Hi,
I am trying to create a hub-spoke topology using EoIP.
I have create 1 EoIP Point to point tunnel successfuly using Bridge to include both the real interface and EoIP interface.
Is it necessary to run Bridge mode for the EoIP to established tunnel successfully ?
As mentioned, in a Hub to Spoke topology, my hub only has 1 real interface. How to create multiple EoIP tunnels over that real interface ?
Bridge mode doesn;t allow me to share the real interface.
Thanks…
Hi,
I have found a workaround way, but its ugly.
Create multiples VLANs under the real interface.
Under bridge mode, add the logical VLANs with their respective EoIP interface tunnel.
Is that the correct way to create a hub-and-spoke topology ?
There is no need to make VLANS to establish multiple EoIP tunnels as long as you specify unique tunnel-ids.
Hi,
But does EoIP tunnel need bridge to function ? Because i cannot add the real interface to another bridge if it has been added before. Thanks
No, bridge is not required for EoIP to function. And of course you will not be able to add one physical interface to multiple bridges.
You can easily put in one bridge all EoIP tunnels and one physical interface. Or maybe I just misunderstood what you want to achieve.
Hi Thanks for your reply.
I follow the example given and I cannot established EoIP without introducing Bridge.
I understand that EoIP is a stateless tunnel, so it always shows it running.
Do i need to add static route with the gateway set to the EoIP interface or the remote end IP ?
My goal is try to create multiple EoIP tunnels from one hub single interface IP to different hub sites. (Hub to spoke topology)
Thanks.
you have to set ip address of the other end of eoip tunnel and tunnel-id that is all
if you want to establish eoip tunnel from A-------B then on A you have to set up ip address of B and vice versa on B
when you create tunnel it is as if it is normal Ethernet interface.
Yup. I tried that. But my private LAN A cannot ping to private LAN B
192.168.1.0/24 (LAN A)—>10.10.10.1/24 (WAN A)—eoip–> 10.10.10.2/24(WAN B)---->192.168.2.0/24(LAN B)
I have create a eoip between 10.10.10.1/24 and 10.10.10.2/24. But I cannot ping from 192.168.1.0/24 to 192.168.2.0/24 unless i create a bridge across. Is bridge necessary for EoIP ?
Sorry i am confused. Because i have create VPN IPSec in layer 3. EoIP in layer 2 got me confused…
all the routing and bridging apply to these tunnels, it wont miraculously guess what you want to bridge with what.
you have to configure it yourself. It is layer 2 tunnel. that is it, no magic involved
Thanks. So i just use the same way of configuring a layer 3 tunnel to EoIP tunnel layer 2 ?
Its either I use bridging (which allows arp and broadcast to flow thru the EoIP tunnel ?)
Or
I use static routes over EoIP tunnel endpoint as gateway ? If i use static routes over EoIP layer 2, will arp packets flow thru it as well ?
The reason i ask is because I wanted multicast packets to flow thru EoIP tunnel since pure IPSec doesnt support multicast traffic.
Another option is using IPIP layer 3. But I have tried using PIM Sparse mode on IPIP interface, the multicast doesnt work. Is there any documentation i can refer to ?
Hi,
Can anyone help please ?
I cannot create an EoIP tunnel without creating a bridge over it to let traffic flow thru.
Is it a necessity to create a bridge over EoIP ?
yes, multicast will work over EoIP as it was normal ethernet.
you can configure routes for routed network, you can bridge EoIP as result you can use PPPoE through that link to authenticate users.
Also, you have some means to forward traffic through the interface - same as with ethernet. if you have no configuration - no traffic will enter it, no traffic will come out of it.
If you do not want to add ip addresses, you have to bridge it.
Imagine as if you are plugging virtual cable in virtual ethernet in 2 routers, that is that EoIP tunnel, nothing different.
Hi,
Thanks for you reply. I have try configuring IPIP using a pair of MT RB450.
As for configuring routes…
I am confuse too. I apologize that i am CCNA and get quite use to adding static classless routes.
How do i configure the equivalent in RouterOS v3.2 ?
I am using winbox and i can only add IP address to IPIP interface in RB450. How do I route a local private subnet to this IPIP gateway ? Since i have bond 2 slave ether to the primary ether with IPIP interface.
I have to admit, the documentation is indeed lacking. Thanks for your time to explain.
I think i found the answer. The RIP is disable by default in MT. I enabled it and its works.
Most other routers do came with RIP default enabled. Time to explore more about MT routers and L3 switch…
if you truly want to pass broadcasts and bridge the two networks you shouldnt place any IP address on the EoIP tunnel itself (other than its outside endpoints) and just bridge those interfaces to the LANs on each side. Both sides can then use the same subnets.
192.168.1.0/24 (LAN A)—>10.10.10.1/24 (WAN A)—eoip–> 10.10.10.2/24(WAN B)---->192.168.1.0/24(LAN B)
Thanks. I understand that. But if its a multicast traffic, EoIP+Bridge which is at layer 2 (cannot differentiate between multicast and broadcast) will flood all EoIP tunnels connecting to the same bridge. Is that true ?
Is there IGMP or PIM functioning at EoIP ?
IGMP and PIM would be functions of the bridging code not the EoIP tunnel.
Or make as follow:
192.168.1.0**/22** (LAN A)—>10.10.10.1/24 (WAN A)—eoip–> 10.10.10.2/24(WAN B)---->192.168.2.0**/22**(LAN B)
see how fast time passes by. eight years later today, i still find this topic fascinating..
long story short, i want to recreate the same tunnel settings as mentioned above.
if 192.168.1.0/22 is on this part of the world and 192.168.2.0/22 is on the other far end part of the world, can i..
Yes, yes, and yes. The caveat here is the latency. You need to know your apps, their usage patterns, and the effects on user interactions. For example, a user may be used to a 200ms response to an action in their accounting application, but if the connectivity carrying the EoIP link makes everything 20 times slower, then that response now takes 4 seconds and the user thinks the app is broken.