Open In App

Ethernet Over Internet Protocol (EoIP)

Last Updated : 06 Oct, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Ethernet over IP (EoIP) Tunnelling is a MikroTik RouterOS technique that constructs an Ethernet tunnel between two routers on top of an IP connection based on GRE RFC 1701. The EoIP tunnel can be used in conjunction with an IPIP tunnel, a PPTP tunnel, or any other IP-capable connection.

When the router’s bridging capability is active, all Ethernet traffic (all Ethernet protocols) is bridged as if there were a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol enables a variety of network schemes.

Network Setups with EoIP Interfaces

  • Possibility to bridge LANs over the Internet
  • Possibility to bridge LANs over encrypted tunnels
  • Possibility to bridge LANs over 802.11b ‘ad-hoc’ wireless networks

Like PPTP, the EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets and transfers them to the remote side of the EoIP tunnel.

Property Description

Property

Description
Allow-fast-path (yes | no; Default: yes) Whether to allow FastPath processing. Must be disabled if IPsec tunneling is used.
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled)

Mode of the Address Resolution Protocol.

  1. The interface will not use ARP if this option is deactivated.
  2. enabled indicates that the interface will utilise ARP.
  3. proxy-arp indicates that the interface will use the ARP proxy capability.
  4. The interface will only respond to requests that originate from matching IP address/MAC address combinations that are entered as static entries in the “/ip arp” database. There will be no dynamic entries kept in the “/ip arp” database. As a result, for communications to succeed, a valid static entry must already exist.
arp-timeout (integer[/time]; Default: auto) Time interval during which ARP entries should time out.
clamp-tcp-mss (yes | no; Default: yes)

Changes whether the MSS size for received TCP SYN packets is changed. When enabled, a router will adjust the MSS size for incoming TCP SYN packets if the current MSS size is larger than the tunnel interface MTU (after accounting for TCP/IP overhead).The received encapsulated packet will still contain the original MSS, and the MSS will be modified only after decapsulation.
comment (string; Default: ) Short description of the interface.
disabled (yes | no; Default: no) If an item is disabled.
dont-fragment (inherit | no; Default: no) Whether the DF bit should be included in associated packets.
dscp (integer: 0-63; Default: inherited) The packet’s DSCP value. The inherited option specifies that the dscp value shall be inherited from the encapsulated packet.
ipsec-secret (string; Default: )

When secret is supplied, the router adds a dynamic IPsec peer to remote-address with a pre-shared key and policy (by default, phase2 uses sha1/aes128cbc).

 
keepalive (integer[/time],integer 0..4294967295; Default: 10s,10)

The tunnel keepalive parameter specifies the time interval during which the tunnel running flag remains even if the remote end of the tunnel fails. If the configured number of retries fails, the interface operating flag is deactivated. KeepaliveInterval,KeepaliveRetries are the parameters, where KeepaliveInterval is the time interval and KeepaliveRetries is the number of retry attempts. Keepalive is set to 10 seconds and 10 retries by default.
l2mtu (integer; read-only) Layer2 The most powerful gearbox unit. EoIP is not customizable. RouterOS’ MTU
local-address (IP; Default: ) Source address of the tunnel packets, local on the router.
loop-protect loop protection in EoIP may vary depending on the equipment and technologies used.
loop-protect-disable-time

“loop-protect-disable-time” is not a standard or widely recognized term in the context of Ethernet over Internet Protocol (EoIP) or Ethernet networking in general. It appears to be a specific configuration or parameter related to a particular networking device, software, or vendor’s implementation, but it’s not a standard term in Ethernet or EoIP technology.
loop-protect-send-interval

“loop-protect-send-interval” is not a standard or widely recognized term in the context of Ethernet over Internet Protocol (EoIP) or Ethernet networking in general. It appears to be a specific configuration or parameter related to a particular networking device, software, or vendor’s implementation, but it’s not a standard term in Ethernet or EoIP technology.
mac-address (MAC; Default: ) An interface’s Media Access Control number. The authority in charge of address digitization IANA freely permits the use of MAC addresses in the range 00:00:5E:80:00:00 – 00:00:5E:FF:FF:FF.
mtu (integer; Default: auto) Layer3 Maximum transmission unit
name (string; Default: ) Interface name
remote-address (IP; Default: ) IP address of remote end of EoIP tunnel
tunnel-id (integer: 65536; Default: ) Unique tunnel identifier, which must match other side of the tunnel

Configuration

A tunnel can be identified using the tunnel-id parameter. Each EoIP tunnel must have its own.

EoIP tunnels add at least 42 bytes of overhead (8byte GRE + 14byte Ethernet + 20byte IP). MTU should be set to 1500 to minimise packet fragmentation inside the tunnel (this enables transparent bridging of Ethernet-like networks, allowing full-sized Ethernet frames to be transported via the tunnel).

Setting distinct MAC addresses for each tunnel is strongly advised for bridging EoIP tunnels in order for the bridge algorithms to function properly. You can utilise the MAC addresses that IANA has set aside in the range 00:00:5E:80:00:00-00:00:5E:FF:FF:FF for EoIP interfaces. Alternately, you can adjust the second bit of the first byte to change the automatically issued address into a “locally administered address,” assigned by the network administrator. To do this, you can use any MAC address; all you need to do is make sure each host connected to a bridge has a different MAC address.

Two networks: 'Station' and 'AP'. By using EoIP setup can be made so that Station and AP LANs are in the same Layer2 broadcast domain.

Two networks: ‘Station’ and ‘AP’. By using EoIP setup can be made so that Station and AP LANs are in the same Layer2 broadcast domain.

Note: Make sure both MikroTik routers have functioning IP connectivity to each other over the Internet or the IP network.

Example

Let’s imagine that we want to connect “Station” and “AP,” two different networks. Station and AP LANs can be configured to be in the same Layer 2 broadcast domain using EoIP.

Think about the configuration below:

At first, we create an EoIP tunnel on our AP

/interface eoip add name="eoip-remote" tunnel-id=0 remote-address=10.0.0.2 disabled=no

Verify the Interface is Created

[admin@AP] > /interface eoip print
Flags: X - disabled; R - running
 0  R name="eoip-remote" mtu=auto actual-mtu=1458 l2mtu=65535 mac-address=FE:A5:6C:3F:26:C5 arp=enabled
      arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s
      loop-protect-disable-time=5m local-address=0.0.0.0 remote-address=10.0.0.2 tunnel-id=0
      keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes

Station router

/interface eoip add name="eoip-main" tunnel-id=0 remote-address=10.0.0.1 disabled=no

Verify the interface is created

[admin@Station] >  /interface eoip print
Flags: X - disabled; R - running
 0  R name="eoip-main" mtu=auto actual-mtu=1458 l2mtu=65535 mac-address=FE:4B:71:05:EA:8B arp=enabled
      arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s
      loop-protect-disable-time=5m local-address=0.0.0.0 remote-address=10.0.0.1 tunnel-id=0
      keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes

Next, we will bridge local interfaces with EoIP tunnel on our AP. If you already have a local bridge interface, simply add EoIP interface to it

/interface bridge port add bridge=bridge1 interface=eoip-remote

The bridge port list should list all local LAN interfaces and the EoIP interface

[admin@AP] > /interface bridge port print
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
#  INTERFACE                BRIDGE          HW              PVID      PRIORITY                  PATH-COST               INTERNAL-PATH-COST  HORIZON
0 H ether2                       bridge1         yes                   1                0x80                           10                                                 10  none  
1  H ether3                       bridge1         yes                   1                0x80                           10                                                 10  none   
2  eoip-remote               bridge1         yes                   1                0x80                           10                                                 10  none

On Station router, if you do not have a local bridge interface, create a new bridge and add both EoIP and local LAN interfaces to it

/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=eoip-main

Verify the bridge port section

[admin@Station] > /interface bridge port print
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
#    INTERFACE     BRIDGE         HW          PVID        PRIORITY      PATH-COST              INTERNAL-PATH-COST     HORIZON
0  H ether2            bridge1          yes            1                  0x80               10                                                               10        none   
2    eoip-main       bridge1          yes            1                  0x80               10                                                               10        none

Both locations are now in the same Layer 2 broadcast domain. IP addresses from the same network can be assigned to both sites.

Frequently Asked Questions

Q.1: What is EoIP (Ethernet over Internet Protocol)?

Answer:

EoIP is a networking technology that allows Ethernet frames to be transmitted over an Internet Protocol (IP) network. It is used to extend Ethernet networks over long distances or across different physical locations using an IP-based infrastructure.

Q.2: What is the purpose of EoIP?

Answer:

EoIP is used to connect remote Ethernet networks over an IP network, such as the Internet, to enable communication between distant LANs or to provide access to resources in remote locations.

Q.3: What are some common use cases for EoIP?

Answers:

  1. Connecting remote offices or branch locations to a central office network.
  2. Interconnecting data centers for workload migration and redundancy.
  3. Extending LANs to cloud services or virtual private clouds (VPCs) over the Internet.
  4. Providing Ethernet-like services over Internet Service Provider (ISP) networks.


Like Article
Suggest improvement
Next
Exterior Gateway Protocol (EGP)
Share your thoughts in the comments

Similar Reads

Difference between Fast Ethernet and Gigabit Ethernet
Difference between Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP)
Voice over Internet Protocol (VoIP)
What is Power Over Ethernet (POE)?
internet vs Internet
Internet Protocol Authentication Header
Internet Telephony Protocol | H.323
Types of ICMP (Internet Control Message Protocol) Messages
What is IGMP(Internet Group Management Protocol)?
IPsec (Internet Protocol Security) Tunnel and Transport Modes
author
abhasonkar01
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox