In this post we will be covering what an EOIP tunnel is on a MikroTik router and what the uses are for it. I have already created a very in-depth video on the subject which you can watch below. If you enjoy the video please consider liking it, sharing it with your friends and subscribing to my YouTube channel.

What is EOIP?

EOIP is a protocol which is proprietary to MikroTik. It works very similar to a VPLS tunnel which allows us to broadcast mac-addresses over the EOIP tunnel as well as VLAN headers. What makes EOIP useful is the fact that you can use this over a Layer 3 connection. As long as your two MikroTik routers can communicate over an IP level they will be able to create an EOIP tunnel in order to effectively bridge the equipment.

EOIP Drawbacks

Even though EOIP can be very useful and allows us to form these bridges over Layer 3 it has some drawbacks as well.

EOIP makes use of GRE in order to establish the tunnel connection. Whenever we use GRE we need to account for the extra 24 byte overhead to our packet payloads. If anywhere between the routers there is an MTU issue or bigger MTU sizes are not supported you may face issues with the EOIP tunnel where it might not come up at all or it will not be very stable at all.

I personally only use these types of tunnels within my own network where I can be certain that there will not be any MTU issues.

EOIP Configuration

The configuration process is quite straight forward, I will be configuring EOIP between two routers inside of GNS with an third router between the devices acting as the "internet".

The routers will make use of the following WAN IP addresses:

169.254.255.2 - CE1
169.255.254.2 - CE2

EOIP_TOPOLOGY

CE1 Configuration:

  1. Interfaces -> EOIP Tunnel -> "+"
    Name: EOIP-TUNNEL-TO-CE2
    Remote Address: 169.255.254.2
    Tunnel ID: 101
    Apply and OK the interface
  2. Bridge -> "+"
    Name: EOIP-BRIDGE-TO-CE2
    Apply and OK the bridge
  3. Bridge -> Ports -> "+"
    Interface = EOIP-TUNNEL-TO-CE2
    Bridge = EOIP-BRIDGE-TO-CE2
  4. Bridge -> Ports -> "+"
    Interface = ether5
    Bridge = EOIP-BRIDGE-TO-CE2

We start off by navigating to the Interfaces and selecting the EOIP tab, we will then click on the add button where we will get a popup to create a new interface.

In this interface we will define a name for the EOIP tunnel, we will also be specifying the remote address which will be the WAN IP of the router we are connecting to and finally a tunnel ID, the ID can be anything however this NEEDS TO MATCH on both sides. Think of this similar to how an IPSEC proposal works.

We then create a bridge where we place the EOIP tunnel interface inside of as well as any other ports we would like to broadcast over the EOIP tunnel, in our example we bridged ether5 and the EOIP tunnel.

CE2 Configuration:

  1. Interfaces -> EOIP Tunnel -> "+"
    Name: EOIP-TUNNEL-TO-CE1
    Remote Address: 169.254.255.2
    Tunnel ID: 101
    Apply and OK the interface
  2. Bridge -> "+"
    Name: EOIP-BRIDGE-TO-CE1
    Apply and OK the bridge
  3. Bridge -> Ports -> "+"
    Interface = EOIP-TUNNEL-TO-CE1
    Bridge = EOIP-BRIDGE-TO-CE1
  4. Bridge -> Ports -> "+"
    Interface = ether5
    Bridge = EOIP-BRIDGE-TO-CE1

The configuration for CE2 will be exactly the same, again I want you to think of an EOIP tunnel similar to an IPSEC one. We are just able to send things like mac-addresses and VLANs over the tunnel.

If you want to bring a VLAN over the tunnel you simply need to add the VLAN you want to broadcast to the bridge where the EOIP tunnel is located.

Categories: MikroTik

Admin bar avatar

The Network Berg

Network solutions specialist with over 12 years of experience in the computer networking landscape. Involved with solution design, project planning and implementations on Enterprise and ISP networks.

4 Comments

Daryl Farell · September 29, 2019 at 5:25 pm

you’ve gotten a great weblog right here! would you like to make some invite posts on my blog?

    Admin bar avatar

    The Network Berg · October 2, 2019 at 10:10 am

    Hey Daryl,

    Sure thing, I could do some guest posts on your blog if there is anything in the IT world that you have an interest in 🙂

Andrew · November 15, 2019 at 3:55 pm

Excellent blog thanks. Very interested to know if this works with more than two routers. For instance if you’ve 3 or more microtik or sites wanting access to the same lan segment? multi point rather than point to point. Essentially would like to dedicate a router port at each of our sites to become an up link to a common segment. Suppose once set up there is no problem in using tagged vlans through it?

    Admin bar avatar

    The Network Berg · November 15, 2019 at 4:21 pm

    Hey Andrew, yes that is very possible. The biggest use-case for this is to span the same lan segment across different data centres. Configurationwise it’s all pretty much the same, you will still create an EOIP tunnel to a central router and all you need to do is add this tunnel to the same bridge, this way ethernet frames can pass across the two EOIP tunnels as well. Now you’ll have the same lan segment spanned between 2, 3 ,4 or more locations 🙂

Comments are closed.