PBR PTPT IPIP

From MikroTik Wiki
Revision as of 18:15, 7 February 2013 by Asghari (talk | contribs)
Jump to: navigation, search

Policy Base Routing on IPIP tunnel with PTP Addressing.

In this article you can know how to configure IPIP tunnel, PTP addressing at the end using Policy base Routing (PBR) on Tunnel IPIP).

Theory about (PBR)

In computer networking, policy-based routing (PBR) is a technique used to make routing decisions based on policies set by the network administrator.
When a router receives a packet it normally decides where to forward it based on the destination address in thepacket, which is then used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria. For example, a network administrator might want to forward a packet based on the source address, not the destination address. This should not be confused with source routing.
Policy-based routing may also be based on the size of the packet, the protocol of the payload, or other information available in a packet header or payload. This permits routing of packets originating from different sources to different networks even when the destinations are the same and can be useful when interconnecting several private networks.
In this Example I Want Shown how to configure IPIP Tunnel with PTP addressing and at the end using PBR to bypass filtered Sites form DCI.
In my country some website are filtered by DCI so I used PBR to forward my Client's request to another MikroTik in other country.(for example USA)
For This Reason I Want When Request Was For Facebook And YouTube Website an so,The Packets Goes through IPIP Tunnel And Other Normal Connection Goes through Country Internet Connection. Diagram:
Policy Base Routing on IPIP tunnel with PTP Addressing.jpg
For this Scenario we need configure both side ip addresses, configure IPIP tunnel and at the end mark client's request to forward through IPIP Tunnel.
Step one addressing
On the MikroTik 540G(filtered):
add ip address Code 

ip address add address=192.168.20.1/24 interface="Ether 2 LAN" disabled=no
ip address add address=46.1.1.1 interface="Ether 1 Public" disable=no


On the MikroTik 540G Free Internet(no Filtered):
add ip address code: 

ip address add address=10.10.10.2/32 interface="Ether 1 Public" disable=no


Step two Configure IPIP tunnel:
On the MikroTik 540G(filtered):
add IPIP Tunnel Code : 

interface ipip add name=IPIP local-address=46.1.1.1 remote-address=109.200.5.181 disabled=no


On the MikroTik 540G Free Internet(no filtered):

add IPIP Tunnel Code : 

interface ipip add name=IPIP local-address=109.200.5.181 remote-address=46.1.1.1 disabled=no


IPIP-interface.jpg
Step three adds IP address for IPIP interfaces(PTP addressing):
On the MikroTik 540G(filtered):
add ip address Code: 

ip address add address=10.10.10.1 network=10.10.10.2 interface=ipip1 disabled=no


On the MikroTik 540G Free Internet(no filtered):
add ip address code 

ip address add address=10.10.10.2 network=10.10.10.1 interface=ipip1 disabled=no


P2P-addressing.jpg
Step four mark Client's Packet with firewall mangle mark Routing.
I have 2 clients so for best working I create one address list with name HASAN then put clients IP address there.
add address list code : 

ip firewall address-list add address=192.168.20.55 list=HASAN
ip firewall address-list add address=192.168.20.54 list=HASAN


I should select my Network for Using PBR to Visit Facebook and YouTube Websites. we can use Content Field (Facebook or YouTube String), Or Use Destination Address of Facebook of YouTube Website (Nslookup), Or You Route Every Connection Trough This Connection.
In this example I use destination address to mark packet so I create another address list then put destination address there.
add address list code 

ip firewall address-list add address=31.13.64.23 list=Sites
ip firewall address-list add address=74.125.143.136 list=Sites


Then mark connection and set name IPIP PACKET we must select prerouting as chain.
Prerouting.jpg
then in the advanced menu select src , dst address list.(src address is client address and dst address is visited sites).
Prerouting-2.jpg
At the end select action then set name(mark routing)
Prerouting-3.jpg
mangle code : 

ip firewall mangle add chain=prerouting src-address-list=HASAN dst-address-list=Sites action=mark-routing new-routing-mark="IPIP PACKET"


Step five – Static Route
In this Step we need add a static route for That Packets They Are Matched and Marked by Mangle and We Want Route Them to IPIP Connection.
Static-route-ipip.jpg
static route command: 

ip route add dst-address=0.0.0.0/0 gateway=ipip routing-mark="IPIP PACKET"


Retrieved from "https://wiki.mikrotik.com/index.php?title=PBR_PTPT_IPIP&oldid=24965"