Tunnel & VPNTunnel & VPN
VPN BenefitsVPN Benefits
 Enable communications between corporateEnable communications between corporate
 private LANs o...
Jenis Tunnel dan VPNJenis Tunnel dan VPN
 IPIPIPIP
 EoIPEoIP
 PPPoEPPPoE
 PPTPPPTP
 IPSecIPSec
 VlanVlan
 L2TPL2TP
...
VLANVLAN
 VLAN is an implementation of the 802.1QVLAN is an implementation of the 802.1Q
VLAN protocol for MikroTik Route...
Vlan NetworkVlan Network
Konfigurasi VlanKonfigurasi Vlan
 On the Router 1On the Router 1
 [nico@router1] interface vlan> add name=test[nico@rout...
 On the Router 2On the Router 2
 [nico@router2] interface vlan> add name=test1 vlan-[nico@router2] interface vlan> add n...
Ethernet over IPEthernet over IP
 MikroTik proprietary protocol.MikroTik proprietary protocol.
 Simple in configurationS...
Membuat Tunnel EoIPMembuat Tunnel EoIP
 Check that you are able to ping remote addressCheck that you are able to ping remote address
before creating a tunnel to...
EoIP and BridgingEoIP and Bridging
 EoIP Interface can be bridged with any otherEoIP Interface can be bridged with any ot...
Konfigurasi EoIPKonfigurasi EoIP
Seting AP di router 1Seting AP di router 1
Create IP addressCreate IP address
Create Eoip InterfaceCreate Eoip Interface
Create BridgeCreate Bridge
Create Bridge PortCreate Bridge Port
View InterfaceView Interface
Konfigurasi Router 2Konfigurasi Router 2
 Create station di wlan1Create station di wlan1
Create ip addressCreate ip address
Create EoIPCreate EoIP
Create BridgeCreate Bridge
Create Bridge PortCreate Bridge Port
View interfaceView interface
Tes KonfigurasiTes Konfigurasi
 Tambahkan ip address di laptop satu kelasTambahkan ip address di laptop satu kelas
dengan...
Hasil TesHasil Tes
Workshop EoIPWorkshop EoIP
 Create EOIP tunnel with your neighbor(s)Create EOIP tunnel with your neighbor(s)
Transfer to ...
/32 IP Addresses/32 IP Addresses
 IP addresses are added to the tunnel interfacesIP addresses are added to the tunnel int...
EoIP and /30 RoutingEoIP and /30 Routing
EoIP and /32 RoutingEoIP and /32 Routing
Local User DatabaseLocal User Database
 PPP ProfilePPP Profile
 PPP SecretPPP Secret
Point-to-Point protocol tunnelsPoint-to-Point protocol tunnels
 A little bit sophisticated in configurationA little bit s...
PPP SecretPPP Secret
 PPP secret (aka local PPP user database) stores PPPPPP secret (aka local PPP user database) stores ...
PPP SecretPPP Secret
PPP Profile and IP PoolsPPP Profile and IP Pools
 PPP profiles define default values for userPPP profiles define default ...
PPP ProfilePPP Profile
Change TCP MSSChange TCP MSS
 Big 1500 byte packets have problems goingBig 1500 byte packets have problems going
trought ...
PPTP & L2TPPPTP & L2TP
 Point-to-Point Tunnelling ProtocolPoint-to-Point Tunnelling Protocol
 PPTP uses TCP port 1723 an...
L2TP TunnelsL2TP Tunnels
 PPTP and L2TP have mostly the samePPTP and L2TP have mostly the same
functionalityfunctionality...
L2TP AplicationL2TP Aplication
 secure router-to-router tunnels over the Internetsecure router-to-router tunnels over the...
Creating PPTP/L2TP ClientCreating PPTP/L2TP Client
Creating PPTP/L2TP serverCreating PPTP/L2TP server
PPTP Client LabPPTP Client Lab
 Create PPTP clientCreate PPTP client
 Server Address:10.1.2.1Server Address:10.1.2.1
 U...
Network L2TPNetwork L2TP
Konfigurasi ScriptKonfigurasi Script
 On Router 1On Router 1
 Enable the L2TP serverEnable the L2TP server
 [admin@L2TP...
Konfigurasi ScriptKonfigurasi Script
 On Router 2On Router 2
 Add a L2TP client:Add a L2TP client:
 admin@L2TP-Client] ...
Monitoring L2TP ClientMonitoring L2TP Client
 Example of an established connectionExample of an established connection
 ...
User Access ControlUser Access Control
 Controlling the HardwareControlling the Hardware
 Static IP and ARP entriesStati...
PPPoEPPPoE
 Point-to-Point Protocol over EthernetPoint-to-Point Protocol over Ethernet
 PPPoE works in OSI 2nd (data lin...
PPPoE clientPPPoE client
PPPoE Client LabPPPoE Client Lab
 Create PPTP clientCreate PPTP client
 Interface: wlan1Interface: wlan1
 Service:pppoe...
PPPoE Client StatusPPPoE Client Status
 Check your PPPoE connectionCheck your PPPoE connection
 Is the interface enabled...
PPPoE Lab with EncryptionPPPoE Lab with Encryption
 The PPPoE access concentrator is changed toThe PPPoE access concentra...
PPPoE ServerPPPoE Server
 PPPoE server accepts PPPoE clientPPPoE server accepts PPPoE client
connections on a given inter...
Creating PPPoE serverCreating PPPoE server
Workshop PPPoEWorkshop PPPoE
KonfigurasiKonfigurasi
 Set AP Bridge ModeSet AP Bridge Mode
 Set IP AddressSet IP Address
 Set IP RouteSet IP Route
 ...
PPP interface BridgingPPP interface Bridging
 PPP BCP (Bridge Control Protocol)PPP BCP (Bridge Control Protocol)
 PPP MP...
PPP Bridge Control ProtocolPPP Bridge Control Protocol
 RouterOS now have BCP support for allRouterOS now have BCP suppor...
Setting up BCPSetting up BCP
 You must specify bridge option in the ppp profiles onYou must specify bridge option in the ...
PPP Bridging ProblemPPP Bridging Problem
 PPP interface MTU is smaller than standard EthernetPPP interface MTU is smaller...
PPP Multi-link ProtocolPPP Multi-link Protocol
 PPP Multi-link Protocol allows to open multiplePPP Multi-link Protocol al...
PPP Multi-link ProtocolPPP Multi-link Protocol
Tunnel & vpn1
Tunnel & vpn1
Tunnel & vpn1
Upcoming SlideShare
Loading in...5
×

Tunnel & vpn1

3,575

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,575
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
521
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Tunnel & vpn1

  1. 1. Tunnel & VPNTunnel & VPN
  2. 2. VPN BenefitsVPN Benefits  Enable communications between corporateEnable communications between corporate  private LANs overprivate LANs over  Public networksPublic networks  Leased linesLeased lines  Wireless linksWireless links  Corporate resources (e-mail, servers, printers)Corporate resources (e-mail, servers, printers) can be accessed securely by users havingcan be accessed securely by users having granted access rights from outside (home,granted access rights from outside (home, while travelling, etc.)while travelling, etc.)
  3. 3. Jenis Tunnel dan VPNJenis Tunnel dan VPN  IPIPIPIP  EoIPEoIP  PPPoEPPPoE  PPTPPPTP  IPSecIPSec  VlanVlan  L2TPL2TP  OVPNOVPN
  4. 4. VLANVLAN  VLAN is an implementation of the 802.1QVLAN is an implementation of the 802.1Q VLAN protocol for MikroTik RouterOSVLAN protocol for MikroTik RouterOS  A VLAN is a logical grouping that allows endA VLAN is a logical grouping that allows end users to communicate as if they wereusers to communicate as if they were physically connected to a single isolated LAN.physically connected to a single isolated LAN.  As VLAN works on OSI Layer 2,As VLAN works on OSI Layer 2,
  5. 5. Vlan NetworkVlan Network
  6. 6. Konfigurasi VlanKonfigurasi Vlan  On the Router 1On the Router 1  [nico@router1] interface vlan> add name=test[nico@router1] interface vlan> add name=test vlan-id=32 interface=ether1vlan-id=32 interface=ether1  [nico@router1] ip address> add[nico@router1] ip address> add address=10.10.10.1/24 interface=testaddress=10.10.10.1/24 interface=test  [nico@router1] ip address> /ping 10.10.10.1[nico@router1] ip address> /ping 10.10.10.1 10.10.10.1 64 byte pong: ttl=255 time=3 ms10.10.10.1 64 byte pong: ttl=255 time=3 ms 10.10.10.1 64 byte pong: ttl=255 time=4 ms10.10.10.1 64 byte pong: ttl=255 time=4 ms
  7. 7.  On the Router 2On the Router 2  [nico@router2] interface vlan> add name=test1 vlan-[nico@router2] interface vlan> add name=test1 vlan- id=32 interface=ether1id=32 interface=ether1  [nico@router2] ip address> add address=10.10.10.2/24[nico@router2] ip address> add address=10.10.10.2/24 interface=test1interface=test1  [nico@router2] ip address> /ping 10.10.10.2[nico@router2] ip address> /ping 10.10.10.2 10.10.10.2 64 byte pong: ttl=255 time=3 ms10.10.10.2 64 byte pong: ttl=255 time=3 ms 10.10.10.2 64 byte pong: ttl=255 time=4 ms10.10.10.2 64 byte pong: ttl=255 time=4 ms
  8. 8. Ethernet over IPEthernet over IP  MikroTik proprietary protocol.MikroTik proprietary protocol.  Simple in configurationSimple in configuration  Don't have authentication or data encryptionDon't have authentication or data encryption capabilitiescapabilities  Encapsulates Ethernet frames into IP protocolEncapsulates Ethernet frames into IP protocol 47/gre packets, thus EOIP is capable to carry47/gre packets, thus EOIP is capable to carry MAC-addressesMAC-addresses  EOIP is a tunnel with bridge capabilitiesEOIP is a tunnel with bridge capabilities
  9. 9. Membuat Tunnel EoIPMembuat Tunnel EoIP
  10. 10.  Check that you are able to ping remote addressCheck that you are able to ping remote address before creating a tunnel to itbefore creating a tunnel to it  Make sure that your EOIP tunnel will haveMake sure that your EOIP tunnel will have unique MAC-address (it should be fromunique MAC-address (it should be from EF:xx:xx:xx:xx:xx range)EF:xx:xx:xx:xx:xx range)  Tunnel ID on both ends of the EOIP tunnelTunnel ID on both ends of the EOIP tunnel must be the same – it helps to separate onemust be the same – it helps to separate one tunnel from othertunnel from other
  11. 11. EoIP and BridgingEoIP and Bridging  EoIP Interface can be bridged with any otherEoIP Interface can be bridged with any other  EoIP or Ethernet-like interface. Main use ofEoIP or Ethernet-like interface. Main use of EoIP tunnels is to transparently bridge remoteEoIP tunnels is to transparently bridge remote networks.networks.  EoIP protocol does not provide dataEoIP protocol does not provide data encryption,therefore it should be run overencryption,therefore it should be run over encrypted tunnel interface, e.g., PPTP orencrypted tunnel interface, e.g., PPTP or PPPoE, if high security is required.PPPoE, if high security is required.
  12. 12. Konfigurasi EoIPKonfigurasi EoIP
  13. 13. Seting AP di router 1Seting AP di router 1
  14. 14. Create IP addressCreate IP address
  15. 15. Create Eoip InterfaceCreate Eoip Interface
  16. 16. Create BridgeCreate Bridge
  17. 17. Create Bridge PortCreate Bridge Port
  18. 18. View InterfaceView Interface
  19. 19. Konfigurasi Router 2Konfigurasi Router 2  Create station di wlan1Create station di wlan1
  20. 20. Create ip addressCreate ip address
  21. 21. Create EoIPCreate EoIP
  22. 22. Create BridgeCreate Bridge
  23. 23. Create Bridge PortCreate Bridge Port
  24. 24. View interfaceView interface
  25. 25. Tes KonfigurasiTes Konfigurasi  Tambahkan ip address di laptop satu kelasTambahkan ip address di laptop satu kelas dengan ip internetdengan ip internet  Ping gateway melalui network EoIP yang telahPing gateway melalui network EoIP yang telah dibuat.dibuat.
  26. 26. Hasil TesHasil Tes
  27. 27. Workshop EoIPWorkshop EoIP  Create EOIP tunnel with your neighbor(s)Create EOIP tunnel with your neighbor(s) Transfer to /22 private networks – this wayTransfer to /22 private networks – this way youyou  will be in the same network with yourwill be in the same network with your neighbor,and local addresses will remain theneighbor,and local addresses will remain the samesame  Bridge your private networks via EoIPBridge your private networks via EoIP
  28. 28. /32 IP Addresses/32 IP Addresses  IP addresses are added to the tunnel interfacesIP addresses are added to the tunnel interfaces  Use /30 network to save address space, forUse /30 network to save address space, for  example:example:  10.1.6.1/30 and 10.1.6.2/30 from network10.1.6.1/30 and 10.1.6.2/30 from network  10.1.6.0/3010.1.6.0/30  It is possible to use point to point addressing,It is possible to use point to point addressing,  for example:for example:  10.1.6.1/32, network 10.1.7.110.1.6.1/32, network 10.1.7.1  10.1.7.1/32, network 10.1.6.110.1.7.1/32, network 10.1.6.1
  29. 29. EoIP and /30 RoutingEoIP and /30 Routing
  30. 30. EoIP and /32 RoutingEoIP and /32 Routing
  31. 31. Local User DatabaseLocal User Database  PPP ProfilePPP Profile  PPP SecretPPP Secret
  32. 32. Point-to-Point protocol tunnelsPoint-to-Point protocol tunnels  A little bit sophisticated in configurationA little bit sophisticated in configuration  Capable of authentication and data encryptionCapable of authentication and data encryption  Such tunnels are:Such tunnels are:  PPPoE (Point-to-Point Protocol over Ethernet)PPPoE (Point-to-Point Protocol over Ethernet)  PPTP (Point-to-Point Tunneling Protocol)PPTP (Point-to-Point Tunneling Protocol)  L2TP (Layer 2 Tunneling Protocol)L2TP (Layer 2 Tunneling Protocol)  You should create user information beforeYou should create user information before  creating any tunnelscreating any tunnels
  33. 33. PPP SecretPPP Secret  PPP secret (aka local PPP user database) stores PPPPPP secret (aka local PPP user database) stores PPP user access recordsuser access records  Make notice that user passwords are displayed in theMake notice that user passwords are displayed in the plain text – anyone who has access to the router areplain text – anyone who has access to the router are able to see all passwordsable to see all passwords  It is possible to assign specific /32 address to bothIt is possible to assign specific /32 address to both ends of the PPTP tunnel for this userends of the PPTP tunnel for this user  Settings inSettings in /ppp secret/ppp secret user database overrideuser database override correspondingcorresponding /ppp profile/ppp profile settingssettings
  34. 34. PPP SecretPPP Secret
  35. 35. PPP Profile and IP PoolsPPP Profile and IP Pools  PPP profiles define default values for userPPP profiles define default values for user access records stored underaccess records stored under /ppp secret/ppp secret submenusubmenu  PPP profiles are used for more than 1 user soPPP profiles are used for more than 1 user so there must be more than 1 IP address to givethere must be more than 1 IP address to give out - we should use IP pool as “Remoteout - we should use IP pool as “Remote address” valueaddress” value  Value “default” means – if option is comingValue “default” means – if option is coming from RADIUS server it won't be overridedfrom RADIUS server it won't be overrided
  36. 36. PPP ProfilePPP Profile
  37. 37. Change TCP MSSChange TCP MSS  Big 1500 byte packets have problems goingBig 1500 byte packets have problems going trought the tunnels because:trought the tunnels because:  Standard Ethernet MTU is 1500 bytesStandard Ethernet MTU is 1500 bytes  PPTP and L2TP tunnel MTU is 1460 bytesPPTP and L2TP tunnel MTU is 1460 bytes  PPPOE tunnel MTU is 1488 bytesPPPOE tunnel MTU is 1488 bytes  By enabling “change TCP MSS option,By enabling “change TCP MSS option, dynamic mangle rule will be created for eachdynamic mangle rule will be created for each active user to ensure right size of TCP packets,active user to ensure right size of TCP packets, so they will be able to go through the tunnelso they will be able to go through the tunnel
  38. 38. PPTP & L2TPPPTP & L2TP  Point-to-Point Tunnelling ProtocolPoint-to-Point Tunnelling Protocol  PPTP uses TCP port 1723 and IP protocol 47/ GREPPTP uses TCP port 1723 and IP protocol 47/ GRE  There is a PPTP-server and PPTP-clientsThere is a PPTP-server and PPTP-clients  PPTP clients are available for and/or included inPPTP clients are available for and/or included in almost all OSalmost all OS  You must use PPTP and GRE “NAT helpers” toYou must use PPTP and GRE “NAT helpers” to connect to any public PPTP server from your privateconnect to any public PPTP server from your private masqueraded networkmasqueraded network
  39. 39. L2TP TunnelsL2TP Tunnels  PPTP and L2TP have mostly the samePPTP and L2TP have mostly the same functionalityfunctionality  L2TP traffic uses UDP port 1701 only for linkL2TP traffic uses UDP port 1701 only for link establishment, further traffic is using anyestablishment, further traffic is using any available UDP portavailable UDP port  L2TP don't have problems with NATed clientsL2TP don't have problems with NATed clients – it don't required “NAT helpers”– it don't required “NAT helpers”  Configuration of the both tunnels are identicalConfiguration of the both tunnels are identical in RouterOSin RouterOS
  40. 40. L2TP AplicationL2TP Aplication  secure router-to-router tunnels over the Internetsecure router-to-router tunnels over the Internet  linking (bridging) local Intranets or LANs (inlinking (bridging) local Intranets or LANs (in cooperation with EoIP)cooperation with EoIP)  extending PPP user connections to a remote locationextending PPP user connections to a remote location (for example, to separate authentication and Internet(for example, to separate authentication and Internet access points for ISP)access points for ISP)  accessing an Intranet/LAN of a company for remoteaccessing an Intranet/LAN of a company for remote (mobile) clients (employees)(mobile) clients (employees)
  41. 41. Creating PPTP/L2TP ClientCreating PPTP/L2TP Client
  42. 42. Creating PPTP/L2TP serverCreating PPTP/L2TP server
  43. 43. PPTP Client LabPPTP Client Lab  Create PPTP clientCreate PPTP client  Server Address:10.1.2.1Server Address:10.1.2.1  User: adminUser: admin  Password: adminPassword: admin  Add default route = yesAdd default route = yes  Make necessary adjustments to access theMake necessary adjustments to access the internetinternet
  44. 44. Network L2TPNetwork L2TP
  45. 45. Konfigurasi ScriptKonfigurasi Script  On Router 1On Router 1  Enable the L2TP serverEnable the L2TP server  [admin@L2TP-Server] interface l2tp-server[admin@L2TP-Server] interface l2tp-server server> set enabled=yesserver> set enabled=yes  Add a L2TP user:Add a L2TP user:  [admin@L2TP-Server] ppp secret> add[admin@L2TP-Server] ppp secret> add name=james password=pass ... local-name=james password=pass ... local- address=10.0.0.1 remote-address=10.0.0.2address=10.0.0.1 remote-address=10.0.0.2
  46. 46. Konfigurasi ScriptKonfigurasi Script  On Router 2On Router 2  Add a L2TP client:Add a L2TP client:  admin@L2TP-Client] interface l2tp-client> addadmin@L2TP-Client] interface l2tp-client> add user=james password=pass ... connect-user=james password=pass ... connect- to=10.5.8.104to=10.5.8.104
  47. 47. Monitoring L2TP ClientMonitoring L2TP Client  Example of an established connectionExample of an established connection  [admin@MikroTik] interface l2tp-client>[admin@MikroTik] interface l2tp-client> monitor test2monitor test2 status: "connected"status: "connected" uptime: 4m27suptime: 4m27s encoding: "MPPE128 stateless"encoding: "MPPE128 stateless"
  48. 48. User Access ControlUser Access Control  Controlling the HardwareControlling the Hardware  Static IP and ARP entriesStatic IP and ARP entries  DHCP for assigning IP addresses and managingDHCP for assigning IP addresses and managing ARP entriesARP entries  Controlling the UsersControlling the Users  PPPoE requires PPPoE client configurationPPPoE requires PPPoE client configuration  HotSpot redirects client request to the sign-up pageHotSpot redirects client request to the sign-up page  PPTP requires PPTP client configurationPPTP requires PPTP client configuration
  49. 49. PPPoEPPPoE  Point-to-Point Protocol over EthernetPoint-to-Point Protocol over Ethernet  PPPoE works in OSI 2nd (data link) layerPPPoE works in OSI 2nd (data link) layer  PPPoE is used to hand out IP addresses to clientsPPPoE is used to hand out IP addresses to clients based on the user authenticationbased on the user authentication  PPPoE requires a dedicated access concentratorPPPoE requires a dedicated access concentrator (server), which PPPoE clients connect to.(server), which PPPoE clients connect to.  Most operating systems have PPPoE client software.Most operating systems have PPPoE client software. Windows XP has PPPoE client installed by defaultWindows XP has PPPoE client installed by default
  50. 50. PPPoE clientPPPoE client
  51. 51. PPPoE Client LabPPPoE Client Lab  Create PPTP clientCreate PPTP client  Interface: wlan1Interface: wlan1  Service:pppoeService:pppoe  User: adminUser: admin  Password: adminPassword: admin  Add default route = yesAdd default route = yes  Make necessary adjustments to access theMake necessary adjustments to access the internetinternet
  52. 52. PPPoE Client StatusPPPoE Client Status  Check your PPPoE connectionCheck your PPPoE connection  Is the interface enabled?Is the interface enabled?  Is it “connected” and running (R)?Is it “connected” and running (R)?  Is there a dynamic (D) IP address assigned to theIs there a dynamic (D) IP address assigned to the  pppoe client interface in the IP Address list?pppoe client interface in the IP Address list?  What are the netmask and the network address?What are the netmask and the network address?  What routes do you have on the pppoe clientWhat routes do you have on the pppoe client interface?interface?  See the “Log” for troubleshooting!See the “Log” for troubleshooting!
  53. 53. PPPoE Lab with EncryptionPPPoE Lab with Encryption  The PPPoE access concentrator is changed toThe PPPoE access concentrator is changed to use encryption nowuse encryption now  You should use encryption, eitherYou should use encryption, either  change the ppp profile used for the pppoe client tochange the ppp profile used for the pppoe client to default-encryption', or,default-encryption', or,  modify the ppp profile used for the pppoe client tomodify the ppp profile used for the pppoe client to use encryptionuse encryption  See if you get the pppoe connection runningSee if you get the pppoe connection running
  54. 54. PPPoE ServerPPPoE Server  PPPoE server accepts PPPoE clientPPPoE server accepts PPPoE client connections on a given interfaceconnections on a given interface  Clients can be authenticated againstClients can be authenticated against  the local user database (ppp secrets)the local user database (ppp secrets)  a remote RADIUS servera remote RADIUS server  a remote or a local MikroTik User Managera remote or a local MikroTik User Manager databasedatabase  Clients can have automatic data rate limitationClients can have automatic data rate limitation according to their profileaccording to their profile
  55. 55. Creating PPPoE serverCreating PPPoE server
  56. 56. Workshop PPPoEWorkshop PPPoE
  57. 57. KonfigurasiKonfigurasi  Set AP Bridge ModeSet AP Bridge Mode  Set IP AddressSet IP Address  Set IP RouteSet IP Route  Set PPPoE server in Wifi InterfaceSet PPPoE server in Wifi Interface  Set up PPPoE Client ( PPP Secret )Set up PPPoE Client ( PPP Secret )  Set up IP Pool (10.10.10.100-10.10.10.103)Set up IP Pool (10.10.10.100-10.10.10.103)  Set up client windows PPPoESet up client windows PPPoE
  58. 58. PPP interface BridgingPPP interface Bridging  PPP BCP (Bridge Control Protocol)PPP BCP (Bridge Control Protocol)  PPP MP (Multi-link Protocol)PPP MP (Multi-link Protocol)
  59. 59. PPP Bridge Control ProtocolPPP Bridge Control Protocol  RouterOS now have BCP support for allRouterOS now have BCP support for all async. PPP, PPTP, L2TP & PPPoE (not ISDN)async. PPP, PPTP, L2TP & PPPoE (not ISDN) interfacesinterfaces  If BCP is established, PPP tunnel does notIf BCP is established, PPP tunnel does not require IP addressrequire IP address  Bridged Tunnel IP address (if present) doesBridged Tunnel IP address (if present) does not applies to whole bridge – it stays only onnot applies to whole bridge – it stays only on PPP interface (routed IP packets can goPPP interface (routed IP packets can go through the tunnel as usual)through the tunnel as usual)
  60. 60. Setting up BCPSetting up BCP  You must specify bridge option in the ppp profiles onYou must specify bridge option in the ppp profiles on bothboth ends of the tunnel.ends of the tunnel.  The bridgeThe bridge mustmust have manually set MAC address, or at leasthave manually set MAC address, or at least one regular interface in it, because ppp interfaces do not haveone regular interface in it, because ppp interfaces do not have MAC addresses.MAC addresses.
  61. 61. PPP Bridging ProblemPPP Bridging Problem  PPP interface MTU is smaller than standard EthernetPPP interface MTU is smaller than standard Ethernet interfaceinterface  It is impossible to fragment Ethernet frames –tunnelsIt is impossible to fragment Ethernet frames –tunnels must have inner algorithm how to encapsulate andmust have inner algorithm how to encapsulate and transfer Ethernet frames via link with smaller MTUtransfer Ethernet frames via link with smaller MTU  EOIP have encapsulation algorithm enabled byEOIP have encapsulation algorithm enabled by default, PPP interfaces doesn'tdefault, PPP interfaces doesn't  PPP interfaces can utilize PPP Multi-link Protocol toPPP interfaces can utilize PPP Multi-link Protocol to encapsulate Ethernet framesencapsulate Ethernet frames
  62. 62. PPP Multi-link ProtocolPPP Multi-link Protocol  PPP Multi-link Protocol allows to open multiplePPP Multi-link Protocol allows to open multiple simultaneous channels between systemssimultaneous channels between systems  It is possible to split and recombine packets, betweenIt is possible to split and recombine packets, between several channels – resulting in increase the effectiveseveral channels – resulting in increase the effective maximum receive unit (MRU)maximum receive unit (MRU)  To enable PPP Multi-link Protocol you must specifyTo enable PPP Multi-link Protocol you must specify MRRU optionMRRU option  In MS Windows you must enable "Negotiate multi-In MS Windows you must enable "Negotiate multi- link for single link connections" optionlink for single link connections" option
  63. 63. PPP Multi-link ProtocolPPP Multi-link Protocol
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×