Connecting Multiple Offices To The Main Office Using Mikrotik EOIP.

In this Lab, I will be sharing with us my jobs on how to deploy eiop in a hub and spoke topology to connect multiple branch offices to the Main Office.
This is a set up I have done for my customers, for this reason you got to be very attentive and carefully follow my steps, change you IP where necessary but stick to the procedures, I assure you that you will not find it difficult implementing this technology.

I will be personally dealing with network administrators, who are administering networks with many branch offices that are connected together via one ISP circuit, and if you are so lucky, your ISP is using Mikrotik brand equipments, setting up eoip, or mpls tunnels to link your branches for me will be much easier. In this demonstration, we will be connecting three branch offices to the HQ. Since we are using physical interfaces, the number of sites will be a determining factor in choosing the type of Mikrotik router that will used for this project.

With that in mind, I will be using the RB750 with 5 dedicated ports. The eoip router (RB750) are configured and managed by the ISP. This demonstration shows want goes on in that ISP cloud.

We will be using the Network Topology Above

Lab objective
Use eoip to provide our client with a circuit that connects all three branches to the HQ. Our solution will aid on file sharing and collaboration among offices, reduce operational expenses and help increase productivity.

Mikrotik EOIP Implementation.

On the hub (Mikrotik RB750 attached to the HQ), we will configure ether2 to provide internet at the HQ, ether3 will be layer2 connection to branch1, ether4 will provide layer2 connection to branch2, and ether5 will be configured to provide layer2 connection to branch3. See commands below:

[admin@Hub] > ip add add address=201.2.2.1/30 interface=ether2 comment=internet_at_HQ

[admin@Hub] >ip route add dst=0.0.0.0 gateway=ether1

Next, Mikrotik eoip configuration on the Hub.

Configuring Mikrotik eoip on the hub to connect multiple bracches

[admin@Hub] interface eoip> add name=”eoip-to-branch1″ tunnel-id=10 remote-address=1.1.1.2

[admin@Hub] interface eoip> enable eoip-to-branch1

[admin@Hub] interface eoip> add name=”eoip-to-branch2″ tunnel-id=20 remote-address=2.2.2.2

[admin@Hub] interface eoip> enable eoip-to-branch2

[admin@Hub] interface eoip> add name=”eoip-to-branch3″ tunnel-id=30 remote-address=3.3.3.2

[admin@Hub] interface eoip> enable eoip-to-branch3

Next, we create bridges and add an eiop interface and the corresponding ports on the RB750 to each bridge. See below.

[admin@Hub] interface bridge> add name=bridge1

[admin@Hub] interface bridge> port add bridge=bridge1 interface=eoip-to-branch1

[admin@Hub] interface bridge> port add bridge=bridge1 interface=ether3

[admin@Hub] interface bridge> add name=bridge2

[admin@Hub] interface bridge> port add bridge=bridge1 interface=eoip-to-branch2

[admin@Hub] interface bridge> port add bridge=bridge1 interface=ether4

[admin@Hub] interface bridge> add name=bridge3

[admin@Hub] interface bridge> port add bridge=bridge1 interface=eoip-to-branch3

[admin@Hub] interface bridge> port add bridge=bridge1 interface=ether5

Next is to configure the spokes at all branches.

EOIP configuration on Spoke1

[admin@spoke1] interface eoip> add name=”eoip-to-HQ” tunnel-id=10 remote-address=1.1.1.1

[admin@Spoke1] interface eoip> enable eoip-to-HQ[admin@Spoke1] interface bridge> add name=bridge1

[admin@Spoke1] interface bridge> port add bridge=bridge1 interface=eoip-to-HQ

[admin@Spoke1] interface bridge> port add bridge=bridge1 interface=ether2

Eiop configuration on Spoke2

[admin@spoke2] interface eoip> add name=”eoip-to-HQ” tunnel-id=20 remote-address=2.2.2.1

[admin@Spoke2] interface eoip> enable eoip-to-HQ

[admin@Spoke2] interface bridge> add name=bridge1

[admin@Spoke2] interface bridge> port add bridge=bridge1 interface=eoip-to-HQ

[admin@Spoke2] interface bridge> port add bridge=bridge1 interface=ether2

Eiop configuration on Spoke3

[admin@spoke3] interface eoip> add name=”eoip-to-HQ” tunnel-id=30 remote-address=3.3.3.1

[admin@Spoke3] interface eoip> enable eoip-to-HQ

[admin@Spoke3] interface bridge> add name=bridge1

[admin@Spoke3] interface bridge> port add bridge=bridge1 interface=eoip-to-HQ

[admin@Spoke3] interface bridge> port add bridge=bridge1 interface=ether2

Note that on the spoke routers, ether1 is configured to connect to the ISP cloud while ether2, shown in the configuration is used to deliver layer2 services.

Finally, we configure the HQ router to provide connectivities to all branches via the ISP-delivered layer2 links. Four cables will be dropped by the ISP at the HQ; one for internet (layer3) and three for layer2 connectivities to be branches.

[admin@HQ] > ip add add address=201.2.2.2/30 interface=ether1 comment=layer3-link

[admin@HQ] >ip route add dst=0.0.0.0 gateway=ether1

[admin@HQ] > ip firewall nat add out-interface=ether1 action=masquerade

[admin@HQ] > ip add add address=192.168.1.1/24 interface=ether2 comment=HQ_LAN

[admin@HQ] > ip add add address=192.168.2.1/24 interface=ether3 comment=Branch1_LAN

[admin@HQ] > ip add add address=192.168.3.1/24 interface=ether4 comment=Branch2_LAN

[admin@HQ] > ip add add address=192.168.4.1/24 interface=ether5 comment=Branch3_LAN

We will also configre dhcp servers on the HQ to provide IP addresses for hosts on the HQ LAN and those connected to the switches at all branches.

DHCP Configuration on the HQ router

At this stage, we configure four dhcp servers to handle IP address leasing for HQ_LAN and all brach offices networks. See below.

[admin@HQ] ip dhcp-server> setup

Select interface to run DHCP server on

dhcp server interface: ether2

Select network for DHCP addresses

dhcp address space: 192.168.1.0/24

Select gateway for given network

gateway for dhcp network: 192.168.1.1

Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.1.2-192.168.1.254

Select DNS servers

dns servers: 192.168.1.1

Select lease time

lease time: 3d

[admin@HQ] ip dhcp-server>

Repeat steps for the branch offices.