48.2. AIPT2 resource parameters

Use the following command to display resource parameters:

[13:39:25] ABILIS_CPX:d p ip-11

RES:Ip-11 ---------------------------------------------------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
New    DESCR:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:   MASK:   NEIGH:
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:NO                        DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       - IP Tunnel ------------------------------------------------------------
       ROLE:CLIENT                           FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:                 LOCPORT:4081  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:                 REMPORT:#     C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:1              REORDER:NO    D-IPCOS:COPY   BURST-DLY:100
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
                       GWx:                   SPL-OVHx:
       1 |     NOMAX   AUTO   OUT-IP          #

Meaning of the most important parameters specific for AIPT2:


Tunnel role [CLIENT, SERVER]. In any AIPT2 configuration, one side must have the role of SERVER and the other side the CLIENT role.

  • SERVER - must be assigned to the ABILIS that has a static/fixed IP.

  • CLIENT - any type: static/dynamic/natted IP.


Number of paths enabled and configurable [1..6]. Paths are consecutive, starting from path number 1.


Sets the behaviour of the paths [BALANCE, REDUNDANT, MIXED]:

  • BALANCE: packets are spread among paths to increase the bandwidth.

  • REDUNDANT: packets are repeated on all paths to increase reliability.

  • MIXED: paths with same MPx letter are used in REDUNDANT mode, and mixed in BALANCE mode with paths having different letters or no letters.


    It allows a quick setting of paths for "ALL REDUNDANT" and "ALL BALANCED" paths, and of course also the default "MIXED" mode.


Path number [1..NUMPATHS] to be used as suffix in path parameters, e.g. s p ip-10 locip1:* remip1:*.


Multipath bundle identifier, when the path is part of a redundancy. An empty value excludes the path from any redunded multipath, it is therefore individually used only for load balancing. Empty or # or an letter [A..F]


Dependency on state "not UP" of specified paths. This path is activated when the logical combination of the states of dependency paths is "not UP", otherwise it stays down. One or more path value [1..6] and logical operators AND/OR [&,|] or an empty string or # to clear it. Max 5 paths and 4 operators. AND is evaluated before OR. (E.g. DEP4:1 or DEP1:2&3 or DEP6:1&2|3&4|5).




Speedlimit, in kbit/sec applied to the path. The resource speedlimit OUTSP, if enabled, determines the overall tunnel speedlimit. NOMAX or [64..1000000 Kbit/sec].


Overhead added by lower layer drivers. Proper detection or manual setting of this value is important for the speed-limit to work properly and for the correct measure of path bandwidth use (D DE IP-x) . AUTO or a couple of values "enc,line", where:

  • enc - is the encapsulation type and can be [RAW-IP, RAW-PPP, RFC1483-VCMUX, RFC1483-LLCMUX, RFC2364-VCMUX, RFC2364-LLCMUX, PPPOE, PPPOE-BRIDGED, IPOE-BRIDGED];

  • line - is the protocol type and can be [ETH, HDLC, AAL5, PTM].


    With USB modems the AUTO mode allows to recognize exactly the overhead, but in the case of external modem bridges it must be properly set manually.


Geographical coordinates of the other side of the tunnel. Max 32 chars. Spaces require double quotes. (E.g. -26.1713505,27.9699847 or "45.4628328, 9.1076927" or 40.69,-74.26). Used in web pages, see Section 76.3, “VPN status - Map”.


Classify the resource [LAN, WAN, VPN, VPNW] or empty. Used in web pages for administrative purposes, graphs, statistics. By default:

  • LAN - is set in LAN and LAN-PT resources

  • WAN - is set in X25PVC, X25BSVC, DL, DL-BCK, BCH, ML, and PPP resources

  • VPN - is set in AIPT, AIPT-BCK and AIPT2 resources.

VIRTUAL resources inherit TYPE from referenced P-IP resource.

The TYPE:VPNW is intended to be used when an AIPT2 IpRes is used with multiple ADSL/VDSL2/LTE lines as "the Internet access". In this situation the "AIPT2 SDWAN tunnel" is not used to connect branch offices but to connect to an Abilis in a provider datacenter that then offers the final Internet access, and therefore this traffic needs to be separated from standard VPN traffic.


IP class of service (priority) for tunnel DATA PAYLOAD packets. In AIPT2 the IPCOS of encapsulated tunnel packets is enforced in the IpRes itself, and subsequently preserved through the IPACL.

  • HIGH, NORMAL, LOW: IPCOS for tunnel DATA PAYLOAD packets.

  • COPY: the IPCOS of tunnel DATA PAYLOAD packets is determined by IPACL before the packet is inserted in the tunnel, propagated to the encapsulated packets and then preserved through the subsequent IPACL.


Enable encryption [NO, YES].


Only for ROLE:SERVER. The CLIENT is adapting from the SERVER.


Compression type for DATA frames [NO, LZO1X, LZO1B, LZO1F].


Only for ROLE:SERVER. The CLIENT is adapting from the SERVER.


Maximum size of outer tunnel packets [256..1500 byte].


Identification key to send to remote peer. Max 16 characters. Space not allowed.


Identification key that must match the one provided by remote tunnel. The match is case-insensitive. When empty the received identification key is not validated. Max 16 ASCII characters. Space not allowed.


Abilis-ID that must match the one provided by the remote peer. When empty the received Abilis-ID is not validated. Up to 10 numeric characters ['0'..'9'].


Local UDP port number [1..65535]. Packets are sent with this port as source port. Packets are received with this port as destination port.


Remote UDP port number [#,1..65535]. With # the path is disabled. Destination port in transmitted packets, and verified to be the source port in received packets.




Reorder timeout for received packets [NO, AUTO, 1..200].


Receive buffer for tunnel payload reassembly [1..1000 Kibyte].


TOS or DS field for tunnel DATA PAYLOAD packets:

  • p-t: PRECEDENCE-TOS, 'p' [0..7], 't' [N, D, T, R, C];

  • bbbbbb: DS value bit by bit, 'b' [0, 1];

  • COPY: TOS/DS field is copied from payload to envelope.


TOS or DS field for tunnel CONTROL packets:

  • p-t: PRECEDENCE-TOS, 'p' [0..7], 't' [N, D, T, R, C];

  • bbbbbb: DS value bit by bit, 'b' [0, 1].


IP class of service (priority) for tunnel CONTROL packets. In AIPT2 the IPCOS is enforced in the IpRes itself, and preserved through the subsequent IPACL. - HIGH, NORMAL, LOW: IPCOS for tunnel CONTROL packets.


Number of CONTROL probes considered for the state detection [2..50].


Timeout for reply reception [100..10000 ms].


Interval between CONTROL probes while state is UP [1..60 s].


Interval between CONTROL probes while state is UP and last try timed out [1..60 s].


When percentage of successful CONTROL probes decreases down to this threshold the state is changed to DOWN [0..90].


Number of requests sent at each CONTROL probe [1..10].


Interval between requests of the same CONTROL probe [0..100 ms].


Output IP resource [AUTO, Ip-1..Ip-250].


Gateway for OUTx:Ip-xxx [#, 1-126.x.x.x,, 128-223.x.x.x].


Local IP address for incoming/outgoing UDP packets on path x [*, R-ID, OUT-IP, Ip-nnn, 1-126.x.x.x,, 128-223.x.x.x]. The value OUT-IP is allowed only for ROLE:CLIENT. The value * is allowed only for ROLE:SERVER.


Remote IP address for incoming/outgoing UDP packets on path x [*, #, 1-126.x.x.x,, 128-223.x.x.x, 'list', FQDN], where

  • # : the path is disabled;

  • * : any remote IP address is accepted (only for ROLE:SERVER);

  • list: the name of an IP/IR/RU/MR list between single quotes (only for ROLE:SERVER);

  • FQDN: the FQDN name of the remote server, max. 64 characters in the range ['0'..'9', 'a'..'z', '-', '.' ], FQDN name is forced to lower case (only for ROLE:CLIENT).