GRE Tunnels Features and Configuration
This section describe the purpose and benefits of GRE tunnels. It also teaches how to configure a GRE site to site tunnel on a Ciso Router with compete configurations commands.WHAT IS GRE Tunnels
Generic routing encapsulation (GRE) is an example of a basic and non-secure site-to-site VPN tunneling protocol. GRE is a tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types within IP tunnels, which creates a virtual point-to-point link to Cisco routers at remote points through an IP internetwork.GRE is designed to manage the transport of multiprotocol and IP multicast traffic between two or more sites, which probably only have IP connectivity. It can encapsulate various types of protocol packet within an IP tunnel.
As shown in the illustration, a tunnel interface supports a header for each of the following protocols:
- An encapsulated protocol (or passenger protocol), such as IPv4, IPv6, AppleTalk, DECnet or IPX
- An encapsulation (or carrier) protocol, such as GRE
- A transport delivery protocol, such as IP, which is the protocol that transports the encapsulated protocol
GRE Features and Characteristics
The IP tunneling that GRE uses enables network expansion through a unique protocol backbone environment. This is achieved by connecting multiprotocol subnets in a single protocol backbone environment.The characteristics of GRE are the following:
- GRE is defined as an IETF standard (RFC 2784).
- In the external IP header, the number 47 is used in the protocol field to indicate that what follows is a GRE header.
- GRE encapsulation uses a protocol type field in the GRE header to support encapsulation of any layer 3 protocol of the OSI model. Protocol types are defined in RFC 1700 as "EtherTypes."
- GRE itself has no status; By default, it does not include any flow control mechanism.
- GRE does not include any solid security mechanism to protect its content.
- The GRE header, together with the IP tunneling header shown in the illustration, creates at least 24 bytes of additional overhead for packets that are sent per tunnel.
GRE TUNNEL CONFIGURATION
GRE is used to create a VPN tunnel between two sites, as shown in Image.To implement a GRE tunnel, the network administrator must first discover the IP addresses of the terminals. Then, five steps must be followed to configure a GRE tunnel:
- Step 1 . Create a tunnel interface with the interface tunnel number command .
- Step 2 . Specify the source IP address of the tunnel.
- Step 3 . Specify the destination IP address of the tunnel.
- Step 4 . Configure an IP address for the tunnel interface.
- Step 5 . (Optional) Specify the GRE tunnel mode as the tunnel interface mode. The GRE tunnel mode is the default tunnel interface mode for Cisco IOS software.
GRE TUNNEL CONFIGURATION COMMANDS
A basic GRE tunnel configuration for router R1 is detailed:
R1 (config) # interface Tunnel0
R1 (config-if) # tunnel mode gre ip
R1 (config-if) # ip address 192.168.2.1 255.255.255.0
R1 (config-if) # tunnel source 209.165.201.1
R1 (config-if) # tunnel destination 198.133.219.87
R1 (config-if) # router ospf 1
R1 (config-router) # network 192.168.2.0 0.0.0.255 area 0
The R2 configuration reflects the R1 configuration:
R2 (config) # interface Tunnel0
R2 (config-if) # tunnel mode gre ip
R2 (config-if) # ip address 192.168.2.2 255.255.255.0
R2 (config-if) # tunnel source 198.133.219.87
R2 (config-if) # tunnel destination 209.165.201.1
R2 (config-if) # router ospf 1
R2 (config-router) # network 192.168.2.0 0.0.0.255 area 0
The minimum configuration requires the specification of the source and destination addresses of the tunnel. The IP subnet must also be configured to provide IP connectivity through the tunnel link.Both tunnel interfaces have the tunnel origin established in the local serial interface S0 / 0/0 and the tunnel destination established in the serial interface S0 / 0/0 of the peer router. The IP address is assigned to the tunnel interfaces on both routers. OSPF was also configured to exchange routes through the GRE tunnel.
Descriptions of individual GRE tunnel commands are shown in Figure 4.
Command | Description |
---|---|
tunnel mode gre ip | Specifies that the tunnel interface mode is GRE over IP. |
tunnel source ip_address | Specifies the source address of the tunnel. |
tunnel destination ip_address | Specify the destination address of the tunnel. |
ip address ip_address mask | Specifies the IP address of the tunnel interface. |
GRE TUNNEL VERIFICATION
There are several commands that can be used to control GRE tunnels and solve related problems. To determine if the tunnel interface is active or inactive, use the show ip interface brief command .To verify the status of a GRE tunnel, use the show interface tunnel command .
The line protocol on a GRE tunnel interface remains active as long as there is a route to the tunnel destination. Before implementing a GRE tunnel, IP connectivity must already be operational between the IP addresses of the physical interfaces at opposite ends of the potential GRE tunnel. The tunnel transport protocol is shown in the result.
If OSPF was also configured to exchange routes through the GRE tunnel, verify that an OSPF adjacency has been established through the tunnel interface with the show ip ospf neighbor command . In Figure 2, note that the interconnection address for the OSPF neighbor is in the IP network created for the GRE tunnel.
CONCLUSION
GRE is considered a VPN because it is a private network that is created with tunneling through a public network. Through encapsulation, a GRE tunnel creates a virtual point-to-point link to Cisco routers at remote points through an IP internetwork.- The advantages of GRE are that it can be used to channel non-IP traffic through an IP network, which allows network expansion by connecting multiprotocol subnets in a single protocol backbone environment.
- In addition, GRE supports IP multicast tunneling. This means that routing protocols can be used through the tunnel, which enables the dynamic exchange of routing information in the virtual network.
- Finally, it is common to create GRE IPv6 tunnels through IPv4, where IPv6 is the encapsulated protocol and IPv4 is the transport protocol. In the future, these functions are likely to be reversed when IPv6 becomes the standard IP protocol function.
However, GRE does not provide encryption or any other security mechanism. Therefore, the data that is sent through a GRE tunnel is not secure. If secure data communication is required, VPN networks with IPsec or SSL must be configured.
No comments:
Post a Comment