| 43.3. Configuring Abilis IP Tunnels v.2 (AIPT2) | ||
|---|---|---|
 | Chapter 43. AIPT2 - Abilis IP tunnel v.2 |  |
| 43.3. Configuring Abilis IP Tunnels v.2 (AIPT2) | ||
|---|---|---|
| | Chapter 43. AIPT2 - Abilis IP tunnel v.2 | |
The Abilis IP Tunnel v.2 is a virtual tunnel typically used for Data communications between Abilis.
To set up an Abilis IP Tunnel, first add an IP resource:
a res:ip-<id> subtype:<value>
id is simply the identification number and subtype is the kind of resource to be used. The following command shows supported subtypes.
[14:58:13] ABILIS_CPX_1:a res:ip-2 subtype: ?
SUBTYPE: Resource subtype. <Mandatory>
See also HELP SUBTYPE.
Ip resource subtypes:
X25PVC IP over X.25 Pvc
X25BSVC IP over X.25 Bsvc
LAN IP over LAN
DL IP over Dedicated Line
DL-BCK IP over Dedicated Line with Abilis Back-up
BCH IP over B-Channel
ML IP over Multi-Links
AIPT Abilis IP tunnel
AIPT-BCK Abilis IP tunnel with Back-up
PPP IP over PPP
VIRTUAL IP virtual
LAN-PT IP over LAN Passthrough
AIPT2 Abilis IP tunnel v.2AIPT2 distributes the traffic over multiple IP links so that the load can be distributed evenly. AIPT2 effectively bundles the lines together, so that the total throughput is the sum of the individual lines.
The following example considers two Abilis:
“Abilis 1” (ABILIS_CPX_1):
Ethernet 100/100 Mbits/s with more public IP addresses (80.80.80.0/28);
The assigned IP for ABILIS 1 is the 80.80.80.1/28.
“Abilis 2” (ABILIS_CPX_2):
IP-2 VDSL 30/3 Mbits/s with IP address: 88.88.88.88/32;
IP-3 VDSL 30/3 Mbits/s with dynamic IP.
IP-4 Ethernet 30/5 Mbits/s with dynamic IP.
First, add a new resource on both Abilis:
[15:39:45] ABILIS_CPX_1:a res:ip-5 subtype:aipt2COMMAND EXECUTED [15:40:12] ABILIS_CPX_1:d p ip-5RES:Ip-5 - Not Running, Not Saved (SAVE CONF) --------------------------------- - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- New DESCR: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY: LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY: REMPORT:# C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:1 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | NOMAX AUTO OUT-IP #
[15:40:45] ABILIS_CPX_2:a res:ip-5 subtype:aipt2COMMAND EXECUTED [15:40:52] ABILIS_CPX_2:d p ip-5RES:Ip-5 - Not Running, Not Saved (SAVE CONF) --------------------------------- - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- New DESCR: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY: LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY: REMPORT:# C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:1 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | NOMAX AUTO OUT-IP #
![[Warning]](../images/warning.png) | Warning |
|---|---|
Save the configuration with the command save conf and restart the Abilis with the command warm start. |
The most important parameters to configure are:
DESCR: description of the resource.
ROLE: tunnel role
[CLIENT, SERVER].
Tunnel authentication:
REMABILIS-ID: Abilis-ID that must match
the one provided by the remote peer.
LOCKEY: Identification key to send to
remote peer.
REMKEY: Identification key that must
match the one provided by the remote peer.
![[Tip]](../images/tip.png) | Tip |
|---|---|
To authenticate a tunnel AIPT2 between 2 Abilis we must
configure |
CR: Encryption/Decryption activation. Usage
of encryption is useful to increase the security of data
transmission.
REMPORT: UDP port number of the remote
Abilis.
![[Important]](../images/important.png) | Important |
|---|---|
Only for
|
NUMPATHS: Number of paths.
LOCIPx: IP address of the local
Abilis.
REMIPx: IP address of the remote
Abilis.
| Tip |
|---|---|
The above parameters must mirror each other (i.e. The value
of |
OUTSPx: Speedlimit, in kbit/sec applied to
the path.
NAT: NAT usage.
[16:15:31] ABILIS_CPX_1:s p ip-5 descr:To_Abilis_2 nat:vpn role:server lockey:abilis1 remkey:abilis2 numpaths:3 locip1:80.80.80.1 locip2:80.80.80.1 locip3:80.80.80.1COMMAND EXECUTED [16:15:33] ABILIS_CPX_1:s p ip-5 remip1:88.88.88.88 outsp1:30000 outsp2:30000 outsp3:30000COMMAND EXECUTED [16:25:46] ABILIS_CPX_1:d p ip-5RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_2 OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:VPN DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:SERVER CR:YES COMP:NO FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis1 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis2 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | 30000 AUTO 080.080.080.001 088.088.088.088 2 | 30000 AUTO 080.080.080.001 * 3 | 30000 AUTO 080.080.080.001 *
[16:31:35] ABILIS_CPX_2:s p ip-5 descr:To_Abilis_1 nat:out remport:4005 lockey:abilis2 remkey:abilis1 numpaths:3 locip1:88.88.88.88 locip2:ip-3 locip3:ip-4COMMAND EXECUTED [16:31:35] ABILIS_CPX_2:s p ip-5 remip1:80.80.80.1 remip2:80.80.80.1 remip3:80.80.80.1 outsp1:3000 outsp2:3000 outsp3:5000COMMAND EXECUTED [16:31:43] ABILIS_CPX_2:d p ip-5RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_1 OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:OUTSIDE UPNP:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis2 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis1 REMPORT:4005 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | 3000 AUTO 088.088.088.088 080.080.080.001 2 | 3000 AUTO Ip-3 080.080.080.001 3 | 5000 AUTO Ip-4 080.080.080.001
| Tip |
|---|---|
Execute the initialization command init res:ip-5. |
Now the configuration of the VPN is completed.
NAT configuration:
[16:31:50] ABILIS_CPX_1:a nat pr:0 inat:out onat:vpn add:dst dnet:80.80.80.5 anet:80.80.80.5COMMAND EXECUTED [16:41:46] ABILIS_CPX_1:d nat pr:0UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 OUT DST * 080.080.080.005/32 080.080.080.005/32 VPN NO -------------------------------------------------------------------------------
[16:41:49] ABILIS_CPX_2:a nat pr:0 inat:in onat:out add:src snet:192.168.0.0/24 anet:80.80.80.5 pat:yesCOMMAND EXECUTED [16:44:34] ABILIS_CPX_2:d nat pr:0UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC 192.168.000.000/24 * 080.080.080.005/32 OUT * * AUTO YES -------------------------------------------------------------------------------
| Tip |
|---|---|
Execute the initialization command init res:nat. |
IP routing configuration:
[16:44:37] ABILIS_CPX_1:a ipr net:80.80.80.5/32 ip:5
COMMAND EXECUTED[16:46:26] ABILIS_CPX_2:a ipr net:0.0.0.0/0 srnet:80.80.80.5/32 ip:5
COMMAND EXECUTED | Warning |
|---|---|
Save the configuration with the command save conf. |
| Tip |
|---|---|
Interesting chapters: Section 47.4.3, “Using HTTP for showing IP TRFA statistics”. |
AIPT2 can also increase the reliability of the VPN.
| Tip |
|---|---|
If one path is slower, or slows down up to blockage, the other path stays unaffected. |
| Warning |
|---|---|
When the double/triple path is active the traffic is obviously duplicated: this could be very “dangerous” on pay per use lines! |
The following example considers two Abilis:
“Abilis 1” (ABILIS_CPX_1):
IP-1 Ethernet 100/100 Mbits/s with IP address: 80.80.80.1;
“Abilis 2” (ABILIS_CPX_2):
IP-2 ADSL 7/1 Mbits/s with IP address: 88.88.88.88/32;
IP-3 LTE 15/15 Mbits/s with dynamic IP.
IP-4 Ethernet 20/20 Mbits/s with dynamic IP.
First, add a new resource on both Abilis:
[15:39:45] ABILIS_CPX_1:a res:ip-5 subtype:aipt2COMMAND EXECUTED [15:40:12] ABILIS_CPX_1:d p ip-5RES:Ip-5 - Not Running, Not Saved (SAVE CONF) --------------------------------- - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- New DESCR: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY: LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY: REMPORT:# C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:1 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | NOMAX AUTO OUT-IP #
[15:40:45] ABILIS_CPX_2:a res:ip-5 subtype:aipt2COMMAND EXECUTED [15:40:52] ABILIS_CPX_2:d p ip-5RES:Ip-5 - Not Running, Not Saved (SAVE CONF) --------------------------------- - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- New DESCR: OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY: LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY: REMPORT:# C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:1 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 | NOMAX AUTO OUT-IP #
| Warning |
|---|---|
Save the configuration with the command save conf and restart the Abilis with the command warm start. |
The most important parameters to configure are:
DESCR: description of the resource.
ROLE: tunnel role
[CLIENT, SERVER].
MPx: multipath bundle identifier.
Tunnel authentication:
REMABILIS-ID: Abilis-ID that must match
the one provided by the remote peer.
LOCKEY: Identification key to send to
remote peer.
REMKEY: Identification key that must
match the one provided by the remote peer.
| Tip |
|---|---|
To authenticate a tunnel AIPT2 between 2 Abilis we must
configure |
CR: Encryption/Decryption activation. Usage
of encryption is useful to increase the security of data
transmission.
REMPORT: UDP port number of the remote
Abilis.
| Important |
|---|---|
Only for
|
NUMPATHS: Number of paths.
LOCIPx: IP address of the local
Abilis.
REMIPx: IP address of the remote
Abilis.
| Tip |
|---|---|
The above parameters must mirror each other (i.e. The value
of |
OUTSPx: Speedlimit, in kbit/sec applied to
the path.
NAT: NAT usage.
NEIGH: IP address of the neighbour
router.
MASK: Mask in DDN.
[16:15:31] ABILIS_CPX_1:s p ip-5 descr:To_Abilis_2 nat:inside role:server lockey:abilis1 remkey:abilis2 numpaths:3 locip1:80.80.80.1 locip2:80.80.80.1 locip3:80.80.80.1COMMAND EXECUTED [16:15:31] ABILIS_CPX_1:s p ip-5 remip1:88.88.88.88 outsp1:7000 outsp2:15000 outsp3:20000 neigh:192.168.1.1 mask:255.255.255.0 mp1:a mp2:a mp3:aCOMMAND EXECUTED [16:25:46] ABILIS_CPX_1:d p ip-5RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_2 OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.000 NEIGH:192.168.001.001 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:INSIDE UPNP:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:SERVER CR:NO COMP:NO FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis1 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis2 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 |A 7000 AUTO 080.080.080.001 088.088.088.088 2 |A 15000 AUTO 080.080.080.001 * 3 |A 20000 AUTO 080.080.080.001 *
[16:31:35] ABILIS_CPX_2:s p ip-5 descr:To_Abilis_1 nat:inside remport:4005 lockey:abilis2 remkey:abilis1 numpaths:3 locip1:88.88.88.88 locip2:ip-3 locip3:ip-4COMMAND EXECUTED [16:31:35] ABILIS_CPX_2:s p ip-5 remip1:80.80.80.1 remip2:80.80.80.1 remip3:80.80.80.1 outsp1:1000 outsp2:15000 outsp3:20000 neigh:192.168.0.1 mask:255.255.255.0 mp1:a mp2:a mp3:aCOMMAND EXECUTED [16:31:43] ABILIS_CPX_2:d p ip-5RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------ - Abilis IP tunnel v.2 (AIPT2) ----------------------------------------- Run DESCR:To_Abilis_1 OPSTATE:UP LOG:NO STATE-DETECT:NORMAL IPADD:000.000.000.000 MASK:255.255.255.000 NEIGH:192.168.000.001 REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO NAT:INSIDE UPNP:NO DIFFSERV:NO DDNS:NO OUTBUF:250 OUTQUEUE:FAIR MTU:1500 OUTSPL:NO INBUF:0 mru:1500 SRCV:NO - TRFA section --------------------------------------------------------- TRFA:NO - IP Tunnel ------------------------------------------------------------ ROLE:CLIENT FRAGSIZE:1480 TRY:5 TOUT:5000 LOCKEY:abilis2 LOCPORT:4005 C-TOS:0-D DLY-UP:10 THR-DN:30 REMKEY:abilis1 REMPORT:4005 C-IPCOS:HIGH DLY-TOUT:3 REMABILIS-ID: RS-BUF:250 D-TOS:0-N BURST:1 NUMPATHS:3 REORDER:AUTO D-IPCOS:COPY BURST-DLY:100 - IP Tunnel Paths ------------------------------------------------------ x MPx: OUTSPx: OUTx: LOCIPx: REMIPx: DEPx: GWx: SPL-OVHx: --+----+-------+------+---------------+--------------------------------- 1 |A 1000 AUTO 088.088.088.088 080.080.080.001 2 |A 15000 AUTO Ip-3 080.080.080.001 3 |A 20000 AUTO Ip-4 080.080.080.001
| Tip |
|---|---|
Execute the initialization command init res:ip-5. |
Now the configuration of the VPN is completed.
| Warning |
|---|---|
Save the configuration with the command save conf. |
| Tip |
|---|---|
Interesting chapters: Section 47.4.3, “Using HTTP for showing IP TRFA statistics”. |
| |  | |
| 43.2. AIPT2 resource parameters |  | 43.4. AIPT2 diagnostics, statistics, logs and debug |