3, v4
Summary
RouterOS supports BCP (Bridge Control Protocol) for PPP, PPTP, L2TP and PPPoE interfaces. BCP allows to bridge Ethernet packets through the PPP link. Established BCP is independent part of the PPP tunnel, it is not related to any IP address of PPP interface, bridging and routing can happen at the same time independently. BCP can be used instead of EoIP + used VPN Tunnel or WDS link over the wireless network.
Requirements
BCP (Bridge Control Protocol) should be enabled on both sides (PPP server and PPP client) to make it work. MikroTik RouterOS can be used with other PPP device, that supports BCP accordingly to the standards, but BCP enabled is necessary.
Configuration Example
We need to interconnect two remote offices and make them in one Ethernet network. We have requirement to use encryption to protect data exchange between two offices. Let's see, how it is possible with PPTP tunnel and BCP protocol usage
Configuration Diagramm
Simple configuration is like this. We have two offices, which are remotely located. Office I is going to be used as PPTP server, Office 2 is going to be used PPTP client. Below you will see how to set configuration using Winbox and CLI.
BCP Configuration (CLI)
Office 1 configuration
First we need to create bridge interface and make sure that bridge will always have MAC address of existing interface. Reason for that is simple - when BCP is used PPP bridge port do not have any MAC address.
/interface bridge add name=bridge_local protocol-mode=rstp /interface bridge port add bridge=bridge_local interface=ether1_local /interface bridge set bridge_local admin-mac=xx:xx:xx:xx:xx:xx //// where xx:xx:xx:xx:xx:xx is MAC address of the ether1_local interface
Now we can assign local and public addresses to proper interfaces.
/ip address add address=192.168.88.1/24 interface=bridge_local /ip address add address=1.1.1.1/24 interface=ether2_public
In case you use PPP only for bridging, configuration of the ppp profile and secret is very easy - just assign user name and password in secret) and specify bridge option in the profile. PPP bridging does NOT require any IP addresses, but when normal PPP is necessary, specify local and remote addresses on server side as normally.
/ppp profile add name=ppp_bridging bridge=bridge_local use-encryption=yes /ppp secret add profile=ppp_bridging name=ppp1 password=ppp1
When bridging packets PPP tunnel need to pass packets with Layer-2 (MAC) header included , so default interface MTU (in case of pptp it is 1460) is not sufficient for this task. To ensure proper operation itis suggested to override the value by specifying MRRU option in server settings to a higher value.
MRRU allows to enable multi-link support over single link, it divides the packet to multiple channels therefore increasing possible MTU and MRU (up to 65535 bytes)
/interface pptp-server server set enabled=yes mrru=1600
Office 2 configuration
First we need to create bridge interface and make sure that bridge will always have MAC address of existing interface. Reason for that is simple - when BCP is used PPP bridge port do not have any MAC address.
/interface bridge add name=bridge_local protocol-mode=rstp /interface bridge port add bridge=bridge_local interface=ether1_local /interface bridge set bridge_local admin-mac=xx:xx:xx:xx:xx:xx //// where xx:xx:xx:xx:xx:xx is MAC address of the ether1_local interface
Assign local and public addresses to proper interfaces.
/ip address add address=192.168.88.254/24 interface=bridge_local /ip address add address=2.2.2.2/24 interface=ether2_public
Configure ppp profile so it will corespond to the profile used on the server side.
/ppp profile add name=ppp_bridging bridge=bridge_local use-encryption=yes
Create an pptp-client interface. Do not forget to specify MRRU option to ensure that bridged frames get trough the ppp tunnel.
/interface pptp-client add profile=ppp_bridging mrru=1600 connect-to=1.1.1.1 user=ppp1 password=ppp1 disabled=no
BCP Configuration (Winbox)
Office 1 Configuration
Bridge Configuration:
- Add Bridge,
- Add Bridge Port,
- Add Bridge MAC-address,
- Assign IP addresses,
- Create PPP profile for bridging,
- Add PPP client,
- Enable PPTP-server,
Office 2 Configuration
The client router configuration is the same, except that you need to configure and enable PPTP client,
- Add PPTP client,