.. _interfaces-tunnel: Tunnel Interfaces ================= Generic Routing Encapsulation (GRE) ----------------------------------- A GRE tunnel operates at layer 3 of the OSI model and is repsented by IP protocol 47. The main benefit of a GRE tunnel is that you are able to route traffic across disparate networks. GRE also supports multicast traffic and supports routing protocols that leverage multicast to form neighbor adjacencies. Configuration ^^^^^^^^^^^^^ A basic configuration requires a tunnel source (local-ip), a tunnel destination (remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to 'gre ip' otherwise it would have to be configured as well. **VyOS Router:** .. code-block:: sh set interfaces tunnel tun100 address '10.0.0.1/30' set interfaces tunnel tun100 encapsulation 'gre' set interfaces tunnel tun100 local-ip '198.18.0.2' set interfaces tunnel tun100 remote-ip '198.18.2.2' **Cisco IOS Router:** .. code-block:: sh interface Tunnel100 ip address 10.0.0.2 255.255.255.252 tunnel source 198.18.2.2 tunnel destination 198.18.0.2 Troubleshooting ^^^^^^^^^^^^^^^ GRE is a well defined standard that is common in most networks. While not inherently difficult to configure there are a couple of things to keep in mind to make sure the configuration performs as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall configurations that are discarding IP protocol 47 or blocking your source/desintation traffic. **1. Confirm IP connectivity between tunnel local-ip and remote-ip:** .. code-block:: sh vyos@vyos:~$ ping 198.18.2.2 interface 198.18.0.2 count 4 PING 198.18.2.2 (198.18.2.2) from 198.18.0.2 : 56(84) bytes of data. 64 bytes from 198.18.2.2: icmp_seq=1 ttl=254 time=0.807 ms 64 bytes from 198.18.2.2: icmp_seq=2 ttl=254 time=1.50 ms 64 bytes from 198.18.2.2: icmp_seq=3 ttl=254 time=0.624 ms 64 bytes from 198.18.2.2: icmp_seq=4 ttl=254 time=1.41 ms --- 198.18.2.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3007ms rtt min/avg/max/mdev = 0.624/1.087/1.509/0.381 ms **2. Confirm the link type has been set to GRE:** .. code-block:: sh vyos@vyos:~$ show interfaces tunnel tun100 tun100@NONE: mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000 link/gre 198.18.0.2 peer 198.18.2.2 inet 10.0.0.1/30 brd 10.0.0.3 scope global tun100 valid_lft forever preferred_lft forever inet6 fe80::5efe:c612:2/64 scope link valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 2183 27 0 0 0 0 TX: bytes packets errors dropped carrier collisions 836 9 0 0 0 0 **3. Confirm IP connectivity across the tunnel:** .. code-block:: sh vyos@vyos:~$ ping 10.0.0.2 interface 10.0.0.1 count 4 PING 10.0.0.2 (10.0.0.2) from 10.0.0.1 : 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=1.05 ms 64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=1.88 ms 64 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=1.98 ms 64 bytes from 10.0.0.2: icmp_seq=4 ttl=255 time=1.98 ms --- 10.0.0.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3008ms rtt min/avg/max/mdev = 1.055/1.729/1.989/0.395 ms Virtual Tunnel Interface (VTI) ------------------------------ Set Virtual Tunnel Interface .. code-block:: sh set interfaces vti vti0 address 192.168.2.249/30 set interfaces vti vti0 address 2001:db8:2::249/64 Results in: .. code-block:: sh vyos@vyos# show interfaces vti vti vti0 { address 192.168.2.249/30 address 2001:db8:2::249/64 description "Description" }