GRE tunnels and IP over IP Tunnels Configuration

GRE stands for Generic routing encapsulation i.e. it encapsulates IP, IP6, CLS etc. protocols with an additional GRE Header. e.g. if we have IPsec tunnel available and want to allow Routing protocol traffic thru it in that case, it will only be possible using GRE. We can use static routes to allow traffic over IPsec but not routing protocols. GRE uses IP Protocol number 97. While IPIP( IP over IP)  Tunnels only encapsulate IP header i.e. to say , it does not use protocols like IPv6 OR CLS for IS-IS. This is the only difference of IPIP with GRE. In other words if we are using GRE over IP as Transport mode, it would be as good as IPIP ( IP over IP Tunnel). Other benefit is that when traffic will pass over Tunnel- it will act as a point to point link. So, if there are 10 routers in between R1 and R5 then tunnel is formed between R1 and R5 then while tracing we will see only one hop because Tunnel is created between R1 and R5.

Configuration is fairly simple, create Tunnel interface, assign it an IP address or use unnumbered IP address of any loopback, Define tunnel source interface( Or IP address of Source Interface) , Define Tunnel Destination Interface or IP address, use keep alive ( optional) , use Transport mode( optional , default mode for GRE Tunneling is GRE over IP). Initially there should be end to end reachability between Tunnel Interfaces. It can be done using static routes or routing protocol.  Protocol that helps in forming Tunnel end to end connectivity is known as Underlay protocol (incl static ). Protocol that uses Tunnel link to advertise or pass traffic is known as Overlay protocol (including static routes). So we should avoid using same underlay and overlay protocol to avoid recursive loop which may occur due to wrong metric or Distance. Other way to avoid is to use different AS number or Process ID of protocol if routing protocol is same, OR use Distribute List to avoid recursive loops.

GRE & IPIP tunnels

Above is one good case. Three routers R1 , R2 , R3 connected with IPs shown in the diagram,

EIGRP is running only in Router R1 , R3 i.e.      100.1.1.1/32, 1.1.1.1/32 in R1 ( EIGRP 1) & 200.1.1.1/32 , 3.3.3.3/32 in R3 ( eigrp 1)

Tunnel is formed from 100.1.1.1/32 Tunnel 0 to 200.1.1.1/32 Tunnel 0 over Static Routing.

After that we will be able to see that eigrp neighborship is formed from R1 to R3 though there is no eigrp configuration on Router R2.  We can ping 1.1.1.1 from R3 and 3.3.3.3 from R2.

Tracert from R1 to 3.3.3.3 shows only one Hop and similar is the result from R3 to 1.1.1.1 which proves that tunnel is passing thru Tunnel. Also we can check the routes for these Hosts in routing table. EIGRP neighborship is up and ping is working well.

Default mode of GRE Is GRE over IP, which can be changed to “tunnel mode gre ipv6 or multipoint” under interface Tunnel configuration.

GRE over IP is equivalent to IP over IP Tunnel.   IP over IP can be GRE & IPIP tunnels 2enabled with “tunnel mode ipip” under interface Tunnel configuration.

IPIP will only encapsulate IP Header, nothing else. While GRE supports encapsulations over IP, IPv6, CLS (IS-IS)

Sitewide-15dollars640x480

Facebook Comments

Leave a Reply

Your email address will not be published. Required fields are marked *