Basic GRE Configuration

A GRE tunnel carries some Layer 3 protocol between two IP endpoints. During the initial use of GRE tunnels, the tunnel contents were typically any protocol except IP. Today, GRE tunnels are used to carry IP data over an IP network. But the GRE tunnel itself can be sent through an IPsec tunnel for security. Figure 14-2 shows a basic GRE tunnel setup.

Figure 14-2 GRE Tunnel Configuration

Figure 14-2 GRE Tunnel Configuration

interface serial 3/2 ip address 10.1.3.2 255.255.255.0 interface tunnel 2 ip addr 192.168.200.2 255.255.255.0 tunnel source serial 3/2 tunnel destination 172.16.1.2 tunnel mode gre ip interface serial 2/1 ip address 172.16.1.2 255.255.255.0 interface tunnel 0 ip address 192.168.200.1 255.255.255.0 tunnel source serial 2/1 tunnel destination 10.1.3.2 tunnel mode gre ip interface serial 3/2 ip address 10.1.3.2 255.255.255.0 interface tunnel 2 ip addr 192.168.200.2 255.255.255.0 tunnel source serial 3/2 tunnel destination 172.16.1.2 tunnel mode gre ip

The basic configuration components of a GRE tunnel include

■ A tunnel source (an interface or IP address local to this router)

■ A tunnel destination (an IP address of a remote router)

■ Tunnel traffic (data that travels through the tunnel, and is encapsulated by the GRE header)

In Figure 14-2, two IP endpoints have a GRE tunnel configured between them. The GRE tunnel is actually defined as an interface in each router. The GRE interface is what makes GRE multiprotocol. IPsec crypto maps can match only IP access lists. A router interface can be configured for, and thus transport, any protocol. The available protocols are dependent upon the Cisco IOS feature set installed.

TIP The Cisco Software Advisor (http://tools.cisco.com/Support/Fusion/FusionHome.do) helps select the appropriate IOS feature set for any given Cisco router platform.

The tunnel source and destination are IP interfaces. Thus, the GRE travels across an IP network. The protocol configured on the GRE interfaces is the data that travels through the GRE tunnel.

The GRE tunnel source on one end must match the destination on the other end, and vice versa. This IP validation is performed as the GRE tunnel is established. For proper routing through the GRE tunnel, a common subnet should be configured within the tunnel.

In Figure 14-2, IP is configured within the GRE tunnel. The two sites, as well as the tunnel itself, use RFC 1918 private addressing. IP routing flows between the sites through the GRE tunnel by means of your favorite routing protocol (not shown). For documentation purposes, the public network also uses private addressing, although this certainly is not a requirement.

Was this article helpful?

0 0

Post a comment