-
Notifications
You must be signed in to change notification settings - Fork 331
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #33 from mic54/master
Restructured Tunnel Interface added GRE
- Loading branch information
Showing
2 changed files
with
115 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| .. _interfaces-tunnel: | ||
|
|
||
| Tunnel Interfaces | ||
| ================= | ||
|
|
||
| Generic Routing Encapsulation (GRE) | ||
| ----------------------------------- | ||
|
|
||
| A GRE tunnel operates at layer 3 of the OSI model and is repsented by IP protocol 47. The | ||
| main benefit of a GRE tunnel is that you are able to route traffic across disparate networks. | ||
| GRE also supports multicast traffic and supports routing protocols that leverage multicast to | ||
| form neighbor adjacencies. | ||
|
|
||
| Configuration | ||
| ^^^^^^^^^^^^^ | ||
|
|
||
| A basic configuration requires a tunnel source (local-ip), a tunnel destination (remote-ip), | ||
| an encapsulation type (gre), and an address (ipv4/ipv6). Below is a configuration example | ||
| taken from a VyOS router and a Cisco IOS router. The main difference between these two | ||
| configurations is that VyOS requires you explicitly configure the encapsulation type. | ||
| The Cisco router defaults to 'gre ip' otherwise it would have to be configured as well. | ||
|
|
||
| **VyOS Router:** | ||
|
|
||
| .. code-block:: sh | ||
| set interfaces tunnel tun100 address '10.0.0.1/30' | ||
| set interfaces tunnel tun100 encapsulation 'gre' | ||
| set interfaces tunnel tun100 local-ip '198.18.0.2' | ||
| set interfaces tunnel tun100 remote-ip '198.18.2.2' | ||
| **Cisco IOS Router:** | ||
|
|
||
| .. code-block:: sh | ||
| interface Tunnel100 | ||
| ip address 10.0.0.2 255.255.255.252 | ||
| tunnel source 198.18.2.2 | ||
| tunnel destination 198.18.0.2 | ||
| Troubleshooting | ||
| ^^^^^^^^^^^^^^^ | ||
|
|
||
| GRE is a well defined standard that is common in most networks. While not inherently difficult | ||
| to configure there are a couple of things to keep in mind to make sure the configuration performs | ||
| as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall | ||
| configurations that are discarding IP protocol 47 or blocking your source/desintation traffic. | ||
|
|
||
| **1. Confirm IP connectivity between tunnel local-ip and remote-ip:** | ||
|
|
||
| .. code-block:: sh | ||
| vyos@vyos:~$ ping 198.18.2.2 interface 198.18.0.2 count 4 | ||
| PING 198.18.2.2 (198.18.2.2) from 198.18.0.2 : 56(84) bytes of data. | ||
| 64 bytes from 198.18.2.2: icmp_seq=1 ttl=254 time=0.807 ms | ||
| 64 bytes from 198.18.2.2: icmp_seq=2 ttl=254 time=1.50 ms | ||
| 64 bytes from 198.18.2.2: icmp_seq=3 ttl=254 time=0.624 ms | ||
| 64 bytes from 198.18.2.2: icmp_seq=4 ttl=254 time=1.41 ms | ||
| --- 198.18.2.2 ping statistics --- | ||
| 4 packets transmitted, 4 received, 0% packet loss, time 3007ms | ||
| rtt min/avg/max/mdev = 0.624/1.087/1.509/0.381 ms | ||
| **2. Confirm the link type has been set to GRE:** | ||
|
|
||
| .. code-block:: sh | ||
| vyos@vyos:~$ show interfaces tunnel tun100 | ||
| tun100@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000 | ||
| link/gre 198.18.0.2 peer 198.18.2.2 | ||
| inet 10.0.0.1/30 brd 10.0.0.3 scope global tun100 | ||
| valid_lft forever preferred_lft forever | ||
| inet6 fe80::5efe:c612:2/64 scope link | ||
| valid_lft forever preferred_lft forever | ||
| RX: bytes packets errors dropped overrun mcast | ||
| 2183 27 0 0 0 0 | ||
| TX: bytes packets errors dropped carrier collisions | ||
| 836 9 0 0 0 0 | ||
| **3. Confirm IP connectivity across the tunnel:** | ||
|
|
||
| .. code-block:: sh | ||
| vyos@vyos:~$ ping 10.0.0.2 interface 10.0.0.1 count 4 | ||
| PING 10.0.0.2 (10.0.0.2) from 10.0.0.1 : 56(84) bytes of data. | ||
| 64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=1.05 ms | ||
| 64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=1.88 ms | ||
| 64 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=1.98 ms | ||
| 64 bytes from 10.0.0.2: icmp_seq=4 ttl=255 time=1.98 ms | ||
| --- 10.0.0.2 ping statistics --- | ||
| 4 packets transmitted, 4 received, 0% packet loss, time 3008ms | ||
| rtt min/avg/max/mdev = 1.055/1.729/1.989/0.395 ms | ||
| Virtual Tunnel Interface (VTI) | ||
| ------------------------------ | ||
|
|
||
| Set Virtual Tunnel Interface | ||
|
|
||
| .. code-block:: sh | ||
| set interfaces vti vti0 address 192.168.2.249/30 | ||
| set interfaces vti vti0 address 2001:db8:2::249/64 | ||
| Results in: | ||
|
|
||
| .. code-block:: sh | ||
| vyos@vyos# show interfaces vti | ||
| vti vti0 { | ||
| address 192.168.2.249/30 | ||
| address 2001:db8:2::249/64 | ||
| description "Description" | ||
| } |
This file was deleted.
Oops, something went wrong.