48.3. Configuring Abilis IP Tunnels v.2 (AIPT2)

48.3. Configuring Abilis IP Tunnels v.2 (AIPT2)
	Chapter 48. AIPT2 - Abilis IP tunnel v.2

The Abilis IP Tunnel v.2 is a virtual tunnel typically used for Data communications between Abilis.

To set up an Abilis IP Tunnel, first add an IP resource:

a res:ip-<id> subtype:<value>

id is simply the identification number and subtype is the kind of resource to be used. The following command shows supported subtypes.

[14:58:13] ABILIS_CPX_1:a res:ip-2 subtype: ?

SUBTYPE:   Resource subtype.                                        <Mandatory>
           See also HELP SUBTYPE.

Ip resource subtypes:

LAN             IP over LAN
LAN-PT          IP over LAN Passthrough
PPP             IP over PPP
DSL             IP over DSL
AIPT2           Abilis IP tunnel v.2
AIPT            Abilis IP tunnel
AIPT-BCK        Abilis IP tunnel with Back-up
VIRTUAL         IP virtual
X25BSVC         IP over X.25 Bsvc

First, add a new resource on both Abilis:

[15:39:45] ABILIS_CPX_1:a res:ip-5 subtype:aipt2

COMMAND EXECUTED

[15:40:12] ABILIS_CPX_1:d p ip-5

RES:Ip-5 - Not Running, Not Saved (SAVE CONF) ---------------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
New    DESCR:
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:000.000.000.000   MASK:255.255.255.255   NEIGH:000.000.000.000
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:NO                        DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:CLIENT                           FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:                 LOCPORT:4005  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:                 REMPORT:#     C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:1              REORDER:AUTO  D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED      
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
          DEPx:        GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |     NOMAX   AUTO   OUT-IP          #

[15:40:45] ABILIS_CPX_2:a res:ip-5 subtype:aipt2

COMMAND EXECUTED

[15:40:52] ABILIS_CPX_2:d p ip-5

RES:Ip-5 - Not Running, Not Saved (SAVE CONF) ---------------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
New    DESCR:
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:000.000.000.000   MASK:255.255.255.255   NEIGH:000.000.000.000
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:NO                        DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:CLIENT                           FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:                 LOCPORT:4005  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:                 REMPORT:#     C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:1              REORDER:AUTO  D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED      
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
          DEPx:        GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |     NOMAX   AUTO   OUT-IP          #

	Warning
	Save the configuration with the command save conf and restart the Abilis with the command warm start.

The most important parameters to configure are:

DESCR: description of the resource.
ROLE: tunnel role [CLIENT, SERVER].
Tunnel authentication:
- REMABILIS-ID: Abilis-ID that must match the one provided by the remote peer.
- LOCKEY: Identification key to send to remote peer.
- REMKEY: Identification key that must match the one provided by the remote peer.
Tip
To authenticate a tunnel AIPT2 between 2 Abilis we must configure REMABILIS-ID or pair LOCKEY/REMKEY or both.
MPx: Multipath bundle identifier, when the path is part of a redundancy. An empty value excludes the path from any redunded multipath, it is therefore individually used only for load balancing. Empty or # or an letter [A..F].
DEPx: Dependency on state "not UP" of specified paths. This path is activated when the logical combination of the states of dependency paths is "not UP", otherwise it stays down. One or more path value [1..6] and logical operators AND/OR [&,|] or an empty string or # to clear it. Max 5 paths and 4 operators. AND is evaluated before OR. (E.g. DEP4:1 or DEP1:2&3 or DEP6:1&2|3&4|5).
Important
Only for ROLE:CLIENT.
CR: Encryption/Decryption activation. Usage of encryption is useful to increase the security of data transmission.
REMPORT: UDP port number of the remote Abilis.
Important
Only for ROLE:CLIENT.
NUMPATHS: Number of paths.
LOCIPx: IP address of the local Abilis.

REMIPx: IP address of the remote Abilis.

	Tip
	The above parameters must mirror each other (i.e. The value of `LOCPORT` on “Abilis 1” must be the same of `REMPORT` on “Abilis 2” and vice versa; the same for `LOCIPx/REMIPx`).

OUTSPx: Speedlimit, in kbit/sec applied to the path.
NAT: NAT usage.

NEIGH: IP address of the neighbour router.
MASK: Mask in DDN.

48.3.1. Configuring AIPT2 with load balancing

AIPT2 distributes the traffic over multiple IP links so that the load can be distributed evenly. AIPT2 effectively bundles the lines together, so that the total throughput is the sum of the individual lines.

The following example considers two Abilis:

“Abilis 1” (ABILIS_CPX_1):
- Ethernet 100/100 Mbits/s with more public IP addresses (80.80.80.0/28);
- The assigned IP for ABILIS 1 is the 80.80.80.1/28.
“Abilis 2” (ABILIS_CPX_2):
- IP-2 VDSL 30/3 Mbits/s with IP address: 88.88.88.88/32;
- IP-3 VDSL 30/3 Mbits/s with dynamic IP.
- IP-4 Ethernet 30/5 Mbits/s with dynamic IP.

[16:15:31] ABILIS_CPX_1:s p ip-5 descr:To_Abilis_2 nat:vpn role:server lockey:abilis1 remkey:abilis2 numpaths:3 locip1:80.80.80.1 locip2:80.80.80.1 locip3:80.80.80.1 

COMMAND EXECUTED

[16:15:33] ABILIS_CPX_1:s p ip-5 remip1:88.88.88.88 outsp1:30000 outsp2:30000 outsp3:30000

COMMAND EXECUTED

[16:25:46] ABILIS_CPX_1:d p ip-5

RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
Run    DESCR:To_Abilis_2
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:000.000.000.000   MASK:255.255.255.255   NEIGH:000.000.000.000
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:VPN                       DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:SERVER   CR:YES    COMP:NO       FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:abilis1          LOCPORT:4005  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:abilis2                        C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:3              REORDER:AUTO  D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED      
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
                       GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |     30000   AUTO   080.080.080.001 088.088.088.088
       2 |     30000   AUTO   080.080.080.001 *
       3 |     30000   AUTO   080.080.080.001 *

[16:31:35] ABILIS_CPX_2:s p ip-5 descr:To_Abilis_1 nat:out remport:4005 lockey:abilis2 remkey:abilis1 numpaths:3 locip1:88.88.88.88 locip2:ip-3 locip3:ip-4 

COMMAND EXECUTED

[16:31:35] ABILIS_CPX_2:s p ip-5 remip1:80.80.80.1 remip2:80.80.80.1 remip3:80.80.80.1 outsp1:3000 outsp2:3000 outsp3:5000

COMMAND EXECUTED

[16:31:43] ABILIS_CPX_2:d p ip-5

RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
Run    DESCR:To_Abilis_1
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPNL
       IPADD:000.000.000.000   MASK:255.255.255.255   NEIGH:000.000.000.000
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:OUTSIDE   UPNP:NO         DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:CLIENT                           FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:abilis2          LOCPORT:4005  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:abilis1          REMPORT:4005  C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:3              REORDER:AUTO  D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED      
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
          DEPx:        GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |     3000    AUTO   088.088.088.088 080.080.080.001
       2 |     3000    AUTO   Ip-3            080.080.080.001
       3 |     5000    AUTO   Ip-4            080.080.080.001

	Tip
	Execute the initialization command init res:ip-5.

Now the configuration of the VPN is completed.

	Important
	To switch quickly this configuration with Load Balancing to AIPT2 Redundant mode, use the `PATHMODE` parameter.

NAT configuration:

[16:31:50] ABILIS_CPX_1:a nat pr:0 inat:out onat:vpn add:dst dnet:80.80.80.5 anet:80.80.80.5

COMMAND EXECUTED 

[16:41:46] ABILIS_CPX_1:d nat pr:0

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   OUT           DST  *                  080.080.080.005/32 080.080.080.005/32
    VPN                                                                    NO
-------------------------------------------------------------------------------

[16:41:49] ABILIS_CPX_2:a nat pr:0 inat:in onat:out add:src snet:192.168.0.0/24 anet:80.80.80.5 pat:yes

COMMAND EXECUTED 

[16:44:34] ABILIS_CPX_2:d nat pr:0

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  192.168.000.000/24 *                  080.080.080.005/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

	Tip
	Execute the initialization command init res:nat.

IP routing configuration:

[16:44:37] ABILIS_CPX_1:a ipr net:80.80.80.5/32 ip:5

COMMAND EXECUTED

[16:46:26] ABILIS_CPX_2:a ipr net:0.0.0.0/0 srnet:80.80.80.5/32 ip:5

COMMAND EXECUTED

	Warning
	Save the configuration with the command save conf.

Tip

Interesting chapters:

Chapter 76, VPN status;

Section 52.4.3, “Using HTTP for showing IP TRFA statistics”.

48.3.2. Configuring AIPT2 with redundancy

AIPT2 can also increase the reliability of the VPN.

	Tip
	If one path is slower, or slows down up to blockage, the other path stays unaffected.

	Warning
	When the double/triple path is active the traffic is obviously duplicated: this could be very “dangerous” on pay per use lines!

The following example considers two Abilis:

“Abilis 1” (ABILIS_CPX_1):
- IP-1 Ethernet 100/100 Mbits/s with IP address: 80.80.80.1;
“Abilis 2” (ABILIS_CPX_2):
- IP-2 ADSL 7/1 Mbits/s with IP address: 88.88.88.88/32;
- IP-3 LTE 15/15 Mbits/s with dynamic IP.
- IP-4 Ethernet 20/20 Mbits/s with dynamic IP.

The most important parameter to configure, to be different from load balancing is:

MPx: Multipath bundle identifier, when the path is part of a redundancy. An empty value excludes the path from any redunded multipath, it is therefore individually used only for load balancing. Empty or # or an letter [A..F].

	Important
	Or, you can simply use the `PATHSMODE` parameter to switch quickly this configuration with Load Balancing to AIPT2 Redundant mode

[16:15:31] ABILIS_CPX_1:s p ip-5 descr:To_Abilis_2 nat:inside role:server lockey:abilis1 remkey:abilis2 numpaths:3 locip1:80.80.80.1 locip2:80.80.80.1 locip3:80.80.80.1 

COMMAND EXECUTED

[16:15:31] ABILIS_CPX_1:s p ip-5 remip1:88.88.88.88 outsp1:7000 outsp2:15000 outsp3:20000 neigh:192.168.1.1 mask:255.255.255.0 mp1:a mp2:a mp3:a

COMMAND EXECUTED

[16:25:46] ABILIS_CPX_1:d p ip-5

RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
Run    DESCR:To_Abilis_2
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:000.000.000.000   MASK:255.255.255.000   NEIGH:192.168.001.001
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:INSIDE    UPNP:NO         DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:SERVER   CR:NO     COMP:NO       FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:abilis1          LOCPORT:4005  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:abilis2                        C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:3              REORDER:AUTO  D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED      
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
                       GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |A    7000    AUTO   080.080.080.001 088.088.088.088
       2 |A    15000   AUTO   080.080.080.001 *
       3 |A    20000   AUTO   080.080.080.001 *

[16:31:35] ABILIS_CPX_2:s p ip-5 descr:To_Abilis_1 nat:inside remport:4005 lockey:abilis2 remkey:abilis1 numpaths:3 locip1:88.88.88.88 locip2:ip-3 locip3:ip-4 

COMMAND EXECUTED

[16:31:35] ABILIS_CPX_2:s p ip-5 remip1:80.80.80.1 remip2:80.80.80.1 remip3:80.80.80.1 outsp1:1000 outsp2:15000 outsp3:20000 neigh:192.168.0.1 mask:255.255.255.0 mp1:a mp2:a mp3:a

COMMAND EXECUTED

[16:31:43] ABILIS_CPX_2:d p ip-5

RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
Run    DESCR:To_Abilis_1
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:000.000.000.000   MASK:255.255.255.000   NEIGH:192.168.000.001
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:INSIDE    UPNP:NO         DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:CLIENT                           FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:abilis2          LOCPORT:4005  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:abilis1          REMPORT:4005  C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:3              REORDER:AUTO  D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED      
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
          DEPx:        GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |A    1000    AUTO   088.088.088.088 080.080.080.001
       2 |A    15000   AUTO   Ip-3            080.080.080.001
       3 |A    20000   AUTO   Ip-4            080.080.080.001

	Tip
	Execute the initialization command init res:ip-5.

Now the configuration of the VPN is completed.

	Warning
	Save the configuration with the command save conf.

Tip

Interesting chapters:

Chapter 76, VPN status;

Section 52.4.3, “Using HTTP for showing IP TRFA statistics”.

48.3.3. Configuring AIPT2 with backup

The most important parameter to configure is:

DEPx: Dependency on state "not UP" of specified paths. This path is activated when the logical combination of the states of dependency paths is "not UP", otherwise it stays down. One or more path value [1..6] and logical operators AND/OR [&,|] or an empty string or # to clear it. Max 5 paths and 4 operators. AND is evaluated before OR. (E.g. DEP4:1 or DEP1:2&3 or DEP6:1&2|3&4|5).
Important
Only for ROLE:CLIENT.

For the last configuration example to configure the path 1 as BACKUP path use this command on the Abilis with ROLE:CLIENT (ABILIS-CPX_2:):

[11:01:25] ABILIS_CPX:s p ip-5 dep1:2|3

COMMAND EXECUTED

[11:02:07] ABILIS_CPX:d p ip-5

RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
Run    DESCR:To_Abilis_1
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:000.000.000.000   MASK:255.255.255.000   NEIGH:192.168.000.001
       REDIS:NO      HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:INSIDE    UPNP:NO         DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:CLIENT                           FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:abilis2          LOCPORT:4005  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:abilis1          REMPORT:4005  C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:3              REORDER:AUTO  D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED          
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
          DEPx:        GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |A    1000    AUTO   088.088.088.088 080.080.080.001
          2|3          #                      AUTO
       2 |A    15000   AUTO   Ip-3            080.080.080.001
       3 |A    20000   AUTO   Ip-4            080.080.080.001

	Tip
	Execute the initialization command init res:ip-5.

	Warning
	Save the configuration with the command save conf.

The path 1 will be activated when the logical state of path 2 or 3 is "not UP", otherwise it will stay DOWN.

	Tip
	To authenticate a tunnel AIPT2 between 2 Abilis we must configure `REMABILIS-ID` or pair `LOCKEY`/`REMKEY` or both.


48.2. AIPT2 resource parameters		48.4. AIPT2 diagnostics, statistics, logs and debug

	Important
	Only for `ROLE`:`CLIENT`.

	Important
	Only for `ROLE`:`CLIENT`.

	Important
	Only for `ROLE`:`CLIENT`.