Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-GRE Configuration | 260.14 KB |
Table of Contents
1.2 Configuring a GRE over IPv4 Tunnel
1.2.1 Configuration Prerequisites
1.3 Displaying and Maintaining GRE
1.4 GRE Tunnel Configuration Examples
1.4.1 GRE IPv4 over IPv4 Tunnel Configuration Example
1.4.2 GRE IPv6 over IPv4 Tunnel Configuration Example
Chapter 1 GRE Configuration
When configuring GRE, go to these sections for information you are interested in:
l Configuring a GRE over IPv4 Tunnel
l Displaying and Maintaining GRE
l GRE Tunnel Configuration Examples
& Note:
l Routers mentioned and router icons illustrated in the contents below represent the general routers and Ethernet switches running routing protocols. To simplify the description, this explanation will not be provided otherwise.
l Currently, the products do not support configuring IS-IS, IPv6-IS-IS or multicasting on tunnels.
1.1 GRE Overview
1.1.1 Introduction to GRE
Generic routing encapsulation (GRE) is a protocol designed for performing encapsulation of one network layer protocol (for example, IP or IPX) over another network layer protocol (for example, IP). GRE uses the tunneling technology and serves as a Layer 3 tunneling protocol of virtual private network (VPN).
A tunnel is a virtual point-to-point connection for transferring encapsulated packets. Packets are encapsulated at one end of the tunnel and decapsulated at the other end.
An X protocol packet transferred through a tunnel undergoes an encapsulation process and a decapsulation process. Figure 1-1 depicts the network used to illustrate these two processes.
Figure 1-1 X protocol networks interconnected through the GRE tunnel
I. Encapsulation process
1) After receiving an X protocol packet through the interface connecting Group1, Router A submits it to the X protocol for processing.
2) The X protocol checks the destination address field in the packet header to determine how to route the packet.
3) If the packet must be tunneled to reach its destination, Router A sends it to the tunnel interface.
4) Upon receipt of the packet, the tunnel interface encapsulates it in a GRE packet. Then, the system encapsulates the packet in an IP packet and forwards the IP packet based on its destination address and the routing table.
II. Format of an encapsulated packet
Figure 1-2 shows the format of an encapsulated packet.
Figure 1-2 Format of an encapsulated packet
As an example, Figure 1-3 shows the format of an X protocol packet encapsulated for transmission over an IP tunnel.
Figure 1-3 Format of an X packet encapsulated for transmission over an IP tunnel
l Payload: Packet that needs to be encapsulated and routed.
l Passenger protocol: Protocol that the payload packet uses.
l Encapsulation or carrier protocol: Protocol used to encapsulate the payload packet, that is, GRE.
l Delivery or transport protocol: Protocol used to encapsulate the GRE packet and to forward the resulting packet to the other end of the tunnel, IP in this example.
III. Decapsulation process
Decapsulation is the reverse process of encapsulation:
1) Upon receiving an IP packet from the tunnel interface, Router B checks the destination address.
2) If the destination is itself, Router B strips off the IP header of the packet and submits the resulting packet to the GRE protocol.
3) The GRE protocol checks the key, checksum and sequence number in the packet, and then strips off the GRE header and submits the payload to the X protocol for forwarding.
& Note:
Encapsulation and decapsulation processes on both ends of the GRE tunnel and the resulting increase in data volumes will degrade the forwarding efficiency for the GRE-enabled device to some extent.
1.1.2 GRE Applications
GRE supports these types of applications:
l Multi-protocol communications through a single-protocol backbone
l Scope enlargement of the network running a hop-limited protocol
l VPN creation by connecting discontinuous subnets
I. Multi-protocol communications through a single-protocol backbone
Figure 1-4 Multi-protocol communications through a single-protocol backbone
In the example as shown in Figure 1-4, Group1 and Group2 are local networks running Novell IPX, while Team1 and Team2 are local networks running IP. Through the GRE tunnel between Router A and Router B, Group1 can communicate with Group2 and Team1 can communicate with Team2. They will not interfere with each other.
II. Scope enlargement of the network running a hop-limited protocol
Figure 1-5 Scope enlargement of the network
When the hop count between two terminals exceeds 15, the terminals cannot communicate with each other. Using GRE, you can hide some hops so as to enlarge the scope of the network.
III. VPN creation by connecting discontinuous subnets
Figure 1-6 Connect discontinuous subnets with a tunnel to form a VPN
In the example as shown in Figure 1-6, Group1 and Group2 running Novell IPX are deployed in different cities. They can constitute a trans-WAN virtual private network (VPN) through the GRE tunnel.
1.2 Configuring a GRE over IPv4 Tunnel
1.2.1 Configuration Prerequisites
Interfaces on a device, such as VLAN interfaces and loopback interfaces, are configured with IPv4 addresses and can communicate. These interfaces can be used as the source of a virtual tunnel interface to ensure the reachability of the tunnel destination address.
1.2.2 Configuration Procedure
Follow these steps to configure a GRE over IPv4 tunnel:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enable IPv6 packet forwarding |
ipv6 |
Optional By default, the IPv6 packet forwarding function is disabled. On IPv6 over IPv4 GRE tunnels, this function is mandatory. |
|
|
Create a tunnel interface and enter tunnel interface view |
interface tunnel interface-number |
Required Not created by default |
|
|
Configure an IPv4 address for the tunnel interface |
ip address ip-address { mask | mask-length } |
Any of the three must be selected. By default, no IPv4 address is configured on a tunnel interface. Whether to configure an IPv4 or IPv6 address on a tunnel interface depends on the actual needs. By default, no IPv6 global unique address or site-local address is configured on a tunnel interface. |
|
|
Configure an IPv6 address for the tunnel interface |
Configure an IPv6 global unique address or a site-local address |
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } ipv6 address ipv6-address/prefix-length eui-64 |
|
|
Configure an IPv6 link-local address |
ipv6 address auto link-local |
Optional By default, when an interface is configured with an IPv6 global unique address or a site-local address, a link-local address is created automatically. |
|
|
ipv6 address ipv6-address link-local |
|||
|
Set the tunnel mode to GRE over IPv4 |
tunnel-protocol gre |
Optional GRE over IPv4 by default Note that both ends of a tunnel must be configured with the same tunnel mode. Otherwise, packet delivery will fail. |
|
|
Configure the source address for the tunnel interface |
source { ip-address | ipv6-address | interface-type interface-number } |
Required By default, no source address is configured for a tunnel interface. |
|
|
Configure the destination address for the tunnel interface |
destination { ip-address | ipv6-address } |
Required By default, no destination address is configured for a tunnel interface. |
|
|
Specify the service loop group for the tunnel interface to reference |
aggregation-group aggregation-group-ID |
Required |
|
|
Configure a route through the tunnel |
Refer to IP Routing Volume. |
Optional Each end of the tunnel must have a route (static or dynamic) through the tunnel to the other end. |
|
|
Enable the expedite termination function for a tunnel interface |
expediting enable |
Optional Disabled by default Moreover, this function has no effect on GRE IPv4 over IPv4 tunnels |
|
|
Set the MTU value for the tunnel interface |
mtu mtu-size |
Optional |
|
Note that:
l For a tunnel interface that is configured with any of the above features, all the configuration disappears once that interface is deleted.
l The source address and destination address of a tunnel uniquely identify a path. They must be configured at both ends of the tunnel and are mutually the source address and the destination address.
l Two or more tunnel interfaces using the same encapsulation protocol must have different source addresses and destination addresses.
l If you configure a source interface for a tunnel interface, the source address of the tunnel interface is the primary IP address of the source interface.
l The source and destination addresses of a tunnel must be different from each other. Moreover, for static routes configured on a tunnel interface, their destination addresses cannot be in the same network segment as the address of that tunnel interface.
l IPv6 over IPv4 GRE tunnel interfaces support such dynamic routing protocols as OSPFv3, RIPng and BGP4+.
l To run dynamic routing protocols (apart from BGP4+) on a tunnel interface, you need to enable the expediting function on the relevant tunnel first.
l It is not allowed to set up on a tunnel interface static routes whose destination addresses are in the network segment as that tunnel interface.
l For GRE IPv6 over IPv4 packets, due to restrictions of match conditions for the expediting function, only the physical ports with the link type as Access or Hybrid can be bound to the VLAN interface that acts as the source interface of a tunnel. Moreover, when the link type of a port is Hybrid, the untagged attribute must be specified for the VLAN that sends GRE tunnel packets.
l The XP4DB, GV48DA and GV48DB boards do not support the expediting function on GRE IPv6 over IPv4 tunnels.
1.3 Displaying and Maintaining GRE
|
To do… |
Use the command… |
Remarks |
|
Display information about a specified or all tunnel interfaces |
display interface tunnel [ number ] |
Available in any view |
|
Display IPv6 information about a tunnel interface |
display ipv6 interface tunnel number |
Available in any view |
1.4 GRE Tunnel Configuration Examples
1.4.1 GRE IPv4 over IPv4 Tunnel Configuration Example
I. Network requirements
Switch A and Switch B are interconnected through an IPv4 network. Two private IPv4 subnets Group1 and Group2 are interconnected through a GRE tunnel between the two switches.
II. Network diagram
Figure 1-7 Network diagram for GRE application
III. Configuration procedure
1) Configure Switch A
# Configure VLAN-interface 100.
<Sysname1> system-view
[Sysname1] vlan 100
[Sysname1-vlan100] port GigabitEthernet 4/1/1
[Sysname1-vlan100] quit
[Sysname1] interface vlan-interface 100
[Sysname1-Vlan-interface100] ip address 10.1.1.1 255.255.255.0
[Sysname1-Vlan-interface100] quit
# Configure VLAN-interface 101, the physical interface for the tunnel.
[Sysname1] vlan 101
[Sysname1-vlan101] port GigabitEthernet 4/1/2
[Sysname1-vlan101] quit
[Sysname1] interface vlan-interface 101
[Sysname1-Vlan-interface101] ip address 192.13.2.1 255.255.255.0
[Sysname1-Vlan-interface101] quit
# Create an interface named Tunnel 4/0/1.
[Sysname1] interface tunnel 4/0/1
# Configure an IPv4 address for interface Tunnel 4/0/1.
[Sysname1-Tunnel4/0/1] ip address 10.1.2.1 255.255.255.0
# Configure the tunnel encapsulation mode.
[Sysname1-Tunnel4/0/1] tunnel-protocol gre
# Configure the source address of interface Tunnel 4/0/1 to be the IP address of the VLAN interface of interface GigabitEthernet 4/1/2.
[Sysname1-Tunnel4/0/1] source vlan-interface 101
# Configure the destination address for interface Tunnel 4/0/1 (IP address of the VLAN interface to which GigabitEthernet 4/1/2 of Switch B belongs).
[Sysname1-Tunnel4/0/1] destination 131.108.5.2
[Sysname1-Tunnel4/0/1] expediting enable
[Sysname1-Tunnel4/0/1] quit
# Create service loop group 1, setting the configuration mode to manual and the service type to tunnel.
[Sysname1] link-aggregation group 1 mode manual
[Sysname1] link-aggregation group 1 service-type tunnel
# Configure the tunnel to reference service loop group 1 in tunnel interface view.
[Sysname1] interface tunnel 4/0/1
[Sysname1-Tunnel4/0/1] aggregation-group 1
[Sysname1-Tunnel4/0/1] quit
# Add interface Ethernet4/1/3 to service loop group 1.
[Sysname1] interface GigabitEthernet 4/1/3
[Sysname1-GigabitEthernet4/1/3] stp disable
[Sysname1-GigabitEthernet4/1/3] port link-aggregation group 1
# Configure a static route from Switch A through interface Tunnel 4/0/1 to Group2.
[Sysname1] ip route-static 10.1.3.0 255.255.255.0 tunnel 4/0/1
2) Configure Switch B
# Configure VLAN-interface 100.
<Sysname2> system-view
[Sysname2] vlan 100
[Sysname2-vlan100] port GigabitEthernet 4/1/1
[Sysname2-vlan100] quit
[Sysname2] interface vlan-interface 100
[Sysname2-Vlan-interface100] ip address 10.1.3.1 255.255.255.0
[Sysname2-Vlan-interface100] quit
# Configure VLAN-interface 101, the physical interface for the tunnel.
[Sysname2] vlan 101
[Sysname2-vlan101] port GigabitEthernet 4/1/2
[Sysname2-vlan101] quit
[Sysname2] interface vlan-interface 101
[Sysname2-Vlan-interface101] ip address 131.108.5.2 255.255.255.0
[Sysname2-Vlan-interface101] quit
# Create an interface named Tunnel 4/0/1.
[Sysname2] interface tunnel 4/0/1
# Configure an IPv4 address for interface Tunnel 4/0/1.
[Sysname2-Tunnel4/0/1] ip address 10.1.2.2 255.255.255.0
# Configure the tunnel encapsulation mode.
[Sysname2-Tunnel4/0/1] tunnel-protocol gre
# Configure the source address for interface tunnel4/0/1 (IP address of the VLAN interface to which GigabitEthernet 4/1/2 belongs).
[Sysname2-Tunnel4/0/1] source vlan-interface 101
# Configure the destination address for interface Tunnel 4/0/1 (IP address of the VLAN interface to which GigabitEthernet 4/1/2 of Switch A belongs). Moreover, enable the expediting function.
[Sysname2-Tunnel4/0/1] destination 192.13.2.1
[Sysname2-Tunnel4/0/1] expediting enable
[Sysname2-Tunnel4/0/1] quit
# Create service loop group 1, setting the configuration mode to manual and the service type to tunnel.
[Sysname2] link-aggregation group 1 mode manual
[Sysname2] link-aggregation group 1 service-type tunnel
# Configure the tunnel to reference service loop group 1 in tunnel interface view.
[Sysname2] interface tunnel 4/0/1
[Sysname2-Tunnel4/0/1] aggregation-group 1
[Sysname2-Tunnel4/0/1] quit
# Add interface GigabitEthernet 4/1/3 to service loop group 1.
[Sysname2] interface GigabitEthernet 4/1/3
[Sysname2-GigabitEthernet4/1/3] stp disable
[Sysname2-GigabitEthernet4/1/3] port link-aggregation group 1
# Configure a static route from Switch B through interface Tunnel 4/0/1 to Group1.
[Sysname2] ip route-static 10.1.1.0 255.255.255.0 Tunnel 4/0/1
1.4.2 GRE IPv6 over IPv4 Tunnel Configuration Example
I. Network requirements
Switch A and Switch B are interconnected through an IPv4 network. Two IPv6 subnets Group1 and Group2 are interconnected through a GRE tunnel between Switch A and Switch B.
II. Network diagram
Figure 1-8 Network diagram for GRE application
III. Configuration procedure
1) Configure Switch A
# Enter system view.
<Sysname1> system-view
# Enable IPv6.
[Sysname1] ipv6
# Configure VLAN-interface 100.
[Sysname1] vlan 100
[Sysname1-vlan100] port GigabitEthernet 4/1/1
[Sysname1-vlan100] quit
[Sysname1] interface vlan-interface 100
[Sysname1-Vlan-interface100] ipv6 address 2002::1:1 64
[Sysname1-Vlan-interface100] quit
# Configure VLAN-interface 101, the physical interface for the tunnel.
[Sysname1] vlan 101
[Sysname1-vlan101] port GigabitEthernet 4/1/2
[Sysname1-vlan101] quit
[Sysname1] interface vlan-interface 101
[Sysname1-Vlan-interface101] ip address 192.13.2.1 255.255.255.0
[Sysname1-Vlan-interface101] quit
# Create an interface named Tunnel 4/0/1.
[Sysname1] interface tunnel 4/0/1
# Configure an IPv6 address for interface Tunnel 4/0/1.
[Sysname1-Tunnel4/0/1] ipv6 address 2001::1:1 64
# Configure the tunnel encapsulation mode.
[Sysname1-Tunnel4/0/1] tunnel-protocol gre
# Configure the source address of interface Tunnel 4/0/1 to be the IP address of the Vlan interface to GigabitEthernet 4/1/2 belongs.
[Sysname1-Tunnel4/0/1] source vlan-interface 101
# Configure the destination address of interface Tunnel 4/0/1 to be the IP address of the Vlan interface to which GigabitEthernet 4/1/2 of Switch B belongs. Additionally, enable the expediting function.
[Sysname1-Tunnel4/0/1] destination 131.108.5.2
[Sysname1-Tunnel4/0/1] expediting enable
[Sysname1-Tunnel4/0/1] quit
# Create service loop group 1, setting the configuration mode to manual and the service type to tunnel.
[Sysname1] link-aggregation group 1 mode manual
[Sysname1] link-aggregation group 1 service-type tunnel
# Configure the tunnel to reference service loop group 1 in tunnel interface view.
[Sysname1] interface tunnel 4/0/1
[Sysname1-Tunnel4/0/1] aggregation-group 1
[Sysname1-Tunnel4/0/1] quit
# Add GigabitEthernet 4/1/3 to service loop group 1.
[Sysname1] interface GigabitEthernet 4/1/3
[Sysname1-GigabitEthernet4/1/3] stp disable
[Sysname1-GigabitEthernet4/1/3] port link-aggregation group 1
# Configure a static route from Switch A through interface Tunnel 4/0/1 to Group2.
[Sysname1] ipv6 route-static 2003::0 64 tunnel 4/0/1
2) Configure Switch B
# Enter system view.
<Sysname2> system-view
# Enable IPv6.
[Sysname2] ipv6
# Configure interface VLAN-interface 100.
[Sysname2] vlan 100
[Sysname2-vlan100] port GigabitEthernet 4/1/1
[Sysname2-vlan100] quit
[Sysname2] interface vlan-interface 100
[Sysname2-Vlan-interface100] ipv6 address 2003::1:2 64
[Sysname2-Vlan-interface100] quit
# Configure interface VLAN-interface 101, the physical interface for the tunnel.
[Sysname2] vlan 101
[Sysname2-vlan101] port GigabitEthernet 4/1/2
[Sysname2-vlan101] quit
[Sysname2] interface vlan-interface 101
[Sysname2-Vlan-interface101] ip address 131.108.5.2 255.255.255.0
[Sysname2-Vlan-interface101] quit
# Create an interface named Tunnel 4/0/1.
[Sysname2] interface tunnel 4/0/1
# Configure an IPv6 address for interface Tunnel 4/0/1.
[Sysname2-Tunnel4/0/1] ipv6 address 2001::1:2 64
# Configure the tunnel encapsulation mode.
[Sysname2-Tunnel4/0/1] tunnel-protocol gre
# Configure the source address of interface Tunnel 4/0/1 to be the IP address of the Vlan interface to which GigabitEthernet 4/1/2 belongs.
[Sysname2-Tunnel4/0/1] source vlan-interface 101
# Configure the destination address of interface Tunnel 4/0/1 to be the IP address of the Vlan interface to which GigabitEthernet 4/1/2 of Switch A belongs. Moreover, enable the expediting function.
[Sysname2-Tunnel4/0/1] destination 192.13.2.1
[Sysname2-Tunnel4/0/1] expediting enable
[Sysname2-Tunnel4/0/1] quit
# Create service loop group 1, setting the configuration mode to manual and the service type to tunnel.
[Sysname2] link-aggregation group 1 mode manual
[Sysname2] link-aggregation group 1 service-type tunnel
# Configure the tunnel to reference service loop group 1 in tunnel interface view.
[Sysname2] interface tunnel 4/0/1
[Sysname2-Tunnel4/0/1] aggregation-group 1
[Sysname2-Tunnel4/0/1] quit
# Add GigabitEthernet 4/1/3 to service loop group 1.
[Sysname2] interface GigabitEthernet 4/1/3
[Sysname2-GigabitEthernet4/1/3] stp disable
[Sysname2-GigabitEthernet4/1/3] port link-aggregation group 1
# Configure a static route from Switch B through interface Tunnel 4/0/1 to Group1.
[Sysname2] ipv6 route-static 2002::0 64 Tunnel 4/0/1
1.5 Troubleshooting GRE
The GRE configurations are relatively simple. The key is to keep the configurations consistent. Most faults can be located by using the debugging gre or debugging tunnel command. This section analyzes only one type of fault, as shown in Figure 1-9. Switch A connects to Switch B via an IPv4 network. PC A and PC B run IPv4 and they are connected to each other via a GRE tunnel between Switch A and Switch B.
Symptom: The interfaces at both ends of the tunnel are configured correctly and can ping each other, but PC A and PC B cannot ping each other.
Solution:
l On Switch A and Switch B, carry out the display ip routing-table command in any view respectively. On Switch A, observe whether there is a route from itself through Tunnel 1/0/0 to 10.2.0.0/16. On Switch B, observe whether there is a route from itself through Tunnel 1/0/0 to 10.1.0.0/16.
l For any missing static routes, use the ip route-static command in system view to configure.
