Configuring GRE· 1

Overview·· 1

GRE encapsulation format 1

GRE encapsulation and de-encapsulation· 2

GRE application scenarios 2

Protocols and standards 4

Configuring a GRE over IPv4 tunnel 4

Configuration prerequisites 5

Configuration procedure· 5

Displaying and maintaining GRE· 6

GRE over IPv4 configuration example· 6

Troubleshooting GRE· 9

 

Overview

Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate multiple network layer protocols into virtual point-to-point tunnels over an IP network. Packets are encapsulated at one tunnel end and de-encapsulated at the other tunnel end.

GRE encapsulation format

Figure 1 GRE encapsulation format

 

As shown in Figure 1, a GRE-tunneled packet comprises the following parts:

·           Payload packet—Original packet. The protocol type of the payload packet is called the passenger protocol.

·           GRE header—After GRE receives a payload packet, it adds a GRE header to the payload packet to change the payload packet to a GRE packet. GRE is called the encapsulation protocol.

·           Delivery header—Transport protocol used to transfer the GRE packet. The system adds a transport protocol header to the GRE packet to deliver it to the tunnel end.

For example, to transfer an IPv6 packet over an IPv4 network through a GRE tunnel, the system encapsulates the IPv6 packet in the format shown in Figure 2. The passenger protocol is IPv6, the encapsulation protocol is GRE, and the transport protocol is IPv4.

Figure 1 Format of a GRE-encapsulated packet

 

Depending on the transport protocol, GRE tunnels fall into the following types:

·           GRE over IPv4—The transport protocol is IPv4, and the passenger protocol is any network layer protocol.

·           GRE over IPv6—The transport protocol is IPv6, and the passenger protocol is any network layer protocol.

GRE encapsulation and de-encapsulation  

Figure 2 X protocol networks interconnected through a GRE tunnel

 

The following takes the network shown in Figure 3 as an example to describe how an X protocol packet traverses an IP network through a GRE tunnel:

Encapsulation process

1.      After receiving an X protocol packet from the interface connected to Group 1, Device A submits it to the X protocol for processing.

2.      The X protocol checks the destination address field in the packet header to determine how to route the packet.

3.      If the packet must be tunneled to reach its destination, Device A sends it to the GRE tunnel interface.

4.      Upon receiving the packet, the tunnel interface encapsulates the packet with GRE and then with IP.

5.      Device A looks up the routing table according to the destination address in the IP header and forwards the IP packet.

De-encapsulation process

De-encapsulation is the reverse of the encapsulation process:

1.      Upon receiving an IP packet from the tunnel interface, Device B checks the destination address.

2.      If the destination is itself and the protocol number in the IP header is 47 (the protocol number for GRE), Device B removes the IP header of the packet and submits the resulting packet to GRE for processing (such as checking the GRE key, checksum, and sequence number in the packet).

3.      After GRE finishes the processing, Device B removes the GRE header and submits the payload to the X protocol for forwarding.

 

NOTE: GRE encapsulation and de-encapsulation can decrease the forwarding efficiency of tunnel-end devices.

 

GRE application scenarios

The following shows typical GRE application scenarios:

Connecting private networks running different protocols over a single backbone

Figure 3 Network diagram

 

As shown in Figure 4, Group 1 and Group 2 are IPv6 networks, and Team 1 and Team 2 are IPv4 networks. Through the GRE tunnel between Device A and Device B, Group 1 can communicate with Group 2 and Team 1 can communicate with Team 2, without affecting each other.

Enlarging network scope

Figure 4 Network diagram

 

In an IP network, the maximum TTL value of a packet is 255. If two devices have more than 255 hops in between, they cannot communicate with each other. By using a GRE tunnel, you can hide some hops to enlarge the network scope. As shown in Figure 5, only the tunnel-end devices (Device A and Device D) of the GRE tunnel are counted in hop count calculation. Therefore, there are only three hops between Host A and Host B.

Constructing VPN

Figure 5 Network diagram

 

As shown in Figure 6, Site 1 and Site 2 both belong to VPN 1 and are located in different cities. Using a GRE tunnel can connect the two VPN sites across the WAN.

Protocols and standards

·           RFC 1701, Generic Routing Encapsulation (GRE)

·           RFC 1702, Generic Routing Encapsulation over IPv4 networks

·           RFC 2784, Generic Routing Encapsulation (GRE)

Configuring a GRE over IPv4 tunnel

Follow these guidelines when you configure a GRE over IPv4 tunnel:

·           You must configure the tunnel source address and destination address at both ends of a tunnel, and the tunnel source or destination address at one end must be the tunnel destination or source address at the other end.

·           Local tunnel interfaces using the same encapsulation protocol must not have the same tunnel source and destination addresses.

·           You can enable or disable the checksum function at both ends of a tunnel.

?  If checksum is enabled at the local end but not at the remote end, the local end calculates the checksum of a packet to be sent but does not check the checksum of a received packet.

?  If checksum is enabled at the remote end but not at the local end, the local end checks the checksum of a received packet but does not calculate the checksum of a packet to be sent.

·           You can use the following methods to configure a route to a destination over the GRE tunnel:

?  Configure a static route, using the destination address of the original packet as the destination address of the route and the address of the peer tunnel interface as the next hop.

?  Enable a dynamic routing protocol on both the tunnel interface and the interface connecting the private network, so the dynamic routing protocol can establish a routing entry with the tunnel interface as the outgoing interface.

·           The IP address of the tunnel interface and the tunnel destination address configured on the tunnel interface must be in different subnets.

Configuration prerequisites

Configure an IP address for the interface (such as a VLAN interface, a GigabitEthernet interface, or a Loopback interface) to be used as the source interface of the tunnel interface.

Configuration procedure

To configure a GRE over IPv4 tunnel:

 

Step	Command	Remarks
1.     Enter system view.	system-view	N/A
2.     Create a GRE over IPv4 tunnel interface and enter its view.	interface tunnel interface-number mode gre	By default, the device has no tunnel interface. You must configure the same tunnel mode on both ends of a tunnel. Otherwise, packet delivery may fail.
3.     Configure an IPv4 or IPv6 address for the tunnel interface.	For information about how to assign an IPv4 address to an interface, see "Configuring IP addressing." For information about how to assign an IPv6 address to an interface, see "Configuring IPv6 basics."	By default, no IPv4 or IPv6 address is configured for a tunnel interface. When the passenger protocol is IPv4, configure an IPv4 address for the tunnel interface. When the passenger protocol is IPv6, configure an IPv6 address for the tunnel interface.
4.     Configure a source address or source interface for the tunnel interface.	source { ip-address | interface-type interface-number }	By default, no source address or interface is configured for a tunnel interface. If you configure a source address for a tunnel interface, the tunnel interface uses the source address as the source address of the encapsulated packets. If you configure a source interface for a tunnel interface, the tunnel interface uses the primary IP address of the source interface as the source address of the encapsulated packets.
5.     Configure a destination address for the tunnel interface.	destination ip-address	By default, no destination address is configured for a tunnel interface. The destination address is the address of the physical interface that the tunnel remote end uses to receive packets from the GRE tunnel. The tunnel local end uses this address as the destination address of the encapsulated packets.
6.     (Optional.) Enable GRE keepalive and set the keepalive interval and keepalive number.	keepalive [ interval [ times ] ]	By default, GRE keepalive is disabled.
7.     Return to system view.	quit	N/A

 

For information about tunnel interfaces and more configuration commands on a tunnel interface, see "Configuring tunneling."

For more information about the interface tunnel, source, and destination commands, see Layer 3—IP Services Command Reference.

Displaying and maintaining GRE

Execute display commands in any view.

 

Task	Command	Remarks
Display information about tunnel interfaces.	display interface [ tunnel [ number ] ] [ brief ]	For more information about this command, see Layer 3—IP Services Command Reference.
Display IPv6 information about tunnel interface.	display ipv6 interface [ tunnel [ number ] ] [ brief ]	For more information about this command, see Layer 3—IP Services Command Reference.

 

GRE over IPv4 configuration example

By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in down state. To configure such an interface, first use the undo shutdown command to bring the interface up.

Network requirements

Switch A and Switch B are connected to the Internet running IPv4. Establish a GRE tunnel between the switches to interconnect the two private IPv4 networks Group 1 and Group 2.

Figure 6 Network diagram

 

Configuration procedure

Before the configuration, make sure Switch A and Switch B can reach each other.

1.      Configure Switch A:

# Configure interface VLAN-interface 100.

<SwitchA> system-view

[SwitchA] vlan 100

[SwitchA-vlan100] port GigabitEthernet 3/0/1

[SwitchA-vlan100] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vlan-interface100] quit

# Configure interface VLAN-interface 101.

[SwitchA] vlan 101

[SwitchA-vlan101] port GigabitEthernet 3/0/2

[SwitchA-vlan101] quit

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] ip address 1.1.1.1 255.255.255.0

[SwitchA-Vlan-interface101] quit

# Create a tunnel interface Tunnel1, and specify the tunnel mode as GRE over IPv4.

[SwitchA] interface tunnel 1 mode gre

# Configure an IP address for the tunnel interface.

[SwitchA-Tunnel1] ip address 10.1.2.1 255.255.255.0

# Configure the source address of tunnel interface as the IP address of VLAN-interface 101 on Switch A.

[SwitchA-Tunnel1] source vlan-interface 101

# Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch B.

[SwitchA-Tunnel1] destination 2.2.2.2

[SwitchA-Tunnel1] quit

# Configure a static route from Switch A through the tunnel interface to Group 2.

[SwitchA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1

2.      Configure Switch B:

# Configure interface VLAN-interface 100.

<SwitchB> system-view

[SwitchB] vlan 100

[SwitchB-vlan100] port GigabitEthernet 3/0/1

[SwitchB-vlan100] quit

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ip address 10.1.3.1 255.255.255.0

[SwitchB-Vlan-interface100] quit

# Configure interface VLAN-interface 101.

[SwitchB] vlan 101

[SwitchB-vlan101] port GigabitEthernet 3/0/2

[SwitchB-vlan101] quit

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] ip address 2.2.2.2 255.255.255.0

[SwitchB-Vlan-interface101] quit

# Create a tunnel interface Tunnel1, and specify the tunnel mode as GRE over IPv4.

[SwitchB] interface tunnel 1 mode gre

# Configure an IP address for the tunnel interface.

[SwitchB-Tunnel1] ip address 10.1.2.2 255.255.255.0

# Configure the source address of tunnel interface as the IP address of VLAN-interface 101 on Switch B.

[SwitchB-Tunnel1] source vlan-interface 101

# Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on Switch A.

[SwitchB-Tunnel1] destination 1.1.1.1

[SwitchB-Tunnel1] quit

# Configure a static route from Switch B through the tunnel interface to Group 1.

[SwitchB] ip route-static 10.1.1.0 255.255.255.0 Tunnel 1

3.      Verify the configuration:

# Display tunnel interface information on Switch A and Switch B.

[SwitchA] display interface tunnel 1

Tunnel1 current state: UP

Line protocol current state: UP

Description: Tunnel1 Interface

The Maximum Transmit Unit is 1476

Internet Address is 10.1.2.1/24 Primary

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel bandwidth 64 (kbps)

Tunnel keepalive disabled

Tunnel TTL 255

Tunnel protocol/transport GRE/IP

    GRE key disabled

    Checksumming of GRE packets disabled

Last clearing of counters:  Never

    Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

    Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

    0 packets input, 0 bytes, 0 drops

    0 packets output, 0 bytes, 0 drops

[SwitchB] display interface tunnel 1

Tunnel1 current state: UP

Line protocol current state: UP

Description: Tunnel1 Interface

The Maximum Transmit Unit is 1476

Internet Address is 10.1.2.2/24 Primary

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel bandwidth 64 (kbps)

Tunnel keepalive disabled

Tunnel TTL 255

Tunnel protocol/transport GRE/IP

    GRE key disabled

    Checksumming of GRE packets disabled

Last clearing of counters:  Never

    Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

    Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

    0 packets input, 0 bytes, 0 drops

    0 packets output, 0 bytes, 0 drops

# From Switch B, ping the IP address of VLAN-interface 100 on Switch A.

[SwitchB] ping -a 10.1.3.1 10.1.1.1

PING 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes

56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=11.000 ms

56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms

 

--- 10.1.1.1 ping statistics ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/stddev = 0.000/2.400/11.000/4.317 ms

The output shows that Switch B can successfully ping Switch A.

Troubleshooting GRE

The key to configuring GRE is to keep the configurations consistent. Most faults can be located by using the debugging gre or debugging tunnel command. This section analyzes one type of fault for illustration, with the scenario shown in Figure 8.

Figure 7 Network diagram

 

Symptom

The interfaces at both ends of the tunnel are configured correctly and can ping each other, but Host A and Host B cannot ping each other.

Analysis

It may be because that Device A or Device C has no route to reach the peer network.

Solution

1.      Execute the display ip routing-table command on Device A and Device C to view whether Device A has a route over tunnel 0 to 10.2.0.0/16 and whether Device C has a route over tunnel 0 to 10.1.0.0/16.

2.      If such a route does not exist, execute the ip route-static command in system view to add the route. Take Device A as an example:

[DeviceA] ip route-static 10.2.0.0 255.255.0.0 tunnel 0