Posted on by Mrityunjay Singh

Gre Tunnel

Topology

Objectives

Create Gre tunnel between Router A and Router c. We are creating tunnel to internal communication between two LAN segments without, advertising LAN IP in internet domain.

Steps:

  • Your end to end network should be reachable i.e the interface/node from where you are creating tunnel should reachable to destination interface/node. Here Router A ,B & C is configured and running eigrp under internet domain , we have advertised loopback on Router A &C under eigrp.
  • Ping 2.2.2.2 from Router A and 1.1.1.1 from Router C.

A#ping 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/2 ms

C#ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

Ping LAN1 PC from LAN 2 PC.

PC>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 192.168.10.2:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Currently LAN are not reachable

  • Create Tunnel on Router A and C. Provide IP add to tunnel interface. Both tunnel should have IP add of same class so that they can communicate with each other.

Define tunnel source ( here Loopback1) and destination( 3.3.3.3).The tunnel source and destination should be opposite on both side.

A#

interface Tunnel1

ip address 50.50.50.1 255.255.255.252

tunnel source Loopback1

tunnel destination 3.3.3.3

tunnel mode gre ip

C#

interface Tunnel1

 ip address 50.50.50.2 255.255.255.252

 tunnel source Loopback1

 tunnel destination 1.1.1.1

 tunnel mode gre ip
  • Here you will be able to ping the tunnel IP , though it is not advertised under eigrp and carried over gre encapsulation.

A#ping 50.50.50.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 50.50.50.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

C#ping 50.50.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 50.50.50.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

Define static routing for LAN with Next hop as tunnel IP.

A#

ip route 192.168.20.0 255.255.255.0 50.50.50.2

B#

ip route 192.168.10.0 255.255.255.0 50.50.50.1

Now LAN IP should be reachable via tunnel , and tunnel is reachable via Gre encapsulated packet over IP.

PC>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:

Reply from 192.168.10.2: bytes=32 time=10ms TTL=126

Reply from 192.168.10.2: bytes=32 time=0ms TTL=126

Reply from 192.168.10.2: bytes=32 time=11ms TTL=126

Reply from 192.168.10.2: bytes=32 time=10ms TTL=126

Ping statistics for 192.168.10.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 11ms, Average = 7ms

Summary:

Steps:

  • Establish L3 connectivity end to end. Tunnel source and destination should have L3 connectivity.
  • Define tunnel, with tunnel source and destination. The tunnel source and destination should be opposite at both end.
  • Both end Tunnel ip address should be in same class.
  • Define static routing towards LAN with Tunnel IP as next Hop

Advantages of GRE tunnel

  • Easy to configure
  • Support Broadcast and Multicast
  • Can carry multiple routing protocols.

Disadvantages of GRE tunnel

  • It do not support security like authentication.