My Ethernet mind: tunnel

Wednesday, July 11, 2012

How to configure GRE tunnel between Cisco IOS and Linux

Let’s have the following scenario:

Both nodes are connected through the internet, here in my example, using private IP.

On the Cisco device, Fa0/0 is the WAN interface with the following configuration:

interface Tunnel1

description TO-LINUX-SERVER

ip address 192.168.10.2 255.255.255.252

ip mtu 1436

tunnel source Fastethernet 0/0

tunnel destination 172.16.0.2

Where tunnel source is the IP of the Cisco router, tunnel destination is the IP of the Linux server and 192.168.10.2 is the IP of the tunnel.

On the Linux server ETH0 is the WAN interface which connected to the internet

modprobe ip_gre

ip tunnel add gre_tun0 mode gre remote 10.0.0.2 local 172.16.0.2 ttl 255

ip tunnel ls

ip link ls dev gre_tun0

ip link set gre_tun0 up

ip link ls dev gre_tun0

ip addr add 192.168.10.1/30 dev gre_tun0

ip addr ls dev gre_tun0

ifconfig gre_tun0 mtu 1380

Modeprobe runs the module for GRE; ip tunnel creates the tunnel with gre_tun0 as the name for the tunnel. Remote and local are the same as source and destination.

In order to configure the GRE tunnel permanently and to make sure it will be configured after reload of the server use the following:

Vi /etc/rc.local

And add the configuration to the file:

#!/bin/sh

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don't

# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

modprobe ip_gre

#GRE Tunnel CONFIG

modprobe ip_gre

ip tunnel add gre_tun0 mode gre remote 10.0.0.2 local 172.16.0.2 ttl 255

ip tunnel ls

ip link ls dev gre_tun0

ip link set gre_tun0 up

ip link ls dev gre_tun0

ip addr add 192.168.10.1/30 dev gre_tun0

ip addr ls dev gre_tun0

ifconfig gre_tun0 mtu 1380

"/etc/rc.local" 32L, 1051C

Don’t forget to type wq! to save the file.

Remember that GRE stands for General Routing Encapsulation and It’s not encrypting or protecting the data from eavesdrop eyes. The encapsulation itself adds 24 bytes to the IP packet and (4 bytes for the GRE protocol and 20 bytes for one more IP header)

Saturday, June 23, 2012

IPv4 over IPv6

Another LAB:

Note that R4 is not relevant for this post and will be used later on.

R2, R3 and R5 are all configured with IPv6 address and running EIGRP AS100,

the basic IPv6 EIGRP configuration on each router is basiclly the same beside the IPv6 addresses:

R2:

ipv6 unicast-routing

!

int s2/0

ipv6 address 2001:23::2/112

ipv6 eigrp 100

!

ipv6 router eigrp 100

eigrp router-id 2.2.2.2

no shutdown

pay attention not to forget the no shutdown under the IPv6 EIGRP process else the EIGRP process will not run and % EIGRP 100 is in SHUTDOWN message will be shown while trying to see neighbors.

R2 and R1 are directly connected with IPv4 and running OSPF(v2), R2 is advertising default-route originate always to R1 and pretty much the same for R5 and R6.

Now my goal is to connect R1 and R6 to share the same routing information using OSPF as routing protocol.

i have configured an IPv6 tunnel from R2 to R5, as IPv6 source and destination and used IPv4 as inner IP addresses for the tunnel.

R2:

interface Tunnel0
 ip address 192.168.1.2 255.255.255.252
 tunnel source 2001:23::2
 tunnel destination 2001:35::5
 tunnel mode gre ipv6

R5:

interface Tunnel0
ip address 192.168.1.1 255.255.255.252
tunnel source 2001:35::5
tunnel destination 2001:23::2
tunnel mode gre ipv6

this tunnel allowed me to run OSPF between R1 and R6:

R1#sh ip route ospf
     10.0.0.0/24 is subnetted, 2 subnets
O       10.1.45.0 [110/1002] via 10.1.12.2, 00:09:38, FastEthernet0/0
     192.168.1.0/30 is subnetted, 1 subnets
O       192.168.1.0 [110/1001] via 10.1.12.2, 00:09:38, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 10.1.12.2, 00:09:38, FastEthernet0/0

Search This Blog

Wednesday, July 11, 2012

How to configure GRE tunnel between Cisco IOS and Linux

Saturday, June 23, 2012

IPv4 over IPv6