47.2. AIPT2 resource parameters

47.2. AIPT2 resource parameters
	Chapter 47. AIPT2 - Abilis IP tunnel v.2

Use the following command to display resource parameters:

[13:39:25] ABILIS_CPX:d p ip-11

RES:Ip-11 ---------------------------------------------------------------------
       - Abilis IP tunnel v.2 (AIPT2) -----------------------------------------
New    DESCR:
       LOCATION:
       OPSTATE:UP              LOG:NO            STATE-DETECT:NORMAL  TYPE:VPN
       IPADD:000.000.000.000   MASK:255.255.255.255   NEIGH:000.000.000.000
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:NO                        DIFFSERV:NO        DDNS:NO
       OUTBUF:250    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:NO      
       - IP Tunnel ------------------------------------------------------------
       ROLE:CLIENT                           FRAGSIZE:1480  TRY:5     TOUT:5000
       LOCKEY:                 LOCPORT:4081  C-TOS:0-D      DLY-UP:10 THR-DN:30
       REMKEY:                 REMPORT:#     C-IPCOS:HIGH   DLY-TOUT:3
       REMABILIS-ID:           RS-BUF:250    D-TOS:0-N      BURST:1
       NUMPATHS:1              REORDER:NO    D-IPCOS:COPY   BURST-DLY:100
       PATHSMODE:MIXED
       - IP Tunnel Paths ------------------------------------------------------
       x  MPx: OUTSPx: OUTx:  LOCIPx:         REMIPx:
                       GWx:                   SPL-OVHx:
       --+----+-------+------+---------------+---------------------------------
       1 |     NOMAX   AUTO   OUT-IP          #

Meaning of the most important parameters specific for AIPT2:

ROLE

Tunnel role [CLIENT, SERVER]. In any AIPT2 configuration, one side must have the role of SERVER and the other side the CLIENT role.

SERVER - must be assigned to the ABILIS that has a static/fixed IP.
CLIENT - any type: static/dynamic/natted IP.

NUMPATHS

Number of paths enabled and configurable [1..6]. Paths are consecutive, starting from path number 1.

PATHSMODE

Sets the behaviour of the paths [BALANCE, REDUNDANT, MIXED]:

BALANCE: packets are spread among paths to increase the bandwidth.
REDUNDANT: packets are repeated on all paths to increase reliability.
MIXED: paths with same MPx letter are used in REDUNDANT mode, and mixed in BALANCE mode with paths having different letters or no letters.
Important
It allows a quick setting of paths for "ALL REDUNDANT" and "ALL BALANCED" paths, and of course also the default "MIXED" mode.

x

Path number [1..NUMPATHS] to be used as suffix in path parameters, e.g. s p ip-10 locip1:* remip1:*.

MPx

Multipath bundle identifier, when the path is part of a redundancy. An empty value excludes the path from any redunded multipath, it is therefore individually used only for load balancing. Empty or # or an letter [A..F]

DEPx

Dependency on state "not UP" of specified paths. This path is activated when the logical combination of the states of dependency paths is "not UP", otherwise it stays down. One or more path value [1..6] and logical operators AND/OR [&,|] or an empty string or # to clear it. Max 5 paths and 4 operators. AND is evaluated before OR. (E.g. DEP4:1 or DEP1:2&3 or DEP6:1&2|3&4|5).

	Important
	Only for `ROLE`:`CLIENT`.

OUTSPx

Speedlimit, in kbit/sec applied to the path. The resource speedlimit OUTSP, if enabled, determines the overall tunnel speedlimit. NOMAX or [64..1000000 Kbit/sec].

SPL-OVHx

Overhead added by lower layer drivers. Proper detection or manual setting of this value is important for the speed-limit to work properly and for the correct measure of path bandwidth use (D DE IP-x) . AUTO or a couple of values "enc,line", where:

enc - is the encapsulation type and can be [RAW-IP, RAW-PPP, RFC1483-VCMUX, RFC1483-LLCMUX, RFC2364-VCMUX, RFC2364-LLCMUX, PPPOE, PPPOE-BRIDGED, IPOE-BRIDGED];
line - is the protocol type and can be [ETH, HDLC, AAL5, PTM].
Note
With USB modems the AUTO mode allows to recognize exactly the overhead, but in the case of external modem bridges it must be properly set manually.

LOCATION

	Note
With USB modems the AUTO mode allows to recognize exactly the overhead, but in the case of external modem bridges it must be properly set manually.

Geographical coordinates of the other side of the tunnel. Max 32 chars. Spaces require double quotes. (E.g. -26.1713505,27.9699847 or "45.4628328, 9.1076927" or 40.69,-74.26). Used in web pages, see Section 75.3, “VPN status - Map”.

TYPE

Classify the resource [LAN, WAN, VPN, VPNW] or empty. Used in web pages for administrative purposes, graphs, statistics. By default:

LAN - is set in LAN and LAN-PT resources
WAN - is set in X25PVC, X25BSVC, DL, DL-BCK, BCH, ML, and PPP resources
VPN - is set in AIPT, AIPT-BCK and AIPT2 resources.

VIRTUAL resources inherit TYPE from referenced P-IP resource.

The TYPE:VPNW is intended to be used when an AIPT2 IpRes is used with multiple ADSL/VDSL2/LTE lines as "the Internet access". In this situation the "AIPT2 SDWAN tunnel" is not used to connect branch offices but to connect to an Abilis in a provider datacenter that then offers the final Internet access, and therefore this traffic needs to be separated from standard VPN traffic.

	Tip
Interesting chapters: Chapter 70, Line load; Chapter 71, Top 10.

Tip

Interesting chapters:

Chapter 70, Line load;

Chapter 71, Top 10.

D-IPCOS

IP class of service (priority) for tunnel DATA PAYLOAD packets. In AIPT2 the IPCOS of encapsulated tunnel packets is enforced in the IpRes itself, and subsequently preserved through the IPACL.

HIGH, NORMAL, LOW: IPCOS for tunnel DATA PAYLOAD packets.
COPY: the IPCOS of tunnel DATA PAYLOAD packets is determined by IPACL before the packet is inserted in the tunnel, propagated to the encapsulated packets and then preserved through the subsequent IPACL.

CR

Enable encryption [NO, YES].

	Important
	Only for `ROLE`:`SERVER`. The CLIENT is adapting from the SERVER.

COMP

Compression type for DATA frames [NO, LZO1X, LZO1B, LZO1F].

	Important
	Only for `ROLE`:`SERVER`. The CLIENT is adapting from the SERVER.

FRAGSIZE

Maximum size of outer tunnel packets [256..1500 byte].

LOCKEY

Identification key to send to remote peer. Max 16 characters. Space not allowed.

REMKEY

Identification key that must match the one provided by remote tunnel. The match is case-insensitive. When empty the received identification key is not validated. Max 16 ASCII characters. Space not allowed.

REMABILIS-ID

Abilis-ID that must match the one provided by the remote peer. When empty the received Abilis-ID is not validated. Up to 10 numeric characters ['0'..'9'].

LOCPORT

Local UDP port number [1..65535]. Packets are sent with this port as source port. Packets are received with this port as destination port.

REMPORT

Remote UDP port number [#,1..65535]. With # the path is disabled. Destination port in transmitted packets, and verified to be the source port in received packets.

	Important
	Only for `ROLE`:`CLIENT`.

REORDER

Reorder timeout for received packets [NO, AUTO, 1..200].

RS-BUF

Receive buffer for tunnel payload reassembly [1..1000 Kibyte].

D-TOS

TOS or DS field for tunnel DATA PAYLOAD packets:

p-t: PRECEDENCE-TOS, 'p' [0..7], 't' [N, D, T, R, C];
bbbbbb: DS value bit by bit, 'b' [0, 1];
COPY: TOS/DS field is copied from payload to envelope.

C-TOS

TOS or DS field for tunnel CONTROL packets:

p-t: PRECEDENCE-TOS, 'p' [0..7], 't' [N, D, T, R, C];
bbbbbb: DS value bit by bit, 'b' [0, 1].

C-IPCOS

IP class of service (priority) for tunnel CONTROL packets. In AIPT2 the IPCOS is enforced in the IpRes itself, and preserved through the subsequent IPACL. - HIGH, NORMAL, LOW: IPCOS for tunnel CONTROL packets.

TRY

Number of CONTROL probes considered for the state detection [2..50].

TOUT

Timeout for reply reception [100..10000 ms].

DLY-UP

Interval between CONTROL probes while state is UP [1..60 s].

DLY-TOUT

Interval between CONTROL probes while state is UP and last try timed out [1..60 s].

THR-DN

When percentage of successful CONTROL probes decreases down to this threshold the state is changed to DOWN [0..90].

BURST

Number of requests sent at each CONTROL probe [1..10].

BURST-DLY

Interval between requests of the same CONTROL probe [0..100 ms].

OUTx

Output IP resource [AUTO, Ip-1..Ip-250].

GWx

Gateway for OUTx:Ip-xxx [#, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].

LOCIPx

Local IP address for incoming/outgoing UDP packets on path x [*, R-ID, OUT-IP, Ip-nnn, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x]. The value OUT-IP is allowed only for ROLE:CLIENT. The value * is allowed only for ROLE:SERVER.

REMIPx

Remote IP address for incoming/outgoing UDP packets on path x [*, #, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x, 'list', FQDN], where

# : the path is disabled;
* : any remote IP address is accepted (only for ROLE:SERVER);
list: the name of an IP/IR/RU/MR list between single quotes (only for ROLE:SERVER);
FQDN: the FQDN name of the remote server, max. 64 characters in the range ['0'..'9', 'a'..'z', '-', '.' ], FQDN name is forced to lower case (only for ROLE:CLIENT).

	Important
	It allows a quick setting of paths for "ALL REDUNDANT" and "ALL BALANCED" paths, and of course also the default "`MIXED`" mode.


47.1. Overview		47.3. Configuring Abilis IP Tunnels v.2 (AIPT2)