• No results found

3) Full compliance between the name of the subscriber-service and the name of the service in the message from the AAA server

13.1 Policy-filter-list

14.1.2 Flags in GRE

In EcoRouterOS incapsulation for external header specifies the DF bit to 1 (do not fragmentize). If incoming frame's header contains MF bit set to 1 (fragmentized) or fragment offset bit set to 1 (the last fragment of original frame) the frame will be rejected. In GRE all incoming frames where any of GRE header flags checksum, routing, key, seq number, strict source route or recursion is not 0 will be rejected.

Configuring commands Table 76

Command Description

interface tunnel.<number> Create tunnel interface where the number is arbitrary ip mtu <value> Specify mtu value for interface

ip tunnel <source IP> <destination IP> mode <gre

| ipip>

Specify tunnel's start and finish IP addresses and tunnel's type

EcoRouter User Guide

168 14.1.3 Example of GRE tunnel basic configuring

Figure 21

The tunnel between the ECO-1 and ECO-2 devices will be configured. See the configuration of ECO-1 device below.

Step 1. Interfaces and ports configuring ecorouter>en

ecorouter#conf t

ecorouter(config)#interface e1

ecorouter(config-if)ip add 11.0.0.1/16 ecorouter(config)#interface e2

ecorouter(config-if)ip add 192.168.0.1/24 ecorouter(config)#port te0

ecorouter(config-port)#service-instance te0

ecorouter(config-service-instance)#encapsulation untagged ecorouter(config-service-instance)#connect ip interface e1 ecorouter(config)#port te1

ecorouter(config-port)#service-instance te1

ecorouter(config-service-instance)#encapsulation untagged ecorouter(config-service-instance)#connect ip interface e2

Step 2. Creating tunnel interface named tunnel.0

EcoRouter User Guide

169

ecorouter(config)#interface tunnel.0 Step 3. Spepcifying IP address

ecorouter(config-if)#ip add 172.16.0.1/16 Step 4. Specifying MTU value

ecorouter(config-if)#ip mtu 1400

Step 5. Specifying GRE tunnel mode and tunnel's start and finish IP addresses ecorouter(config-if)#ip tunnel 11.0.0.1 12.0.0.2 mode gre

Step 6. Configuring traffic routeing into tunnel

ecorouter(config)#ip route 12.0.0.0/8 11.0.0.2

ecorouter(config)#ip route 192.168.200.0/24 172.16.0.2 The second device must be configured analogically.

14.1.4 Show commands

Use the show interface tunnel.<TUNNEL_NUMBER> command to show the tunnel's state.

For the configuration above the following result will be shown:

ecorouter#sh int tunnel.0

Interface tunnel.0 is up, line protocol is up Ethernet address: 0000.ab27.8404

MTU: 1400

Tunnel source: 11.0.0.1 Tunnel destination: 12.0.0.2 Tunnel mode: GRE

ICMP redirection is on

<UP,BROADCAST,RUNNING,NOARP,MULTICAST>

inet 172.16.0.1/16 broadcast 172.16.255.255/16 total input packets 0, bytes 0

total output packets 0, bytes 0

14.2 IP in IP

IP in IP is a tunnelling mechanism which allows to put one IP packet into another.

The tunneling process is to add another one IP header to a standard IP packet. In the upper header will contain tunnel's start and finish IP addresses. After the packet has come into the tunnel finish router the upper header will be removed, the packet will be transmitted further with an ordinary inner IP header.

Figure 22

EcoRouter User Guide

170 14.2.1 MTU in IP in IP

The typical dimension of MTU for L3 interface is 1500 bytes. When the service header is added new requirements for MTU value when transmitting packet appear. The IP in IP header has a size of 20 bytes, IP packet's header is 20 bytes, thus it is necessary to specify the maximum size of MTU on tunnel interfaces less than the standard Ethternet value.

14.2.2 Flags in IP in IP

In EcoRouterOS incapsulation for external header specifies the DF bit to 1 (do not fragmentize).

If incoming frame's header contains MF bit set to 1 (fragmentized) or fragment offset bit set to 1 (the last fragment of original frame) the frame will be rejected.

Configuring commands Table 77

Command Description

interface tunnel.<number> Create tunnel interface where the number is arbitrary ip mtu <value> Specify mtu value for interface

ip tunnel <source IP> <destination IP> mode <gre

| ipip>

Specify tunnel's start and finish IP addresses and tunnel's type

EcoRouter User Guide

171 14.2.3 Example of GRE tunnel basic configuring

Figure 23

The tunnel between the ECO-1 and ECO-2 devices will be configured. See the configuration of ECO-1 device below.

Step 1. Interfaces and ports configuring ecorouter>en

ecorouter#conf t

ecorouter(config)#interface e1

ecorouter(config-if)ip add 11.0.0.1/16 ecorouter(config)#interface e2

ecorouter(config-if)ip add 192.168.0.1/24 ecorouter(config)#port te0

ecorouter(config-port)#service-instance te0

ecorouter(config-service-instance)#encapsulation untagged ecorouter(config-service-instance)#connect ip interface e1 ecorouter(config)#port te1

ecorouter(config-port)#service-instance te1

ecorouter(config-service-instance)#encapsulation untagged ecorouter(config-service-instance)#connect ip interface e2

Step 2. Creating tunnel interface named tunnel.0

EcoRouter User Guide

172

ecorouter(config)#interface tunnel.0 Step 3. Spepcifying IP address

ecorouter(config-if)#ip add 172.16.0.1/16 Step 4. Specifying MTU value

ecorouter(config-if)#ip mtu 1400

Step 5. Specifying GRE tunnel mode and tunnel's start and finish IP addresses ecorouter(config-if)#ip tunnel 11.0.0.1 12.0.0.2 mode ipip

Step 6. Configuring traffic routeing into tunnel

ecorouter(config)#ip route 12.0.0.0/8 11.0.0.2

ecorouter(config)#ip route 192.168.200.0/24 172.16.0.2 The second device must be configured analogically.

EcoRouter User Guide

173 15 Bridging with L3 support

A network bridge (bridge) is a physical or logical device which separates Ethernet collision domains which operates on the two lower levels of OSI network stacks and TCP/IP. The combination of two or more network segments is called a bridging. In simple bridges, broadcast packets are sent to all bridge interfaces; bridges with VLAN support can limit broadcast domains by separate interfaces. The VLAN ID in these bridges must be unique within the device. A broadcast domain limited by VLAN has received a VLAN bridge domain name in the IEEE 802.1Q/802.1ad standards.

With the development of provider technologies, a need to limit the uniqueness of VLAN ID by a separate port has appeared. This feature was provided by the concept of EVC (Ethernet Virtual Connection), in which the broadcast L2 domain is no longer tied to VLAN. The EVC bridge domain combines virtual L2 interfaces, which are called service instances (SI). The L3 interface for linking L2 and L3 domains in traditional bridges is called SVI or BVI, in EVC bridge domains it is called BDI (Bridge Domain Interface).

The diagrams of the processes occuring when frames are transferred between L2 and L3 domains involving BDI in both directions are shown in the figure below.

Figure 24

15.1 Configuration

A bridge creation command:

ecorouter(config)#bridge <NAME>

where <NAME> is an arbitrary name allowed in EcoRouterOS.

Bridge domain is created in service instance configuration context:

ecorouter(config-service-instance)#

EcoRouter User Guide

174

The relevant commands are shown in the table below.

Table 78

Command Description

encapsulation {default|dot1q|untagged} Configure incapsulation (tagging) for external traffic rewrite {pop|push|translate} Translation of encapsulation when sent to the bridge connect bridge <NAME> Connect to the previously created bridge

Tagging (encapsulation) can be arbitrary (see the "Tag operations for the service instances"

section), and, as mentioned above, the VLAN ID of the service interface on one port can be the same as the VLAN ID of the service interface on the other port, and it will be different VLANs, as long as these SIs are in different bridge domains. Bridge-domain on the bridge is formed by the service interfaces connected to it with the same encapsulation value on the bridge. This value is set by the commands encapsulation and rewrite. Only in this case, a bridging is possible between them. For example, if Q-in-Q tagging is specified on one service interface:

ecorouter(config-service-instance)#encapsulation dot1q 30 second-dot1q 40

and on another (from the same bridge domain) is set the following:

ecorouter(config-service-instance)#encapsulation dot1q 20

then for bridging between them, for example, on the first the following command can be used:

ecorouter(config-service-instance)#rewrite translate 2-to-1 20