Manual:BCP bridging (PPP tunnel bridging): Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 121: Line 121:


[[Category:Manual]]
[[Category:Manual]]
[[Category:Interface]]
[[Category:VPN]]
[[Category:Case Studies]]

Revision as of 08:42, 12 March 2010

Applies to RouterOS: v3, v4

Summary

RouterOS supports BCP (Bridge Control Protocol) for PPP, PPTP, L2TP and PPPoE interfaces. BCP allows to bridge Ethernet packets through the PPP link. Established BCP is independent part of the PPP tunnel, it is not related to any IP address of PPP interface, bridging and routing can happen at the same time independently. BCP can be used instead of EoIP + used VPN Tunnel or WDS link over the wireless network.

Requirements

BCP (Bridge Control Protocol) should be enabled on both sides (PPP server and PPP client) to make it work. MikroTik RouterOS can be used with other PPP device, that supports BCP accordingly to the standards, but BCP enabled is necessary.

Configuration Example

We need to interconnect two remote offices and make them in one Ethernet network. We have requirement to use encryption to protect data exchange between two offices. Let's see, how it is possible with PPTP tunnel and BCP protocol usage

Configuration Diagramm

Simple configuration is like this. We have two offices, which are remotely located. Office I is going to be used as PPTP server, Office 2 is going to be used PPTP client. Below you will see how to set configuration using Winbox and CLI.

BCP Configuration (CLI)

Office 1 configuration

First we need to create bridge interface and make sure that bridge will always have MAC address of existing interface. Reason for that is simple - when BCP is used PPP bridge port do not have any MAC address.

/interface bridge add name=bridge_local protocol-mode=rstp
/interface bridge port add bridge=bridge_local interface=ether1_local
/interface bridge set bridge_local admin-mac=xx:xx:xx:xx:xx:xx           
//// where xx:xx:xx:xx:xx:xx is MAC address of the ether1_local interface

Now we can assign local and public addresses to proper interfaces.

/ip address add address=192.168.88.1/24 interface=bridge_local
/ip address add address=1.1.1.1/24 interface=ether2_public

In case you use PPP only for bridging, configuration of the ppp profile and secret is very easy - just assign user name and password in secret) and specify bridge option in the profile. PPP bridging does NOT require any IP addresses, but when normal PPP is necessary, specify local and remote addresses on server side as normally.

/ppp profile add name=ppp_bridging bridge=bridge_local use-encryption=yes
/ppp secret add profile=ppp_bridging name=ppp1 password=ppp1

When bridging packets PPP tunnel need to pass packets with Layer-2 (MAC) header included , so default interface MTU (in case of pptp it is 1460) is not sufficient for this task. To ensure proper operation itis suggested to override the value by specifying MRRU option in server settings to a higher value.

MRRU allows to enable multi-link support over single link, it divides the packet to multiple channels therefore increasing possible MTU and MRU (up to 65535 bytes)

/interface pptp-server server set enabled=yes mrru=1600
Office 2 configuration

First we need to create bridge interface and make sure that bridge will always have MAC address of existing interface. Reason for that is simple - when BCP is used PPP bridge port do not have any MAC address.

/interface bridge add name=bridge_local protocol-mode=rstp
/interface bridge port add bridge=bridge_local interface=ether1_local
/interface bridge set bridge_local admin-mac=xx:xx:xx:xx:xx:xx           
//// where xx:xx:xx:xx:xx:xx is MAC address of the ether1_local interface
Assign local and public addresses to proper interfaces.
/ip address add address=192.168.88.254/24 interface=bridge_local
/ip address add address=2.2.2.2/24 interface=ether2_public

Configure ppp profile so it will corespond to the profile used on the server side.

/ppp profile add name=ppp_bridging bridge=bridge_local use-encryption=yes

Create an pptp-client interface. Do not forget to specify MRRU option to ensure that bridged frames get trough the ppp tunnel.

/interface pptp-client 
add profile=ppp_bridging mrru=1600 connect-to=1.1.1.1 user=ppp1 password=ppp1 disabled=no

BCP Configuration (Winbox)

Office 1 Configuration

Bridge Configuration:

  • Add Bridge,


  • Add Bridge Port,


  • Add Bridge MAC-address,


  • Assign IP addresses,


  • Create PPP profile for bridging,


  • Add PPP client,


  • Enable PPTP-server,

Office 2 Configuration

The client router configuration is the same, except that you need to configure and enable PPTP client,

  • Add PPTP client,