Manual:Interface/EoIP: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
 
(26 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Versions|2.9, v3, v4+}}
<div class=manual>
<div class=manual>


<h2>Summary</h2>
==Summary==
<p><b>Sub-menu:</b> <code>/interface eoip</code></p>
<p id="shbox"><b>Sub-menu:</b> <code>/interface eoip</code>
<p><b>Standards:</b> <code>GRE RFC 1701</code></p>
<br />
<b>Standards:</b> <code>GRE RFC 1701</code></p>
<br />
<br />
<p>
<p>


Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over [[IPIP]] tunnel, [[PPTP]] tunne or any other connection capable of transporting IP. <br />
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over [[M:Interface/IPIP | IPIP]] tunnel, [[M:Interface/PPTP | PPTP]] tunnel or any other connection capable of transporting IP. <br />
When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
<br />
<br />
Line 23: Line 26:
</p>
</p>


<h2>Properties</h2>
==Properties==


<table class="styled_table">
<table class="styled_table">
Line 32: Line 35:
<tr>
<tr>
     <td><var><b>arp</b></var> (<em>disabled | enabled | proxy-arp | reply-only</em>; Default: <b>enabled</b>)</td>
     <td><var><b>arp</b></var> (<em>disabled | enabled | proxy-arp | reply-only</em>; Default: <b>enabled</b>)</td>
     <td>Address Resolution Protocol mode</td>
     <td>Address Resolution Protocol mode.
    <ul class="bullets">
        <li> <var>disabled</var> - the interface will not use ARP
        <li> <var>enabled</var> - the interface will use ARP
        <li> <var>proxy-arp</var> - the interface will use the ARP proxy feature
        <li> <var>reply-only</var> - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the "/ip arp" table. No dynamic entries will be automatically stored in the "/ip arp" table. Therefore for communications to be successful, a valid static entry must already exist.
    </ul>
</td>
</tr>
<tr>
    <td><var><b>clamp-tcp-mss</b></var> (<em>yes | no</em>; Default: <b>yes</b>)</td>
    <td></td>
<tr>
<tr>
    <td><var><b>dont-fragment</b></var> (<em>inherit | no</em>; Default: <b>no</b>)</td>
    <td></td>
<tr>
<tr>
    <td><var><b>dscp</b></var> (<em>integer: 0-63</em>; Default: <b>inherited</b>)</td>
    <td>DSCP value of packet. Inherited option means that dscp value will be inherited from packet which is going to be encapsulated.</td>
</tr>
<tr>
    <td><var><b>ipsec-secret</b></var> (<em>string</em>; Default: <b></b>)</td>
    <td>When secret is specified, router adds dynamic ipsec peer to remote-address with pre-shared key and policy with default values (by default phase2 uses sha1/aes128cbc).</td>
<tr>
<tr>
    <td><var><b>keepalive</b></var> (<em>integer[/time],integer 0..4294967295</em>; Default: <b>10s,10</b>)</td>
    <td>Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed.
Parameters are written in following format: <code>KeepaliveInterval,KeepaliveRetries</code> where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries.</td>
<tr>
    <td><var><b>l2mtu</b></var> (''integer; read-only'')</td>
    <td>Layer2 Maximum transmission unit. Not configurable for EoIP. [[M:Maximum_Transmission_Unit_on_RouterBoards | <code>Read more>></code>]]</td>
</tr>
<tr>
    <td><var><b>local-address</b></var> (<em>IP</em>; Default: <b></b>)</td>
    <td>Source address of the tunnel packets, local on the router.</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>mac-address</b></var> (<em>MAC</em>; Default: <b></b>)</td>
     <td><var><b>mac-address</b></var> (<em>MAC</em>; Default: <b></b>)</td>
     <td>Media Access Control number of an interface. The address numeration authority allows to use MAC addresses in the range from <b>00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF</b> freely</td>
     <td>Media Access Control number of an interface. The address numeration authority IANA allows the use of MAC addresses in the range from <b>00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF</b> freely</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>mtu</b></var> (<em>integer</em>; Default: <b>1500</b>)</td>
     <td><var><b>mtu</b></var> (<em>integer</em>; Default: <b>auto</b>)</td>
     <td>Layer3 Maximum transmission unit</td>
     <td>Layer3 Maximum transmission unit</td>
</tr>
</tr>
Line 54: Line 92:
     <td>Unique tunnel identifier, which must match other side of the tunnel</td>
     <td>Unique tunnel identifier, which must match other side of the tunnel</td>
</tr>
</tr>
</table>
</table>


<h2>Notes</h2>
==Notes==
<code>tunnel-id</code> is method of identifying tunnel. It must be unique for each EoIP tunnel.
<var>tunnel-id</var> is method of identifying tunnel. It must be unique for each EoIP tunnel.
<br /><br />
<br /><br />
<code>mtu</code> should be set to 1500 to eliminate packet refragmentation inside the tunnel (that allows transparent bridging of Ethernet-like networks, so that it would be possible to transport full-sized Ethernet frame over the tunnel).
<var>mtu</var> should be set to 1500 to eliminate packet refragmentation inside the tunnel (that allows transparent bridging of Ethernet-like networks, so that it would be possible to transport full-sized Ethernet frame over the tunnel).
<br /><br />
<br /><br />
When bridging EoIP tunnels, it is highly recommended to set unique MAC addresses for each tunnel for the bridge algorithms to work correctly. For EoIP interfaces you can use MAC addresses that are in the range from <b>00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF </b>, which IANA has reserved for such cases. Alternatively, you can set the second bit of the first byte to mark the address as locally administered address, assigned by network administrator, and use any MAC address, you just need to ensure they are unique between the hosts connected to one bridge.
When bridging EoIP tunnels, it is highly recommended to set unique MAC addresses for each tunnel for the bridge algorithms to work correctly. For EoIP interfaces you can use MAC addresses that are in the range from <b>00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF </b>, which IANA has reserved for such cases. Alternatively, you can set the second bit of the first byte to modify the auto-assigned address into a 'locally administered address', assigned by the network administrator and thus use any MAC address, you just need to ensure they are unique between the hosts connected to one bridge.
 
{{Note | EoIP tunnel adds at least 42 byte overhead (8byte GRE + 14 byte Ethernet + 20 byte IP) }}
 
==Setup examples==
<p>
Let us assume we want to bridge two networks: 'Office LAN' and 'Remote LAN'. By using EoIP setup can be made so that Office and Remote LANs are in the same Layer2 broadcast domain.
</p>
<p>
Consider following setup:
</p>
[[File:eoip-example.png]]
<p>
As you know wireless station cannot be bridged, to overcome this limitation (not involving WDS) we will create EoIP tunnel over the wireless link and bridge it with interfaces connected to local networks.
</p>
 
<p>
We will not cover wireless configuration in this example, lets assume that wireless link is already established
</p>
 
At first we create EoIP tunnel on our gateway ...
<pre>
[admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 \
\... remote-address=10.0.0.2
[admin@Our_GW] interface eoip> enable eoip-remote
[admin@Our_GW] interface eoip> print
Flags: X - disabled, R - running
  0    name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=0
[admin@Our_GW] interface eoip>
</pre>
... and on Remote router
<pre>
[admin@Remote] interface eoip> add name="eoip-main" tunnel-id=0 \
\... remote-address=10.0.0.1
[admin@Remote] interface eoip> enable eoip-main
[admin@Remote] interface eoip> print
Flags: X - disabled, R - running
  0  name=eoip mtu=1500 arp=enabled remote-address=10.0.0.1 tunnel-id=0
 
[admin@Remote] interface eoip>
</pre>
 
Next step is to bridge local interfaces with EoIP tunnel
On Our GW ...
<pre>
[admin@Our_GW] interface bridge> add
[admin@Our_GW] interface bridge> print
Flags: X - disabled, R - running
0  R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
      protocol-mode=none priority=0x8000 auto-mac=yes
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
      transmit-hold-count=6 ageing-time=5m
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=eoip-remote
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=office-eth
[admin@Our_GW] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
#    INTERFACE      BRIDGE  PRIORITY PATH-COST
0    eoip-remote    bridge1 128      10
1    office-eth    bridge1 128      10
[admin@Our_GW] interface bridge>
</pre>
 
... and Remote router:
<pre>
[admin@Remote] interface bridge> add
[admin@Remote] interface bridge> print
Flags: X - disabled, R - running
0  R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
      protocol-mode=none priority=0x8000 auto-mac=yes
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
      transmit-hold-count=6 ageing-time=5m
[admin@Remote] interface bridge> port add bridge=bridge1 interface=ether
[admin@Remote] interface bridge> port add bridge=bridge1 interface=eoip-main
[admin@Remote] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
#    INTERFACE      BRIDGE  PRIORITY PATH-COST
0    ether          bridge1 128      10
1    eoip-main      bridge1 128      10   
[admin@Remote] interface bridge>
</pre>


<h2>Setup examples</h2>
Now both sites are in the same Layer2 broadcast domain. You can set up IP addresses from the same network on both sites.


</div>
</div>


[[Category:Manual]]
{{Cont}}
 
[[Category:Manual|E]]
[[Category:VPN|E]]
[[Category:Interface|E]]

Revision as of 16:06, 19 December 2019

Version.png

Applies to RouterOS: 2.9, v3, v4+

Summary

Sub-menu: /interface eoip
Standards: GRE RFC 1701


Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel or any other connection capable of transporting IP.
When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.

Network setups with EoIP interfaces:

  • Possibility to bridge LANs over the Internet
  • Possibility to bridge LANs over encrypted tunnels
  • Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks


The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.

Properties

Property Description
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled) Address Resolution Protocol mode.
  • disabled - the interface will not use ARP
  • enabled - the interface will use ARP
  • proxy-arp - the interface will use the ARP proxy feature
  • reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the "/ip arp" table. No dynamic entries will be automatically stored in the "/ip arp" table. Therefore for communications to be successful, a valid static entry must already exist.
clamp-tcp-mss (yes | no; Default: yes)
dont-fragment (inherit | no; Default: no)
dscp (integer: 0-63; Default: inherited) DSCP value of packet. Inherited option means that dscp value will be inherited from packet which is going to be encapsulated.
ipsec-secret (string; Default: ) When secret is specified, router adds dynamic ipsec peer to remote-address with pre-shared key and policy with default values (by default phase2 uses sha1/aes128cbc).
keepalive (integer[/time],integer 0..4294967295; Default: 10s,10) Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries.
l2mtu (integer; read-only) Layer2 Maximum transmission unit. Not configurable for EoIP. Read more>>
local-address (IP; Default: ) Source address of the tunnel packets, local on the router.
mac-address (MAC; Default: ) Media Access Control number of an interface. The address numeration authority IANA allows the use of MAC addresses in the range from 00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF freely
mtu (integer; Default: auto) Layer3 Maximum transmission unit
name (string; Default: ) Interface name
remote-address (IP; Default: ) IP address of remote end of EoIP tunnel
tunnel-id (integer: 65536; Default: ) Unique tunnel identifier, which must match other side of the tunnel

Notes

tunnel-id is method of identifying tunnel. It must be unique for each EoIP tunnel.

mtu should be set to 1500 to eliminate packet refragmentation inside the tunnel (that allows transparent bridging of Ethernet-like networks, so that it would be possible to transport full-sized Ethernet frame over the tunnel).

When bridging EoIP tunnels, it is highly recommended to set unique MAC addresses for each tunnel for the bridge algorithms to work correctly. For EoIP interfaces you can use MAC addresses that are in the range from 00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF , which IANA has reserved for such cases. Alternatively, you can set the second bit of the first byte to modify the auto-assigned address into a 'locally administered address', assigned by the network administrator and thus use any MAC address, you just need to ensure they are unique between the hosts connected to one bridge.

Icon-note.png

Note: EoIP tunnel adds at least 42 byte overhead (8byte GRE + 14 byte Ethernet + 20 byte IP)


Setup examples

Let us assume we want to bridge two networks: 'Office LAN' and 'Remote LAN'. By using EoIP setup can be made so that Office and Remote LANs are in the same Layer2 broadcast domain.

Consider following setup:

Eoip-example.png

As you know wireless station cannot be bridged, to overcome this limitation (not involving WDS) we will create EoIP tunnel over the wireless link and bridge it with interfaces connected to local networks.

We will not cover wireless configuration in this example, lets assume that wireless link is already established

At first we create EoIP tunnel on our gateway ...

[admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 \
\... remote-address=10.0.0.2
[admin@Our_GW] interface eoip> enable eoip-remote
[admin@Our_GW] interface eoip> print
Flags: X - disabled, R - running
  0    name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=0
[admin@Our_GW] interface eoip>

... and on Remote router

[admin@Remote] interface eoip> add name="eoip-main" tunnel-id=0 \
\... remote-address=10.0.0.1
[admin@Remote] interface eoip> enable eoip-main
[admin@Remote] interface eoip> print
Flags: X - disabled, R - running
  0   name=eoip mtu=1500 arp=enabled remote-address=10.0.0.1 tunnel-id=0

[admin@Remote] interface eoip>

Next step is to bridge local interfaces with EoIP tunnel On Our GW ...

[admin@Our_GW] interface bridge> add 
[admin@Our_GW] interface bridge> print
Flags: X - disabled, R - running
 0  R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 
      protocol-mode=none priority=0x8000 auto-mac=yes 
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s 
      transmit-hold-count=6 ageing-time=5m 
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=eoip-remote
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=office-eth
[admin@Our_GW] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE      BRIDGE  PRIORITY PATH-COST
 0    eoip-remote    bridge1 128      10
 1    office-eth     bridge1 128      10
[admin@Our_GW] interface bridge>

... and Remote router:

[admin@Remote] interface bridge> add 
[admin@Remote] interface bridge> print
Flags: X - disabled, R - running
 0  R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 
      protocol-mode=none priority=0x8000 auto-mac=yes 
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s 
      transmit-hold-count=6 ageing-time=5m 
[admin@Remote] interface bridge> port add bridge=bridge1 interface=ether
[admin@Remote] interface bridge> port add bridge=bridge1 interface=eoip-main
[admin@Remote] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE      BRIDGE  PRIORITY PATH-COST
 0    ether          bridge1 128      10
 1    eoip-main      bridge1 128      10     
[admin@Remote] interface bridge>

Now both sites are in the same Layer2 broadcast domain. You can set up IP addresses from the same network on both sites.

[ Top | Back to Content ]