- Gre (Generic Routing Protocol) is ip protocol 47 it is used to transport payload protocols over an ipv4 network.
- It supports pretty much anything as it payload ipv6,ipv4,clns,multicast so on.
- You can even encap frame relay over.
- You are transpartenly tunnnelling over multiple routers switches from one end point to another so the two devices believe they are directly connected.
- Watch gre does not pick up tunnel destination via tunnel it needs a non tunnel route for the tunnel destination you will see an error similar to %tun5 recudown
- We should use prefix list or some sort of filtering to ensure this
- Gre is stateless the tunnel will stay up as long as it has a valid source. Also the destination must be in the routing table
- But in the case you have static route pointing at the destination at interface it will be in the routing table so it is very possible the tunnel could be down one end up another end
- There is feature called tunnel keepalives a light weight that consistenly checks reachability to the tunnel interface
- Gre is the default when we enter tunnel config mode
- Gre tunnel keep alives do not require the sender to support the keepalive. It can do this by encapsulating the the gre reply header in the keep alive so the destination takes off the header and find the inner header with return address of the source
- Keepalive timers do not have to match both ends they are completely independent
- Packet Format for IPV4 Gre Tunnel
Commands
int tunnel 1
ip address " ip"
tunnel source lo0
tunnel destination "remote end ip"
keep alive 5 4 - where 5 in this case is the frequency and 4 is the retry before considerd down
LAB 1 General Gre tunnel
-------------------------
OK for this lab i will use
r1>connecto>>s1>>>connectto>sw3>>connectto>sw4
I will create a tunnel between r1 and sw4
i will just enable eigrp on all network devices in the lab so r1 s1 sw3 sw4
R1 one of the tunnel endpoints
-------------------------------
So start off by configuring eigrp
r1#config t
Enter configuration commands, one per line. End with CNTL/Z.
r1(config)#int fa0/0
r1(config-if)#ip address 172.25.15.1 255.255.255.0
r1(config-if)#no shut
r1(config-if)#exit
r1(config)#
r1(config)#
*Mar 1 00:25:36.907: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
r1(config)#ro
*Mar 1 00:25:39.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to
r1(config)#router eigrp 2
r1(config-router)#no auto
r1(config-router)#network 172.25.15.0
r1(config-router)#
next i will configure a loopback,advertise in eigrp and configure the tunnel interface
r1(config)#int lo0
r1(config-if)#ip address 1.1.1.1 255.255.255.255
r1(config-if)#
r1(config)#router eigrp 2
r1(config-router)#network 5.5.5.5
r1(config-router)#no network 5.5.5.5
r1(config-router)#network 1.1.1.1
r1(config-router)#
r1(config)#int tunnel 1
r1(config-if)#
*Mar 1 00:29:26.279: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
r1(config-if)#tunnel mode ? >>>>>>> just showing different tunnel modes gre is default which is ok for this lab
aurp AURP TunnelTalk AppleTalk encapsulation
cayman Cayman TunnelTalk AppleTalk encapsulation
dvmrp DVMRP multicast tunnel
eon EON compatible CLNS tunnel
gre generic route encapsulation protocol
ipip IP over IP encapsulation
ipsec IPSec tunnel encapsulation
iptalk Apple IPTalk encapsulation
ipv6 Generic packet tunneling in IPv6
ipv6ip IPv6 over IP encapsulation
nos IP over IP encapsulation (KA9Q/NOS compatible)
rbscp RBSCP in IP tunnel
so this is the tunnel config
r1(config)#do sh run int tunnel 1
Building configuration...
Current configuration : 113 bytes
!
interface Tunnel1
ip address 10.0.0.7 255.255.255.0 >>>>> tunnel ip will be in the same subnet as other endpoint
tunnel source Loopback0 >>>i am using the lo0 as the source could have put ip either
tunnel destination 4.4.4.4 >>>> destination of sw4 lo0 inter
end
r1(config)#
ok on sw1 and sw3 i will just configure eigrp i will not show it as it is just base eigrp config
on router 4
============
router eigrp 2
network 4.0.0.0
network 172.25.0.0
no auto-summary
switch4#sh run int tunnel 1
Building configuration...
Multicast is not supported on tunnel interfaces
Current configuration : 113 bytes
!
interface Tunnel1
ip address 10.0.0.8 255.255.255.0
tunnel source Loopback0
tunnel destination 1.1.1.1
end
I can ping the other tunnel end point.
switch4#ping 10.0.0.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
switch4#
switch4#sh int tunnel 1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.0.0.8/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 4.4.4.4 (Loopback0), destination 1.1.1.1, fastswitch TTL 255
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
Checksumming of packets disabled, fast tunneling enabled
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buf
The tunnel is up up and notice the bandwidth is very low + delay is high so eigrp will not natively select as a route to the destination 1.1.1.1
switch4(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/161280] via 172.25.8.1, 00:09:55, Port-channel10
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
172.25.0.0/24 is subnetted, 3 subnets
D 172.25.15.0 [90/33280] via 172.25.8.1, 00:09:55, Port-channel10
D 172.25.9.0 [90/13568] via 172.25.8.1, 00:09:55, Port-channel10
C 172.25.8.0 is directly connected, Port-channel10
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Tunnel1
the only thing pointing at the tunnel is the tunnel subnet 10.0.0.0
I will make it more preferable going out the tunnel for traffic i do this by going under
interface tunnel
bandwidth 10000
delay 1
I also advertised on both r1 and sw4 network 10.0.0.0 so they formed a eigrp relationship over th tunnel
01:07:03nected, Tunnel1
switch4#: %SYS-5-CONFIG_I: Configured from console by console
01:07:04: %TUN-5-RECURDOWN: Tunnel1 temporarily disabled due to recursive routing
01:07:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
01:07:05: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 2: Neighbor 10.0.0.7 (Tunnel1) is down: interface down
01:08:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
01:08:06: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 2: Neighbor 10.0.0.7 (Tunnel1) is up: new adjacency
01:08:14: %TUN-5-RECURDOWN: Tunnel1 temporarily disabled due to recursive routing
01:08:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
01:08:15: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 2: Neighbor 10.0.0.7 (Tunnel1) is down: interface down
the tunnel is brought down as it is looking at the tunnel to get to the tunnel destination
to change this i will do a distribute list on each endpoint to stop advertising the tunnel sources over the tunnel
SW4
---
ip prefix-list EOGHAN seq 5 deny 4.0.0.0/32
ip prefix-list EOGHAN seq 10 permit 0.0.0.0/0 le 32
router eigrp 2
network 4.0.0.0
network 172.25.0.0
network 0.0.0.0
distribute-list prefix EOGHAN out Tunnel1
no auto-summary
r1
---
ip prefix-list EOGHAN seq 5 deny 1.0.0.0/32
ip prefix-list EOGHAN seq 10 permit 0.0.0.0/0 le 32
router eigrp 2
distribute-list prefix EOGHAN out Tunnel1
no auto-summary
this sorts it out the tunnel is backup
switch4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/161280] via 172.25.8.1, 00:34:21, Port-channel10
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
172.25.0.0/24 is subnetted, 3 subnets
D 172.25.15.0 [90/28416] via 10.0.0.7, 00:00:56, Tunnel1
D 172.25.9.0 [90/13568] via 172.25.8.1, 00:00:56, Port-channel10
C 172.25.8.0 is directly connected, Port-channel10
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Tunnel1
switch4#sh run | router eg
watch out when applying the distribute list on eigrp
distribute-list prefix EOGHAN out Tunnel1
the prefix keyword is essential to look at the prefix list i kept having problems with this i done
distribute-list EOGHAN out Tunnel1
and it would create a blank standard access-list in the running config and tunnel remained down
No comments:
Post a Comment