IPIP tunnel in the Netbox

[Robert Penz]

Hi!

We've IPIP tunnels running between routers which need a local and remote address in the underlay networks (so the tunnel gets established). On top of the IPIP tunnel there is a local and remote address in the tunnel. I can easily configure the second set of IP addresses in the Netbox, but what is the Netbox way to configure the IP addresses needed to establish the tunnel itself.

A custom field in the IPIP tunnel interface with the local address would solve it but first it is not possible and secondly it would only be a text field.

On a Mikrotik router it looks like this

/interface ipip add local-address=10.0.0.1 remote-address=10.0.1.1 name=tunnelBlabla

/ip address add address=10.4.4.1/30 interface=tunnelBlabla

ps: I see the same problem with a wireguard or eoip/gre tunnel.

pps: If you're interested why we need an IPIP tunnel. Easily! A IPsec tunnel can not be used for OSPF, so using a IPIP tunnel encrypted with IPsec solves the problem. ECMP Routing with failover if one connection (over a provider) dies - works like a charm. :-)

How should I configure that in the Netbox, thx for your advices!

Regards,

Robert

[Brian Candler]

IPSEC VTI interfaces also have the same issue.  Personally, I record only the interface internal address (10.4.4.1/30 in your example) as the interface address.  The remote site is implied by the tunnel name, or the details are in the description field.

Custom fields for interfaces will be available shortly in Netbox v2.11: see #5401.  You can try them out at https://beta.netbox.dev/.  You are correct that "IP address" is not one of the custom field value types, although you could write a regex which does a reasonable job of validating IPv4 and IPv6 addresses.  You can make a drop-down to select IPIP, EoIP, GRE, VTI, Wireguard etc.

[Robert Penz]

We generate our configs from Netbox. For our switches we've a zero touch deployment. With custom scripts in the Netbox you create a new location with a few basis values ask from the user, the rest is calculated and configured in the Netbox. Now you can make some special case changes if needed. Then you get the switch out of the box, scan the QR code on them, set the serial in the Netbox and power the switch up. It will get the firmware, bootrom, and configuration as defined in the Netbox. Works also with stacks and MLAG.  Now we want to do the same for the routers and there we've the ipip problem, with a custom field we're happy - thx for the info.