Categories
StudyAgenda
What is GRE?
Why we need GRE?
How to configure GRE and how it works?
Practical scenario
Tunneling is a mechanism where we encapsulate a packet into another packet. Basically we can think tunneling as adding or removing protocol header.
GRE (Generic Routing Encapsulation)
GRE is a tunneling protocol originally developed by Cisco that encapsulates various network protocols inside virtual point-to-point tunnel over public network.
Basically GRE is used to encapsulate network protocols into IPv4/IPv6 mean transport is either IP or IPV6.
Unlike IPsec, which only supports unicast traffic, GRE supports multicast and broadcast traffic over the tunnel link. Therefore, routing protocols are supported in GRE. GRE does not provide encryption.
Encapsulation and De-Encapsulation on the Router:
Encapsulation—A router operating as a tunnel source router encapsulates and forwards GRE packets as follows:
| Delivery/Transport Header | GRE Header | Payload |
| IP=20byte, IPv6=40byte | 4byte (Default) | Protocol Header +Data |
| Remember GRE header is variable in length, from 4 to 16 bytes, depending on which optional features have been enabled. | ||
- When a router receives a data packet (payload) on or sourcedfrom Router to be tunneled then a routing decision is made and it sends the packet to the tunnel interface.
- The tunnel interface encapsulates the Payload in a GRE header and New Transport Protocols (either IP or IPv6) header.
- Now this new packet is forward on the basis of its destination address and routing information means second routing decision is made to determine the new packet’s outbound interface based on outermost Header.
De-encapsulation
A router operating as a tunnel remote router handles GRE packets as follows:
- When the destination router receives the packet from the physical interface, the router checks the destination address and determines destination belongs to me.
- The router recognizes the destination address and GRE header as belonging to the tunnel interface. The tunnel interface removes the outer transport and GRE headers, and the original Payload is sent back to the router.
- A second routing decision is performed based on the original destination Address and payload packet will be forwarded to the appropriate physical interface.
Why do we need GRE?
GRE would be an effective solution in a situation in which we have multiple remote sites connected by an ISP network. We want the communication between these remote sites. GRE tunnel provide communication between sites over the ISP network or public transport.
GRE would be an effective solution in a situation in which we have two sites with IPv6 addresses connected by an ISP. We want the communication between these remote sites. GRE tunnel provide communication between sites over the ISP network or public transport.
Configuration:
- Setup the basic connectivity and check tunnel destination is reachable.
- Create a Tunnel interface and assign addresses.
3.Define Tunnel source and destination.
4. Define tunnel mode I mean transport protocol.
| Eva-jpr-wr01#sh run int fa0/0
Building configuration… Current configuration : 132 bytes ! interface FastEthernet0/0 description LAN_Connnect_Eva-jpr-as01 ip address 10.0.11.1 255.255.255.0 speed 100 full-duplex end Eva-jpr-wr01#sh run int fa0/1 Building configuration… Current configuration : 118 bytes ! interface FastEthernet0/1 description ISP_1.1.1.2 ip address 1.1.1.1 255.255.255.252 speed 100 full-duplex end Eva-jpr-wr01#sh run | sec ospf router ospf 1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 Eva-jpr-wr01#sh run int tu0 Building configuration… Current configuration : 124 bytes ! interface Tunnel0 ip address 192.168.0.1 255.255.255.252 tunnel source FastEthernet0/1 tunnel destination 2.2.2.1 end Eva-jpr-wr01# |
eva-bgp-wr01#sh run int fa0/1
Building configuration… Current configuration : 132 bytes ! interface FastEthernet0/1 description LAN_Connnect_Eva-bgl-as01 ip address 10.0.21.1 255.255.255.0 speed 100 full-duplex end eva-bgp-wr01#sh run int fa0/0 Building configuration… Current configuration : 118 bytes ! interface FastEthernet0/0 description ISP_2.2.2.2 ip address 2.2.2.1 255.255.255.252 speed 100 full-duplex end eva-bgp-wr01#sh run | sec ospf router ospf 1 log-adjacency-changes network 2.2.2.1 0.0.0.0 area 0 eva-bgp-wr01#sh run int tu0 Building configuration… Current configuration : 124 bytes ! interface Tunnel0 ip address 192.168.0.2 255.255.255.252 tunnel source FastEthernet0/0 tunnel destination 1.1.1.1 end eva-bgp-wr01# |
||
We are using EIGRP for LAN communication
ISP router config: router ospf 1 log-adjacency-changes network 1.1.1.2 0.0.0.0 area 0 |
|||
See the capture from eve-jpr-wr01 when ping to 10.0.21.2.
How to overcome recursive routing issue while using GRE tunnels?
As we know Tunnel interface status depends on the IP reachability to the tunnel
destination.
Right now Tunnel Destination (Which is 2.2.2.1 of eva-jpr-wr01 and 1.1.1.1 are of
eva-bgl-wr01 ) are learned via ospf
We are running EIGRP for LAN interfaces and tunnel interface. But what happened
if accidently/wrongly we enabled EIGRP for WAN interface means EIGRP will start
advertising the WAN interfaces on both routers and soon router will update it’s
routing table and will install EIGRP routes for 1.1.1.0/30 and 2.2.2.0. EIGRP has
less AD compare to OSPF so we are learning Tunnel Destination (1.1.1.0/30 or
2.2.2.0/30)From Tunnel itself which leads tunnel down with below error.
so while implementing GRE do remember below:
Ø Don’t advertise public IP’s while configuring IGP between customer/site routers.
Ø GRE works on protocol 47 so we need to ensure that it’s not blocked across the tunnel path.