PBR PTPT IPIP

From MikroTik Wiki
Revision as of 18:01, 7 February 2013 by Asghari (talk | contribs)
Jump to: navigation, search

Policy Base Routing on IPIP tunnel with PTP Addressing.

In this article you can know how to configure IPIP tunnel, PTP addressing at the end using Policy base Routing (PBR) on Tunnel IPIP).

Theory about (PBR)

In computer networking, policy-based routing (PBR) is a technique used to make routing decisions based on policies
set by the network administrator.
When a router receives a packet it normally decides where to forward it based on the destination address in thepacket, which is then used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria. For example, a network administrator might want to forward a packet based on the source address, not the destination address. This should not be confused with source routing.
Policy-based routing may also be based on the size of the packet, the protocol of the payload, or other information available in a packet header or payload. This permits routing of packets originating from different sources to different networks even when the destinations are the same and can be useful when interconnecting several private networks.
In this Example I Want Shown how to configure IPIP Tunnel with PTP addressing and at the end using PBR to bypass filtered Sites form DCI.
In my country some website are filtered by DCI so I used PBR to forward my Client's request to another MikroTik in other country.(for example USA)
For This Reason I Want When Request Was For Facebook And YouTube Website an so,The Packets Goes through IPIP Tunnel And Other Normal Connection Goes through Country Internet Connection. Diagram:
Policy Base Routing on IPIP tunnel with PTP Addressing.jpg
For this Scenario we need configure both side ip addresses, configure IPIP tunnel and at the end mark client's request to forward through IPIP Tunnel.
Step one addressing
On the MikroTik 540G(filtered):
add ip address Code 

ip address add address=192.168.20.1/24 interface="Ether 2 LAN" disabled=no
ip address add address=46.1.1.1 interface="Ether 1 Public" disable=no


On the MikroTik 540G Free Internet(no Filtered):
add ip address code: 

ip address add address=10.10.10.2/32 interface="Ether 1 Public" disable=no


Step two Configure IPIP tunnel:
On the MikroTik 540G(filtered):
add IPIP Tunnel Code : 

interface ipip add name=IPIP local-address=46.1.1.1 remote-address=109.200.5.181 disabled=no


On the MikroTik 540G Free Internet(no filtered):

add IPIP Tunnel Code : 

interface ipip add name=IPIP local-address=109.200.5.181 remote-address=46.1.1.1 disabled=no


IPIP-interface.jpg
Step three adds IP address for IPIP interfaces(PTP addressing):
On the MikroTik 540G(filtered):
add ip address Code: 

ip address add address=10.10.10.1 network=10.10.10.2 interface=ipip1 disabled=no


On the MikroTik 540G Free Internet(no filtered):
add ip address code 

ip address add address=10.10.10.2 network=10.10.10.1 interface=ipip1 disabled=no


P2P-addressing.jpg
Step four mark Client's Packet with firewall mangle mark Routing.
I have 2 clients so for best working I create one address list with name HASAN then put clients IP address there.
add address list code : 

ip firewall address-list add address=192.168.20.55 list=HASAN
ip firewall address-list add address=192.168.20.54 list=HASAN


I should select my Network for Using PBR to Visit Facebook and YouTube Websites. we can use Content Field (Facebook or YouTube String), Or Use Destination Address of Facebook of YouTube Website (Nslookup), Or You Route Every Connection Trough This Connection.
In this example I use destination address to mark packet so I create another address list then put destination address there.
add address list code 

ip firewall address-list add address=31.13.64.23 list=Sites
ip firewall address-list add address=74.125.143.136 list=Sites


Retrieved from "https://wiki.mikrotik.com/index.php?title=PBR_PTPT_IPIP&oldid=24957"