Community discussions

MikroTik App
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 11:49 am

Hi,

I am trying to create a hub-spoke topology using EoIP.
I have create 1 EoIP Point to point tunnel successfuly using Bridge to include both the real interface and EoIP interface.

Is it necessary to run Bridge mode for the EoIP to established tunnel successfully ?

As mentioned, in a Hub to Spoke topology, my hub only has 1 real interface. How to create multiple EoIP tunnels over that real interface ?
Bridge mode doesn;t allow me to share the real interface.

Thanks.....
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 12:11 pm

Hi,

I have found a workaround way, but its ugly.

Create multiples VLANs under the real interface.

Under bridge mode, add the logical VLANs with their respective EoIP interface tunnel.

Is that the correct way to create a hub-and-spoke topology ?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6349
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 12:52 pm

There is no need to make VLANS to establish multiple EoIP tunnels as long as you specify unique tunnel-ids.
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 1:13 pm

There is no need to make VLANS to establish multiple EoIP tunnels as long as you specify unique tunnel-ids.
Hi,

But does EoIP tunnel need bridge to function ? Because i cannot add the real interface to another bridge if it has been added before. Thanks
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6349
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 2:32 pm

No, bridge is not required for EoIP to function. And of course you will not be able to add one physical interface to multiple bridges.

You can easily put in one bridge all EoIP tunnels and one physical interface. Or maybe I just misunderstood what you want to achieve.
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 2:49 pm

No, bridge is not required for EoIP to function. And of course you will not be able to add one physical interface to multiple bridges.

You can easily put in one bridge all EoIP tunnels and one physical interface. Or maybe I just misunderstood what you want to achieve.
Hi Thanks for your reply.

I follow the example given and I cannot established EoIP without introducing Bridge.
I understand that EoIP is a stateless tunnel, so it always shows it running.

Do i need to add static route with the gateway set to the EoIP interface or the remote end IP ?

My goal is try to create multiple EoIP tunnels from one hub single interface IP to different hub sites. (Hub to spoke topology)

Thanks.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6284
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 3:22 pm

you have to set ip address of the other end of eoip tunnel and tunnel-id that is all

if you want to establish eoip tunnel from A-------B then on A you have to set up ip address of B and vice versa on B

when you create tunnel it is as if it is normal Ethernet interface.
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 3:48 pm

you have to set ip address of the other end of eoip tunnel and tunnel-id that is all

if you want to establish eoip tunnel from A-------B then on A you have to set up ip address of B and vice versa on B

when you create tunnel it is as if it is normal Ethernet interface.

Yup. I tried that. But my private LAN A cannot ping to private LAN B

192.168.1.0/24 (LAN A)--->10.10.10.1/24 (WAN A)---eoip--> 10.10.10.2/24(WAN B)---->192.168.2.0/24(LAN B)

I have create a eoip between 10.10.10.1/24 and 10.10.10.2/24. But I cannot ping from 192.168.1.0/24 to 192.168.2.0/24 unless i create a bridge across. Is bridge necessary for EoIP ?

Sorry i am confused. Because i have create VPN IPSec in layer 3. EoIP in layer 2 got me confused....
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6284
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 4:12 pm

all the routing and bridging apply to these tunnels, it wont miraculously guess what you want to bridge with what.

you have to configure it yourself. It is layer 2 tunnel. that is it, no magic involved
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Tue Mar 10, 2009 4:28 pm

all the routing and bridging apply to these tunnels, it wont miraculously guess what you want to bridge with what.

you have to configure it yourself. It is layer 2 tunnel. that is it, no magic involved

Thanks. So i just use the same way of configuring a layer 3 tunnel to EoIP tunnel layer 2 ?
Its either I use bridging (which allows arp and broadcast to flow thru the EoIP tunnel ?)

Or

I use static routes over EoIP tunnel endpoint as gateway ? If i use static routes over EoIP layer 2, will arp packets flow thru it as well ?

The reason i ask is because I wanted multicast packets to flow thru EoIP tunnel since pure IPSec doesnt support multicast traffic.
Another option is using IPIP layer 3. But I have tried using PIM Sparse mode on IPIP interface, the multicast doesnt work. Is there any documentation i can refer to ?
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Wed Mar 11, 2009 5:36 am

Hi,

Can anyone help please ?

I cannot create an EoIP tunnel without creating a bridge over it to let traffic flow thru.

Is it a necessity to create a bridge over EoIP ?
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6284
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: How to create multiple EoIP tunnels ?

Wed Mar 11, 2009 9:56 am

yes, multicast will work over EoIP as it was normal ethernet.

you can configure routes for routed network, you can bridge EoIP as result you can use PPPoE through that link to authenticate users.

Also, you have some means to forward traffic through the interface - same as with ethernet. if you have no configuration - no traffic will enter it, no traffic will come out of it.

If you do not want to add ip addresses, you have to bridge it.

Imagine as if you are plugging virtual cable in virtual ethernet in 2 routers, that is that EoIP tunnel, nothing different.
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Wed Mar 11, 2009 10:30 am

Hi,

Thanks for you reply. I have try configuring IPIP using a pair of MT RB450.

As for configuring routes.....
I am confuse too. I apologize that i am CCNA and get quite use to adding static classless routes.
How do i configure the equivalent in RouterOS v3.2 ?

I am using winbox and i can only add IP address to IPIP interface in RB450. How do I route a local private subnet to this IPIP gateway ? Since i have bond 2 slave ether to the primary ether with IPIP interface.

I have to admit, the documentation is indeed lacking. Thanks for your time to explain.
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Wed Mar 11, 2009 12:15 pm

:lol: :lol:

I think i found the answer. The RIP is disable by default in MT. I enabled it and its works.

Most other routers do came with RIP default enabled. Time to explore more about MT routers and L3 switch.....
 
changeip
Forum Guru
Forum Guru
Posts: 3835
Joined: Fri May 28, 2004 5:22 pm

Re: How to create multiple EoIP tunnels ?

Wed Mar 11, 2009 6:42 pm

if you truly want to pass broadcasts and bridge the two networks you shouldnt place any IP address on the EoIP tunnel itself (other than its outside endpoints) and just bridge those interfaces to the LANs on each side. Both sides can then use the same subnets.

192.168.1.0/24 (LAN A)--->10.10.10.1/24 (WAN A)---eoip--> 10.10.10.2/24(WAN B)---->192.168.1.0/24(LAN B)
Colo and Wholesale Bandwidth Available! Sales at SanDiegoBroadband dot com
 
melwong
newbie
Topic Author
Posts: 36
Joined: Tue Mar 10, 2009 11:43 am

Re: How to create multiple EoIP tunnels ?

Thu Mar 12, 2009 2:53 am

if you truly want to pass broadcasts and bridge the two networks you shouldnt place any IP address on the EoIP tunnel itself (other than its outside endpoints) and just bridge those interfaces to the LANs on each side. Both sides can then use the same subnets.

192.168.1.0/24 (LAN A)--->10.10.10.1/24 (WAN A)---eoip--> 10.10.10.2/24(WAN B)---->192.168.1.0/24(LAN B)
Thanks. I understand that. But if its a multicast traffic, EoIP+Bridge which is at layer 2 (cannot differentiate between multicast and broadcast) will flood all EoIP tunnels connecting to the same bridge. Is that true ?

Is there IGMP or PIM functioning at EoIP ?
 
JJCinAZ
Member
Member
Posts: 476
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ

Re: How to create multiple EoIP tunnels ?

Thu Mar 12, 2009 7:49 am

IGMP and PIM would be functions of the bridging code not the EoIP tunnel.
 
User avatar
enk
Member Candidate
Member Candidate
Posts: 165
Joined: Fri Aug 17, 2007 8:59 am
Location: Russia
Contact:

Re: How to create multiple EoIP tunnels ?

Sun Mar 15, 2009 7:34 pm

if you truly want to pass broadcasts and bridge the two networks you shouldnt place any IP address on the EoIP tunnel itself (other than its outside endpoints) and just bridge those interfaces to the LANs on each side. Both sides can then use the same subnets.

192.168.1.0/24 (LAN A)--->10.10.10.1/24 (WAN A)---eoip--> 10.10.10.2/24(WAN B)---->192.168.1.0/24(LAN B)
Or make as follow:
192.168.1.0/22 (LAN A)--->10.10.10.1/24 (WAN A)---eoip--> 10.10.10.2/24(WAN B)---->192.168.2.0/22(LAN B)
as known as shados.
blog: http://betep.wpl.ru
A karma increase would be cool if you think I earned it.
 
wckd
just joined
Posts: 1
Joined: Wed Sep 23, 2015 11:40 am

Re: How to create multiple EoIP tunnels ?

Wed Sep 23, 2015 12:06 pm

if you truly want to pass broadcasts and bridge the two networks you shouldnt place any IP address on the EoIP tunnel itself (other than its outside endpoints) and just bridge those interfaces to the LANs on each side. Both sides can then use the same subnets.

192.168.1.0/24 (LAN A)--->10.10.10.1/24 (WAN A)---eoip--> 10.10.10.2/24(WAN B)---->192.168.1.0/24(LAN B)
Or make as follow:
192.168.1.0/22 (LAN A)--->10.10.10.1/24 (WAN A)---eoip--> 10.10.10.2/24(WAN B)---->192.168.2.0/22(LAN B)
see how fast time passes by. eight years later today, i still find this topic fascinating..
long story short, i want to recreate the same tunnel settings as mentioned above.

if 192.168.1.0/22 is on this part of the world and 192.168.2.0/22 is on the other far end part of the world, can i..
* share & print to remote network printer?
* sharing files & folders between the two network?
* is it really-really possible to do things like in a local (wired) networked system?
 
JJCinAZ
Member
Member
Posts: 476
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ

Re: How to create multiple EoIP tunnels ?

Wed Sep 23, 2015 6:11 pm

Yes, yes, and yes. The caveat here is the latency. You need to know your apps, their usage patterns, and the effects on user interactions. For example, a user may be used to a 200ms response to an action in their accounting application, but if the connectivity carrying the EoIP link makes everything 20 times slower, then that response now takes 4 seconds and the user thinks the app is broken.
 
morhne
just joined
Posts: 8
Joined: Sat Aug 01, 2020 10:23 pm

Re: How to create multiple EoIP tunnels ?

Sun Oct 03, 2021 4:28 am

Hello team,

I am a network admin for one ISP. I'm trying to connect 24 remotes site to a HQ using EoIP for a client because the requirement is a layer2 connectivity.

1- My ISP link ends on Eth1 of each Mikrotik
2- i would like to use only 1 interface (Eth2) at HQ side.
3- At each remote site interface Eth2 has to be considered as well.
4- I'm using RB2011UiAS for all site.
5- Once EoIP config if finished, the client will connect a Cisco router to Eth2 of my Mikrotik at each site.

Question:
1-How to create multiple EoIP tunnels over that 1 interface (Eth2) at HQ?
2-Since i'm going to consider 1 interface (Eth2) at HQ, do i need to create VLANs on Eth2.?
3- If VLANs is needed, how to avoid inter-VLAN communication ?

Thanks.
Last edited by morhne on Sun Oct 03, 2021 4:58 am, edited 1 time in total.
 
morhne
just joined
Posts: 8
Joined: Sat Aug 01, 2020 10:23 pm

Re: How to create multiple EoIP tunnels ?

Thu Oct 07, 2021 5:08 am

Hi,

When i've tried the below, tunnels are seen to be running at remote site but not seen running at HQ.

1-I've created the EoIP tunnel at each remote and HQ with their respective tunnel ID.
2- At each remote I've created a bridge in which i've put the EoIP interface and Eth2.
3- At HQ i've bridged all EoIP tunnel created in the same bridge with Eth2.
Someone Can tell me why tunnels are not running at HQ side please?

Thanks !
 
RhoAius
just joined
Posts: 9
Joined: Fri Jul 12, 2019 10:47 pm

Re: How to create multiple EoIP tunnels ?

Thu Oct 07, 2021 12:48 pm

Depends on the configuration but at HQ:
- Each EoIP tunnel needs a unique "remote address" and unique "Tunnel ID"
- In firewall, input chain, allow GRE protocol (if using public ip address [remember traffic is not encrypted] else if using internal ips check if the transport tunnel is running [ex if using ipsec])
 
morhne
just joined
Posts: 8
Joined: Sat Aug 01, 2020 10:23 pm

Re: How to create multiple EoIP tunnels ?

Mon Oct 11, 2021 6:23 pm

Depends on the configuration but at HQ:
- Each EoIP tunnel needs a unique "remote address" and unique "Tunnel ID"
- In firewall, input chain, allow GRE protocol (if using public ip address [remember traffic is not encrypted] else if using internal ips check if the transport tunnel is running [ex if using ipsec])

Hi RhoAius,
In fact each EoIP tunnel has its unique "remote address" and unique "Tunnel ID". Which make at HQ side a total of: 24 different Tunnel.
Now what i want to know is : how to pass all the 24 tunnels through the Eth2 ?

Thank!
 
sindy
Forum Guru
Forum Guru
Posts: 7925
Joined: Mon Dec 04, 2017 9:19 pm

Re: How to create multiple EoIP tunnels ?

Mon Oct 11, 2021 10:07 pm

Now what i want to know is : how to pass all the 24 tunnels through the Eth2 ?
Supposing I've understood what you actually wanted properly, make a bridge and make eth2 and all the EoIP interfaces member ports if that bridge:

/interface bridge
add name=eoip-bridge

/interface bridge port
add bridge=eoip-bridge interface=ether2
add bridge=eoip-bridge interface=eoip1
..
add bridge=eoip-bridge interface=eoip24


Because to me, "pass all 24 tunnels through ether2" would mean the transport packets of the tunnels should be routed via ether2, but your previous posts suggest that you want to bridge ether2 with the payload of the tunnels.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
morhne
just joined
Posts: 8
Joined: Sat Aug 01, 2020 10:23 pm

Re: How to create multiple EoIP tunnels ?

Tue Oct 12, 2021 12:29 pm

Now what i want to know is : how to pass all the 24 tunnels through the Eth2 ?
Supposing I've understood what you actually wanted properly, make a bridge and make eth2 and all the EoIP interfaces member ports if that bridge:

/interface bridge
add name=eoip-bridge

/interface bridge port
add bridge=eoip-bridge interface=ether2
add bridge=eoip-bridge interface=eoip1
..
add bridge=eoip-bridge interface=eoip24


Because to me, "pass all 24 tunnels through ether2" would mean the transport packets of the tunnels should be routed via ether2, but your previous posts suggest that you want to bridge ether2 with the payload of the tunnels.
Dear Sindy,
1- I want to provide a layer2 circuit to one of my clients and for that i've decided to implement EoIP.
2- Client has 24 remotes sites + HQ
3- I've created the 24 EoIP tunnels with their appropriate infos : remote IP, local IP, tunnel id .....(no issue for that).
4- Each EoIP tunnel at remote site have been bridged with Eth2, meaning that client router will be connected to Eth2 port
5- At the HQ i want to do so. Client router will be connected to Eth2 as well.

Now, to make client traffic passing through Eth2 at HQ, do i have to bridge all 24 EoIP interface with the Eth2? or what has to be done at HQ side to allow client traffic passing through Eth2 port?

Thank !
Last edited by morhne on Thu Oct 14, 2021 2:32 pm, edited 2 times in total.
 
sindy
Forum Guru
Forum Guru
Posts: 7925
Joined: Mon Dec 04, 2017 9:19 pm

Re: How to create multiple EoIP tunnels ?

Tue Oct 12, 2021 1:01 pm

Now, to make client traffic passing through Eth2 at HQ, do i have to bridge all 24 EoIP interface with the Eth2?
Yes, exactly, as suggested above. Add-ons can be applied:
  • if the client eventually wants each BO site to be reachable via a different VLAN at ether2 of the HQ site, you would activate vlan-filtering on the bridge and make the individual EoIP interfaces access ports of the individual VLANs
  • if the client eventually wants all sites in the same LAN segment but he wants the traffic to pass only between ether2 of the HQ site and a particular BO site but not between two BO sites, you can use the bridge horizon function.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
morhne
just joined
Posts: 8
Joined: Sat Aug 01, 2020 10:23 pm

Re: How to create multiple EoIP tunnels ?

Tue Oct 12, 2021 3:34 pm

Now, to make client traffic passing through Eth2 at HQ, do i have to bridge all 24 EoIP interface with the Eth2?
Yes, exactly, as suggested above. Add-ons can be applied:
  • if the client eventually wants each BO site to be reachable via a different VLAN at ether2 of the HQ site, you would activate vlan-filtering on the bridge and make the individual EoIP interfaces access ports of the individual VLANs
  • if the client eventually wants all sites in the same LAN segment but he wants the traffic to pass only between ether2 of the HQ site and a particular BO site but not between two BO sites, you can use the bridge horizon function.
It's clear for me now.
For the bridge horizon function, kindly provide one config example please. I'm not familiar to such configuration. Thank
 
sindy
Forum Guru
Forum Guru
Posts: 7925
Joined: Mon Dec 04, 2017 9:19 pm

Re: How to create multiple EoIP tunnels ?

Tue Oct 12, 2021 3:40 pm

To prevent traffic from being forwarded between two ports of the same bridge, set the same horizon value for both. E.g.:
/interface bridge port set [find where interface~"eoip[23]"] horizon=1
will prevent traffic forwarding between eoip2 and eoip3.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
morhne
just joined
Posts: 8
Joined: Sat Aug 01, 2020 10:23 pm

Re: How to create multiple EoIP tunnels ?

Tue Oct 12, 2021 7:13 pm

To prevent traffic from being forwarded between two ports of the same bridge, set the same horizon value for both. E.g.:
/interface bridge port set [find where interface~"eoip[23]"] horizon=1
will prevent traffic forwarding between eoip2 and eoip3.
It's well noted.

At the HQ, below is the EoIP tunnel config for two sites. Both tunnels are running but cannot send traffic through.
(Do i have to set up horizon on Eth2 please? )

/interface bridge
add admin-mac=2C:C8:1B:1D:2A:96 auto-mac=no comment=defconf name=bridge
add name=bridge_EoIP

/interface eoip
add allow-fast-path=no ipsec-secret=32gT8L104 !keepalive mac-address=\
02:72:13:AF:06:9B mtu=1500 name=eoip_1 remote-address=\
10.31.146.6 tunnel-id=1
add allow-fast-path=no ipsec-secret=6VbzZh105 !keepalive local-address=\
10.31.0.72 mac-address=02:2B:C6:3B:E3:44 mtu=1500 name=eoip_2 \
remote-address=10.31.0.73 tunnel-id=2

/interface bridge port
add bridge=bridge_EoIP horizon=1 interface=ether2
add bridge=bridge_EoIP horizon=1 interface=eoip_2
add bridge=bridge_EoIP horizon=1 interface=eoip_1
 
sindy
Forum Guru
Forum Guru
Posts: 7925
Joined: Mon Dec 04, 2017 9:19 pm

Re: How to create multiple EoIP tunnels ?

Tue Oct 12, 2021 7:38 pm

It may be counter-intuitive, but same horizon value on a pair of ports means that traffic can not be forwarded between them. So set horizon at the ether2 row of /interface bridge port to none and see whether it helps. Or, if you do not need to prevent forwarding from one tunnel to another, set horizon to none everywhere - it was an option, not a mandatory step.

Other than that, since you have disabled keepalive in the EoIP configuration, the EoIP interfaces will indicate to be up (Running) regardless the actual transparency between the peers. So if the traffic doesn't pass through even when horizon is none on all ports, something else is wrong.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
nichky
Forum Veteran
Forum Veteran
Posts: 794
Joined: Tue Jun 23, 2015 2:35 pm

Re: How to create multiple EoIP tunnels ?

Wed Oct 13, 2021 5:24 am

@sindy

correct if i'm working.
Split horizon works only between virtual interfaces

/interface bridge add name=A
/interface bridge port add bridge=A interface=A1toA2 horizon=1
/interface bridge port add bridge=A interface=A1toA3 horizon=1
If both SSIDs are good quality signal, most modern devices choose 5GHz for the speed.
viewtopic.php?f=7&t=176537


!) Safe Mode is your friend;
 
morhne
just joined
Posts: 8
Joined: Sat Aug 01, 2020 10:23 pm

Re: How to create multiple EoIP tunnels ?

Thu Oct 14, 2021 1:33 pm

[*]if the client eventually wants all sites in the same LAN segment but he wants the traffic to pass only between ether2 of the HQ site and a particular BO site but not between two BO sites, you can use the bridge horizon function.[/list]
Dear sindy,

I've checked my configuration again. I'm now able to communicate between HQ LAN and the 24 remote LANs. I didn't yet configure bridge horizon function. But it's fine for me now.

Thank a lot for your support.

Who is online

Users browsing this forum: Baidu [Spider], done411, Peterjump and 56 guests