EOIP(4) FreeBSD Kernel Interfaces Manual EOIP(4)
NAME
eoip - MikroTik Ethernet over IP tunnel network device
SYNOPSIS
pseudo-device gre
DESCRIPTION
The eoip interface provides tunnelling of Ethernet frames across IPv4 and
IPv6 networks using the MikroTik Ethernet over IP (EoIP) encapsulation
protocol.
The protocol is based on the Generic Routing and Encapsulation (GRE)
protocol. GRE datagrams (IP protocol number 47) consist of a GRE header
and an outer IP header for encapsulating another protocol's datagram.
The GRE header specifies a version and the type of the encapsulated
datagram, allowing for the tunnelling of multiple protocols. EoIP uses
GRE version 1, its own protocol identifier (0x6400) for Ethernet, and has
its own keepalive semantics, making it distinct from the Ethernet over
GRE version 0 protocol supported by egre(4). However, it is implemented
as part of the same driver providing egre(4).
Different tunnels between the same endpoints are distinguished by a
16-bit tunnel identifier field in the header.
All GRE packet processing in the system is allowed or denied by setting
the net.inet.gre.allow sysctl(8) variable. To allow GRE packet
processing, set net.inet.gre.allow to 1.
eoip interfaces can be created at runtime using the ifconfig eoipN create
command or by setting up a hostname.if(5) configuration file for
netstart(8).
For correct operation, encapsulated traffic must not be routed over the
interface itself. This can be implemented by adding a distinct or a more
specific route to the tunnel destination than the hosts or networks
routed via the tunnel interface. Alternatively, the tunnel traffic may
be configured in a separate routing table to the encapsulated traffic.
Programming Interface
eoip interfaces support the following ioctl(2) calls for configuring
tunnel options:
SIOCSLIFPHYADDR struct if_laddrreq *
Set the unicast IPv4 or IPv6 addresses for the encapsulating
IP packets. The addresses may only be configured while the
interface is down.
SIOCGLIFPHYADDR struct if_laddrreq *
Get the addresses used for the encapsulating IP packets.
SIOCDIFPHYADDR struct ifreq *
Clear the addresses used for the encapsulating IP packets.
The addresses may only be cleared while the interface is down.
SIOCSVNETID struct ifreq *
Configure a virtual network identifier for use as the Tunnel
Identifier. The virtual network identifier may only be
configured while the interface is down. The Tunnel Identifier
is a 16-bit value.
SIOCGVNETID struct ifreq *
Get the virtual network identifier used in the GRE Key header.
SIOCSLIFPHYRTABLE struct ifreq *
Set the routing table the tunnel traffic operates in. The
routing table may only be configured while the interface is
down.
SIOCGLIFPHYRTABLE struct ifreq *
Get the routing table the tunnel traffic operates in.
SIOCSLIFPHYTTL struct ifreq *
Set the Time-To-Live field in IPv4 encapsulation headers, or
the Hop Limit field in IPv6 encapsulation headers.
SIOCGLIFPHYTTL struct ifreq *
Get the value used in the Time-To-Live field in an IPv4
encapsulation header or the Hop Limit field in an IPv6
encapsulation header.
SIOCSLIFPHYDF struct ifreq *
Configure whether the tunnel traffic sent by the interface can
be fragmented or not. This sets the Don't Fragment (DF) bit
on IPv4 packets, and disables fragmentation of IPv6 packets.
SIOCGLIFPHYDF struct ifreq *
Get whether the tunnel traffic sent by the interface can be
fragmented or not.
SIOCSTXHPRIO struct ifreq *
Set the priority value used in the Type of Service field in
IPv4 headers, or the Traffic Class field in IPv6 headers.
Values may be from 0 to 7, or IF_HDRPRIO_PACKET to specify
that the current priority of a packet should be used.
SIOCGTXHPRIO struct ifreq *
Get the priority value used in the Type of Service field in
IPv4 headers, or the Traffic Class field in IPv6 headers.
SIOCSETKALIVE struct ifkalivereq *
Enable the transmission of keepalive packets to detect tunnel
failure. Keepalives may only be configured while the
interface is down.
Setting the keepalive period or count to 0 disables keepalives
on the tunnel.
SIOCGETKALIVE struct ifkalivereq *
Get the configuration of keepalive packets.
Security Considerations
EoIP does not provide any integrated security features. It should only
be deployed on trusted private networks, or protected with IPsec to add
authentication and encryption for confidentiality. IPsec is especially
recommended when transporting EoIP over the public internet.
The Packet Filter pf(4) can be used to filter tunnel traffic with
endpoint policies pf.conf(5).
The Time-to-Live (TTL) value of a tunnel can be set to 1 or a low value
to restrict the traffic to the local network:
# ifconfig eoipN tunnelttl 1
EXAMPLES
Host X ---- Host A ------------ tunnel ----------- MikroTik D --- Host E
\ /
\ /
+------ Host B ------ Host C ------+
On Host A (OpenBSD):
# route add default B
# ifconfig eoipN create
# ifconfig eoipN tunnel A D
# ifconfig eoipN up
# route add E D
On Host D (MikroTik):
[admin@MikroTik] > interface eoip
[admin@MikroTik] /interface eoip> add name="eoipN" \
\... local-address=D remote-address=A
[admin@MikroTik] /interface eoip> enable eoipN
SEE ALSO
egre(4), inet(4), ip(4), netintro(4), options(4), hostname.if(5),
protocols(5), ifconfig(8), netstart(8), sysctl(8)
STANDARDS
S. Hanks, T. Li, D. Farinacci, and P. Traina, Generic Routing
Encapsulation (GRE), RFC 1701, October 1994.
AUTHORS
David Gwynne <
[email protected]>
FreeBSD 14.1-RELEASE-p8 July 26, 2023 FreeBSD 14.1-RELEASE-p8