The Abilis IP Tunnel v.2 is a virtual tunnel typically used for Data communications between Abilis.
To set up an Abilis IP Tunnel, first add an IP resource:
a res:ip-<id> subtype:<value>
id is simply the identification number and subtype is the kind of resource to be used. The following command shows supported subtypes.
[14:58:13] ABILIS_CPX_1:a res:ip-2 subtype: ?
SUBTYPE: Resource subtype. <Mandatory>
See also HELP SUBTYPE.
Ip resource subtypes:
LAN IP over LAN
LAN-PT IP over LAN Passthrough
PPP IP over PPP
DSL IP over DSL
AIPT2 Abilis IP tunnel v.2
AIPT Abilis IP tunnel
AIPT-BCK Abilis IP tunnel with Back-up
VIRTUAL IP virtual
X25BSVC IP over X.25 Bsvc
First, add a new resource on both Abilis:
[15:39:45] ABILIS_CPX_1:a res:ip-5 subtype:aipt2
COMMAND EXECUTED [15:40:12] ABILIS_CPX_1:d p ip-5
RES:Ip-5 - Not Running, Not Saved (SAVE CONF) --------------------------------- - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- New DESCR: LOCATION: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL TYPE:VPN IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY: LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY: REMPORT:# C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:1 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 PATHSMODE:MIXED - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | NOMAX AUTO OUT-IP #
[15:40:45] ABILIS_CPX_2:a res:ip-5 subtype:aipt2
COMMAND EXECUTED [15:40:52] ABILIS_CPX_2:d p ip-5
RES:Ip-5 - Not Running, Not Saved (SAVE CONF) --------------------------------- - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- New DESCR: LOCATION: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL TYPE:VPN IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY: LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY: REMPORT:# C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:1 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 PATHSMODE:MIXED - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | NOMAX AUTO OUT-IP #
Warning | |
---|---|
Save the configuration with the command save conf and restart the Abilis with the command warm start. |
The most important parameters to configure are:
DESCR
: description of the resource.
ROLE
: tunnel role [CLIENT
,
SERVER
].
Tunnel authentication:
REMABILIS-ID
: Abilis-ID that must match
the one provided by the remote peer.
LOCKEY
: Identification key to send to
remote peer.
REMKEY
: Identification key that must
match the one provided by the remote peer.
Tip | |
---|---|
To authenticate a tunnel AIPT2 between 2 Abilis we must
configure |
MPx
: Multipath bundle identifier, when the
path is part of a redundancy. An empty value excludes the path from
any redunded multipath, it is therefore individually used only for
load balancing. Empty or # or an letter [A..F].
DEPx
: Dependency on state "not UP" of
specified paths. This path is activated when the logical combination
of the states of dependency paths is "not UP", otherwise it stays
down. One or more path value [1..6] and logical operators AND/OR
[&,|] or an empty string or # to clear it. Max 5 paths and 4
operators. AND is evaluated before OR. (E.g. DEP4:1 or DEP1:2&3 or
DEP6:1&2|3&4|5).
Important | |
---|---|
Only for
|
CR
: Encryption/Decryption activation. Usage
of encryption is useful to increase the security of data
transmission.
REMPORT
: UDP port number of the remote
Abilis.
Important | |
---|---|
Only for
|
NUMPATHS
: Number of paths.
LOCIPx
: IP address of the local
Abilis.
REMIPx
: IP address of the remote
Abilis.
Tip | |
---|---|
The above parameters must mirror each other (i.e. The value of
|
OUTSPx
: Speedlimit, in kbit/sec applied to
the path.
NAT
: NAT usage.
NEIGH
: IP address of the neighbour
router.
MASK
: Mask in DDN.
AIPT2 distributes the traffic over multiple IP links so that the load can be distributed evenly. AIPT2 effectively bundles the lines together, so that the total throughput is the sum of the individual lines.
The following example considers two Abilis:
“Abilis 1” (ABILIS_CPX_1):
Ethernet 100/100 Mbits/s with more public IP addresses (80.80.80.0/28);
The assigned IP for ABILIS 1 is the 80.80.80.1/28.
“Abilis 2” (ABILIS_CPX_2):
IP-2 VDSL 30/3 Mbits/s with IP address: 88.88.88.88/32;
IP-3 VDSL 30/3 Mbits/s with dynamic IP.
IP-4 Ethernet 30/5 Mbits/s with dynamic IP.
[16:15:31] ABILIS_CPX_1:s p ip-5 descr:To_Abilis_2 nat:vpn role:server lockey:abilis1 remkey:abilis2 numpaths:3 locip1:80.80.80.1 locip2:80.80.80.1 locip3:80.80.80.1
COMMAND EXECUTED [16:15:33] ABILIS_CPX_1:s p ip-5 remip1:88.88.88.88 outsp1:30000 outsp2:30000 outsp3:30000
COMMAND EXECUTED [16:25:46] ABILIS_CPX_1:d p ip-5
RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_2 LOCATION: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL TYPE:VPN IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:VPN DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:SERVER CR:YES COMP:NO FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis1 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis2 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 PATHSMODE:MIXED - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | 30000 AUTO 080.080.080.001 088.088.088.088 2 | 30000 AUTO 080.080.080.001 * 3 | 30000 AUTO 080.080.080.001 *
[16:31:35] ABILIS_CPX_2:s p ip-5 descr:To_Abilis_1 nat:out remport:4005 lockey:abilis2 remkey:abilis1 numpaths:3 locip1:88.88.88.88 locip2:ip-3 locip3:ip-4
COMMAND EXECUTED [16:31:35] ABILIS_CPX_2:s p ip-5 remip1:80.80.80.1 remip2:80.80.80.1 remip3:80.80.80.1 outsp1:3000 outsp2:3000 outsp3:5000
COMMAND EXECUTED [16:31:43] ABILIS_CPX_2:d p ip-5
RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_1 LOCATION: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL TYPE:VPNL IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:OUTSIDE UPNP:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis2 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis1 REMPORT:4005 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 PATHSMODE:MIXED - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | 3000 AUTO 088.088.088.088 080.080.080.001 2 | 3000 AUTO Ip-3 080.080.080.001 3 | 5000 AUTO Ip-4 080.080.080.001
Tip | |
---|---|
Execute the initialization command init res:ip-5. |
Now the configuration of the VPN is completed.
Important | |
---|---|
To switch quickly this configuration with Load Balancing to
AIPT2 Redundant mode, use the |
NAT configuration:
[16:31:50] ABILIS_CPX_1:a nat pr:0 inat:out onat:vpn add:dst dnet:80.80.80.5 anet:80.80.80.5
COMMAND EXECUTED [16:41:46] ABILIS_CPX_1:d nat pr:0
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 OUT DST * 080.080.080.005/32 080.080.080.005/32 VPN NO -------------------------------------------------------------------------------
[16:41:49] ABILIS_CPX_2:a nat pr:0 inat:in onat:out add:src snet:192.168.0.0/24 anet:80.80.80.5 pat:yes
COMMAND EXECUTED [16:44:34] ABILIS_CPX_2:d nat pr:0
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC 192.168.000.000/24 * 080.080.080.005/32 OUT * * AUTO YES -------------------------------------------------------------------------------
Tip | |
---|---|
Execute the initialization command init res:nat. |
IP routing configuration:
[16:44:37] ABILIS_CPX_1:a ipr net:80.80.80.5/32 ip:5
COMMAND EXECUTED
[16:46:26] ABILIS_CPX_2:a ipr net:0.0.0.0/0 srnet:80.80.80.5/32 ip:5
COMMAND EXECUTED
Warning | |
---|---|
Save the configuration with the command save conf. |
Tip | |
---|---|
Interesting chapters: Section 53.4.3, “Using HTTP for showing IP TRFA statistics”. |
AIPT2 can also increase the reliability of the VPN.
Tip | |
---|---|
If one path is slower, or slows down up to blockage, the other path stays unaffected. |
Warning | |
---|---|
When the double/triple path is active the traffic is obviously duplicated: this could be very “dangerous” on pay per use lines! |
The following example considers two Abilis:
“Abilis 1” (ABILIS_CPX_1):
IP-1 Ethernet 100/100 Mbits/s with IP address: 80.80.80.1;
“Abilis 2” (ABILIS_CPX_2):
IP-2 ADSL 7/1 Mbits/s with IP address: 88.88.88.88/32;
IP-3 LTE 15/15 Mbits/s with dynamic IP.
IP-4 Ethernet 20/20 Mbits/s with dynamic IP.
The most important parameter to configure, to be different from load balancing is:
MPx
: Multipath bundle identifier, when the
path is part of a redundancy. An empty value excludes the path from
any redunded multipath, it is therefore individually used only for
load balancing. Empty or # or an letter [A..F].
Important | |
---|---|
Or, you can simply use the |
[16:15:31] ABILIS_CPX_1:s p ip-5 descr:To_Abilis_2 nat:inside role:server lockey:abilis1 remkey:abilis2 numpaths:3 locip1:80.80.80.1 locip2:80.80.80.1 locip3:80.80.80.1
COMMAND EXECUTED [16:15:31] ABILIS_CPX_1:s p ip-5 remip1:88.88.88.88 outsp1:7000 outsp2:15000 outsp3:20000 neigh:192.168.1.1 mask:255.255.255.0 mp1:a mp2:a mp3:a
COMMAND EXECUTED [16:25:46] ABILIS_CPX_1:d p ip-5
RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_2 LOCATION: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL TYPE:VPN IPADD:000.000.000.000 MASK:255.255.255.000 NEIGH:192.168.001.001 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:INSIDE UPNP:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:SERVER CR:NO COMP:NO FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis1 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis2 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 PATHSMODE:MIXED - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 |A 7000 AUTO 080.080.080.001 088.088.088.088 2 |A 15000 AUTO 080.080.080.001 * 3 |A 20000 AUTO 080.080.080.001 *
[16:31:35] ABILIS_CPX_2:s p ip-5 descr:To_Abilis_1 nat:inside remport:4005 lockey:abilis2 remkey:abilis1 numpaths:3 locip1:88.88.88.88 locip2:ip-3 locip3:ip-4
COMMAND EXECUTED [16:31:35] ABILIS_CPX_2:s p ip-5 remip1:80.80.80.1 remip2:80.80.80.1 remip3:80.80.80.1 outsp1:1000 outsp2:15000 outsp3:20000 neigh:192.168.0.1 mask:255.255.255.0 mp1:a mp2:a mp3:a
COMMAND EXECUTED [16:31:43] ABILIS_CPX_2:d p ip-5
RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_1 LOCATION: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL TYPE:VPN IPADD:000.000.000.000 MASK:255.255.255.000 NEIGH:192.168.000.001 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:INSIDE UPNP:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis2 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis1 REMPORT:4005 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 PATHSMODE:MIXED - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 |A 1000 AUTO 088.088.088.088 080.080.080.001 2 |A 15000 AUTO Ip-3 080.080.080.001 3 |A 20000 AUTO Ip-4 080.080.080.001
Tip | |
---|---|
Execute the initialization command init res:ip-5. |
Now the configuration of the VPN is completed.
Warning | |
---|---|
Save the configuration with the command save conf. |
Tip | |
---|---|
Interesting chapters: Section 53.4.3, “Using HTTP for showing IP TRFA statistics”. |
The most important parameter to configure is:
DEPx
: Dependency on state "not UP" of
specified paths. This path is activated when the logical combination
of the states of dependency paths is "not UP", otherwise it stays
down. One or more path value [1..6] and logical operators AND/OR
[&,|] or an empty string or # to clear it. Max 5 paths and 4
operators. AND is evaluated before OR. (E.g. DEP4:1 or DEP1:2&3
or DEP6:1&2|3&4|5).
Important | |
---|---|
Only for
|
For the last configuration example to configure the path 1 as
BACKUP path use this command on the Abilis with
ROLE
:CLIENT
(ABILIS-CPX_2:):
[11:01:25] ABILIS_CPX:s p ip-5 dep1:2|3
COMMAND EXECUTED [11:02:07] ABILIS_CPX:d p ip-5
RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_1 LOCATION: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL TYPE:VPN IPADD:000.000.000.000 MASK:255.255.255.000 NEIGH:192.168.000.001 REDIS:NO HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:INSIDE UPNP:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis2 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis1 REMPORT:4005 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 PATHSMODE:MIXED - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 |A 1000 AUTO 088.088.088.088 080.080.080.001 2|3 # AUTO 2 |A 15000 AUTO Ip-3 080.080.080.001 3 |A 20000 AUTO Ip-4 080.080.080.001
Tip | |
---|---|
Execute the initialization command init res:ip-5. |
Warning | |
---|---|
Save the configuration with the command save conf. |
The path 1 will be activated when the logical state of path 2 or 3 is "not UP", otherwise it will stay DOWN.