1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
.. _interfaces-tunnel:
Tunnel Interfaces
=================
Generic Routing Encapsulation (GRE)
-----------------------------------
A GRE tunnel operates at layer 3 of the OSI model and is repsented by IP protocol 47. The
main benefit of a GRE tunnel is that you are able to route traffic across disparate networks.
GRE also supports multicast traffic and supports routing protocols that leverage multicast to
form neighbor adjacencies.
Configuration
^^^^^^^^^^^^^
A basic configuration requires a tunnel source (local-ip), a tunnel destination (remote-ip),
an encapsulation type (gre), and an address (ipv4/ipv6). Below is a configuration example
taken from a VyOS router and a Cisco IOS router. The main difference between these two
configurations is that VyOS requires you explicitly configure the encapsulation type.
The Cisco router defaults to 'gre ip' otherwise it would have to be configured as well.
**VyOS Router:**
.. code-block:: sh
set interfaces tunnel tun100 address '10.0.0.1/30'
set interfaces tunnel tun100 encapsulation 'gre'
set interfaces tunnel tun100 local-ip '198.18.0.2'
set interfaces tunnel tun100 remote-ip '198.18.2.2'
**Cisco IOS Router:**
.. code-block:: sh
interface Tunnel100
ip address 10.0.0.2 255.255.255.252
tunnel source 198.18.2.2
tunnel destination 198.18.0.2
Troubleshooting
^^^^^^^^^^^^^^^
GRE is a well defined standard that is common in most networks. While not inherently difficult
to configure there are a couple of things to keep in mind to make sure the configuration performs
as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall
configurations that are discarding IP protocol 47 or blocking your source/desintation traffic.
**1. Confirm IP connectivity between tunnel local-ip and remote-ip:**
.. code-block:: sh
vyos@vyos:~$ ping 198.18.2.2 interface 198.18.0.2 count 4
PING 198.18.2.2 (198.18.2.2) from 198.18.0.2 : 56(84) bytes of data.
64 bytes from 198.18.2.2: icmp_seq=1 ttl=254 time=0.807 ms
64 bytes from 198.18.2.2: icmp_seq=2 ttl=254 time=1.50 ms
64 bytes from 198.18.2.2: icmp_seq=3 ttl=254 time=0.624 ms
64 bytes from 198.18.2.2: icmp_seq=4 ttl=254 time=1.41 ms
--- 198.18.2.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 0.624/1.087/1.509/0.381 ms
**2. Confirm the link type has been set to GRE:**
.. code-block:: sh
vyos@vyos:~$ show interfaces tunnel tun100
tun100@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000
link/gre 198.18.0.2 peer 198.18.2.2
inet 10.0.0.1/30 brd 10.0.0.3 scope global tun100
valid_lft forever preferred_lft forever
inet6 fe80::5efe:c612:2/64 scope link
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped overrun mcast
2183 27 0 0 0 0
TX: bytes packets errors dropped carrier collisions
836 9 0 0 0 0
**3. Confirm IP connectivity across the tunnel:**
.. code-block:: sh
vyos@vyos:~$ ping 10.0.0.2 interface 10.0.0.1 count 4
PING 10.0.0.2 (10.0.0.2) from 10.0.0.1 : 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=1.05 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=1.88 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=1.98 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=255 time=1.98 ms
--- 10.0.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3008ms
rtt min/avg/max/mdev = 1.055/1.729/1.989/0.395 ms
Virtual Tunnel Interface (VTI)
------------------------------
Set Virtual Tunnel Interface
.. code-block:: sh
set interfaces vti vti0 address 192.168.2.249/30
set interfaces vti vti0 address 2001:db8:2::249/64
Results in:
.. code-block:: sh
vyos@vyos# show interfaces vti
vti vti0 {
address 192.168.2.249/30
address 2001:db8:2::249/64
description "Description"
}
|
