|EOIP(4)||Device Drivers Manual||EOIP(4)|
eoip — MikroTik
Ethernet over IP tunnel network device
eoip interface provides tunnelling of
Ethernet frames across IPv4 and IPv6 networks using the MikroTik Ethernet
over IP (EoIP) encapsulation protocol.
The protocol is based on the Generic Routing and Encapsulation (GRE) protocol. GRE datagrams (IP protocol number 47) consist of a GRE header and an outer IP header for encapsulating another protocol's datagram. The GRE header specifies a version and the type of the encapsulated datagram, allowing for the tunnelling of multiple protocols. EoIP uses GRE version 1, its own protocol identifier (0x6400) for Ethernet, and has its own keepalive semantics, making it distinct from the Ethernet over GRE version 0 protocol supported by egre(4). However, it is implemented as part of the same driver providing egre(4).
Different tunnels between the same endpoints are distinguished by a 16-bit tunnel identifier field in the header.
All GRE packet processing in the system is allowed or denied by setting the net.inet.gre.allow sysctl(8) variable. To allow GRE packet processing, set net.inet.gre.allow to 1.
For correct operation, encapsulated traffic must not be routed over the interface itself. This can be implemented by adding a distinct or a more specific route to the tunnel destination than the hosts or networks routed via the tunnel interface. Alternatively, the tunnel traffic may be configured in a separate routing table to the encapsulated traffic.
eoip interfaces support the following
ioctl(2) calls for configuring tunnel
SIOCSLIFPHYADDRstruct if_laddrreq *
SIOCGLIFPHYADDRstruct if_laddrreq *
SIOCDIFPHYADDRstruct ifreq *
SIOCSVNETIDstruct ifreq *
SIOCGVNETIDstruct ifreq *
SIOCSLIFPHYRTABLEstruct ifreq *
SIOCGLIFPHYRTABLEstruct ifreq *
SIOCSLIFPHYTTLstruct ifreq *
SIOCGLIFPHYTTLstruct ifreq *
SIOCSLIFPHYDFstruct ifreq *
SIOCGLIFPHYDFstruct ifreq *
SIOCSTXHPRIOstruct ifreq *
IF_HDRPRIO_PACKETto specify that the current priority of a packet should be used.
SIOCGTXHPRIOstruct ifreq *
SIOCSETKALIVEstruct ifkalivereq *
Setting the keepalive period or count to 0 disables keepalives on the tunnel.
SIOCGETKALIVEstruct ifkalivereq *
EoIP does not provide any integrated security features. It should only be deployed on trusted private networks, or protected with IPsec to add authentication and encryption for confidentiality. IPsec is especially recommended when transporting EoIP over the public internet.
The Time-to-Live (TTL) value of a tunnel can be set to 1 or a low value to restrict the traffic to the local network:
# ifconfig eoipN tunnelttl 1
Host X ---- Host A ------------ tunnel ----------- MikroTik D --- Host E \ / \ / +------ Host B ------ Host C ------+
On Host A (OpenBSD):
# route add default B # ifconfig eoipN create # ifconfig eoipN tunnel A D # ifconfig eoipN up # route add E D
On Host D (MikroTik):
[admin@MikroTik] > interface eoip [admin@MikroTik] /interface eoip> add name="eoipN" \ \... local-address=D remote-address=A [admin@MikroTik] /interface eoip> enable eoipN
S. Hanks, T. Li, D. Farinacci, and P. Traina, Generic Routing Encapsulation (GRE), RFC 1701, October 1994.
David Gwynne <email@example.com>
|June 18, 2020||OpenBSD-current|