Categories


Authors

MikroTik IPIP Tunnels with OSPF

MikroTik IPIP Tunnels with OSPF

Tyler Hart
MikroTik

You can now get MikroTik training direct from Manito Networks. MikroTik Security Guide and Networking with MikroTik: MTCNA Study Guide by Tyler Hart are both available in paperback and Kindle!

Preface

Running an IP-IP tunnel between sites with OSPF for routing is an easy, dynamic site-to-site solution. We'll set up a tunnel, configure OSPF, and verify connectivity.

Navigation

  1. Network Topology
  2. IPIP Tunnel
  3. OSPF Routing

Network Topology

The network topology for this writeup is two sites, each with a Mikrotik router: Site | WAN IP | LAN Subnet | LAN Gateway | Point-to-Point IP | --- | --- | --- | --- | --- | Philly | 1.1.1.1 | 192.168.1.0/24 | 192.168.1.1 | 10.255.0.1/30 | Seattle | 2.2.2.2 | 10.1.0.0/24 | 10.1.0.1 | 10.255.0.2/30 |

Both routers are connected to the internet and have a publicly routable address. Their respective LAN networks don't overlap, and we've set aside a 10.255.0.0/30 network for the point-to-point IPIP addresses. Using the high 10.255.0.0/30 network ensures it won't overlap with any additional sites that come online.

IPIP Tunnel

Setting up the IPIP tunnel is pretty straightforward - point one router to the other and that's it.

On the Philly router:

/interface ipip add name=Seattle remote-address=2.2.2.2 comment=Seattle

On the Seattle router:

/interface ipip add name=Philly remote-address=1.1.1.1 comment=Philly

Add the routable IP addresses to the IPIP tunnel interfaces. This gives OSPF something to run over between the two devices. Having a dynamic routing protocol running means this solution can grow beyond two sites.

On the Philly router:

/ip address add interface=Seattle address=10.255.0.1/30 comment="Seattle link"

On the Seattle router:

/ip address add interface=Philly address=10.255.0.2/30 comment="Philly link"

OSPF Routing

We'll use a very simple OSPF configuration since there's only two sites. Both sites will be put on the OSPF "Backbone" area, number zero. As the network grows you can add additional OSPF areas.

On the Philly router:

/routing ospf network
add comment="Seattle link" network=10.255.0.0/30
add comment="LAN" network=192.168.1.0/24

On the Seattle router:

/routing ospf network
add comment="Philly link" network=10.255.0.0/30
add comment="LAN" network=10.1.0.0/24

These configurations have OSPF advertising the point-to-point links between the routers, and the LAN's behind the routers. With those routes advertised we should have full reachability between sites.

Tyler Hart
MikroTik
, , ,
Tyler Hart

Tyler Hart is a networking and security professional who started working in technology in 2002 with the US DoD and moved to the private sector in 2010. He holds a Business degree in IT Management, as well as the CISSP certification and others from Microsoft, CompTIA, Cisco, (ISC)2, Tenable Network Security, and more. For over 15 years he has worked and consulted with large and small organizations including hospitals and clinics, ISPs and WISPs, U.S. Defense organizations, and state and county governments.

Website
MikroTik Command Line Upgrades

MikroTik Command Line Upgrades
MikroTik DDoS Attack Mitigation

MikroTik DDoS Attack Mitigation