Today I will be showing you an application of GRE tunnels as well as how to configure them. GRE is yet another tunneling protocol only this time, it doesn’t support encryption (in contrast to IPSec & L2TP). As with any tunneling protocol, it allows you to create an overlay over an existent routed network. You can use GRE to encapsulate  protocols such as IPv4, IPv6, IPSec, MPLS and few more – let’s see a practical example.

Take a look at the network diagram below:

gre-01

Let’s make the following assumption:

  1. Both sites have routed Internet access through the core;
  2. HSRP is running on both LANs, SiteB1 and EdgeA routers being the primary routers
  3. You do not have access to the core
  4. The two sites do not currently communicate to one another
  5. The LAN ranges must not be advertised to the CORE routers; in fact, the core would be filtering them anyway
  6. The core is MPLS based, however, engineers at both sites do not have control over the CORE (PE) routers
  7. The CE routers (SiteB1, SiteB2, EdgeA and EdgeB) do not have VPN capabilities

Problem: You need to put in place a quick way of connecting the two sites together; you don’t have time to contact the CORE engineers so they set up a nice L3VPN or something similar – you just need to get this done yourself! You cannot setup an IPSec VPN tunnel either due to a previous bug discovered on the IOS version currently installed on the routers.

Solution: Certainly, one way of achieving this is using GRE tunnelling. So let’s do this … flip over to the next tab!

In this case, we will actually take advantage of the WAN resiliency already in place and setup multiple GRE tunnels; we will also use /31 for the point to point links (tunnels). Below is the topology we will end-up with:

gre-02

Providing you understand how routing works, you could simply forget that these are GRE tunnels – just look at them as if they were point-to-point links. We will then setup dynamic routing over these links and advertise the two LANs.

I. CONFIGURING THE GRE TUNNELS

SiteB1

interface Tunnel1
 ip address 10.10.10.0 255.255.255.254
 [tooltip tip="This is to acomodate space for the GRE header"]ip mtu 1400[/tooltip]
 [tooltip tip="Changing the helo interval for the tunnel; just to speed up things a little"]keepalive 1 3[/tooltip]
 tunnel source Loopback0
 tunnel destination 6.6.6.6
!
interface Tunnel2
 ip address 10.10.20.0 255.255.255.254 
 ip mtu 1400 
 keepalive 1 3 
 tunnel source Loopback0 
 tunnel destination 7.7.7.7

EdgeA

interface Tunnel1
 ip address 10.10.10.1 255.255.255.254
 ip mtu 1400
 keepalive 1 3
 tunnel source Loopback0
 tunnel destination 1.1.1.1
!
interface Tunnel2
 ip address 10.10.20.3 255.255.255.254
 ip mtu 1400
 keepalive 1 3
 tunnel source Loopback0
 tunnel destination 2.2.2.2
SiteB2

interface Tunnel1
 ip address 10.10.10.2 255.255.255.254
 ip mtu 1400
 keepalive 1 3
 tunnel source Loopback0
 tunnel destination 7.7.7.7
!
interface Tunnel2
 ip address 10.10.20.2 255.255.255.254
 ip mtu 1400
 keepalive 1 3
 tunnel source Loopback0
 tunnel destination 6.6.6.6

EdgeB

interface Tunnel1
 ip address 10.10.10.3 255.255.255.254
 ip mtu 1400
 keepalive 1 3
 tunnel source Loopback0
 tunnel destination 2.2.2.2
!
interface Tunnel2
 ip address 10.10.20.1 255.255.255.254
 ip mtu 1400
 keepalive 1 3
 tunnel source Loopback0
 tunnel destination 1.1.1.1

 

II. CONFIGURING THE OSPF over GRE

All you need to do is run the following commands and all routers:

router ospf 2
 passive-interface default
 no passive-interface Tunnel1
 no passive-interface Tunnel2
!
interface Tunnel1
 ip ospf network point-to-point
 ip ospf 2 area 0
!
interface FastEthernet0/0
 ip ospf network point-to-point
 ip ospf 2 area 0

Let’s first see the traffic flow from R11 to R10:

Host1#traceroute 192.168.2.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
 1 192.168.1.252 0 msec
 2 10.10.10.1 4 msec
 3 192.168.2.1 16 msec

To test resiliency, I’ve started a continuous ping from R11, to R10. Next, I’ve shutdown connectivity to EdgeA and waited for connectivity to failover. At last, I have then shutdown SiteB1 router – as expected, connectivity got restored after few seconds:

gre-02

Host1#ping 192.168.2.1 repeat 23423432
Type escape sequence to abort.
Sending 23423432, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..
U.U.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..U.
U.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 91 percent (1593/1750), round-trip min/avg/max = 4/20/36 ms

 


Thank you,
Signature
View Rafael A Couto Cabral's profile on LinkedIn



Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>