IPIP RFC 2003
The IPIP tunneling implementation on the MikroTik RouterOS is RFC 2003 compliant. IPIP tunnel is a simple protocol that encapsulates IP packets in IP to make a tunnel between two routers. The IPIP tunnel interface appears as an interface under the interface list. Many routers, including Cisco and Linux, support this protocol. This protocol makes multiple network schemes possible.
IP tunnelling protocol adds the following possibilities to a network setups:
- to tunnel Intranets over the Internet
- to use it instead of source routing
|clamp-tcp-mss (yes | no; Default: yes)|
|dont-fragment (inherit | no; Default: no)|
|dscp (inherit | integer [0-63]; Default: )||Set dscp value in IPIP header to a fixed value or inherit from dscp value taken from tunnelled traffic|
|ipsec-secret (string; Default: )||When secret is specified, router adds dynamic ipsec peer to remote-address with pre-shared key and policy with default values (by default phase2 uses sha1/aes128cbc). Both local-address and remote-address of the tunnel must be specified for router to create valid ipsec policy.|
|local-address (IP; Default: )||IP address on a router that will be used by IPIP tunnel|
|mtu (integer; Default: 1500)||Layer3 Maximum transmission unit|
|keepalive (integer[/time],integer 0..4294967295; Default: 10s,10)||Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format:
|name (string; Default: )||Interface name|
|remote-address (IP; Default: )||IP address of remote end of IPIP tunnel|
IP/IPv6 over IPv6 tunnel functionality is added in v5RC6 and is configurable from menu:
IPv6 version uses the same properties as IPv4 version.
Suppose we want to add an IPIP tunnel between routers R1 and R2:
At first, we need to configure IPIP interfaces and then add IP addresses to them.
The configuration for router R1 is as follows:
[admin@MikroTik] interface ipip> add local-address: 10.0.0.1 remote-address: 220.127.116.11 [admin@MikroTik] interface ipip> print Flags: X - disabled, R - running # NAME MTU LOCAL-ADDRESS REMOTE-ADDRESS 0 X ipip1 1480 10.0.0.1 18.104.22.168 [admin@MikroTik] interface ipip> en 0 [admin@MikroTik] interface ipip> /ip address add address=22.214.171.124/24 interface=ipip1
The configuration of the R2 is shown below:
[admin@MikroTik] interface ipip> add local-address=126.96.36.199 remote-address=10. 0.0.1 [admin@MikroTik] interface ipip> print Flags: X - disabled, R - running # NAME MTU LOCAL-ADDRESS REMOTE-ADDRESS 0 X ipip1 1480 188.8.131.52 10.0.0.1 [admin@MikroTik] interface ipip> enable 0 [admin@MikroTik] interface ipip> /ip address add address=184.108.40.206/24 interface=ipip1
Now both routers can ping each other:
[admin@MikroTik] interface ipip> /ping 220.127.116.11 18.104.22.168 64 byte ping: ttl=64 time=24 ms 22.214.171.124 64 byte ping: ttl=64 time=19 ms 126.96.36.199 64 byte ping: ttl=64 time=20 ms 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 19/21.0/24 ms [admin@MikroTik] interface ipip>