ryabutler Mon, 01/26/2009 - 15:43

I like to configure GRE (mainly with DMVPN configuration) to allow dynamic routing and multicast for example to work. Building standard VPN tunnels creates virtual interfaces, which lacks with providing some of those capabilities.

Here is a simple GRE configuration ...

>> R1

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

interface FastEthernet0/1

ip address 192.168.10.1 255.255.255.0

interface Tunnel0

ip address 10.10.10.1 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 192.168.1.2

router eigrp 1

network 10.10.10.0 0.0.0.3

network 192.168.10.0

no auto-summary

>> R2

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

interface FastEthernet0/1

ip address 192.168.20.1 255.255.255.0

interface Tunnel0

ip address 10.10.10.2 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 192.168.1.1

router eigrp 1

network 10.10.10.0 0.0.0.3

network 192.168.20.0

no auto-summary

gauravbisht Tue, 01/27/2009 - 02:59

Hi Carl,

GRE tunnel is used when you want to send your management traffic over your tunnel (i.e routing protocol updates or other routing information.)

Router1 connecte to internet via FastEth0/0

Router2 connected to internet via FastEth0/1

(Router1)<---->(internet cloud)<---->(Router2)

Router1--Fa0/0=10.0.0.1/30

Router2--Fa0/1=50.0.0.1/30

Step1: Create tunnel interface.

Step2: Assign ip address to tunnel interface.

Step3: configure tunnel source ip.

step4: Configure tunnel destination ip.

Step5: Specify tunnel mode(Optional GRE is default)

Router 1 configuration

------------------------

#conf t

(config)#int tunnel 1

(config_if)#ip address 1.1.1.1 255.255.255.252

(config_if)#tunnel source 10.0.0.1

(config_if)#tunnel destination 50.0.0.1

(config_if)#tunnel mode gre

Router 2 configuration

------------------------

#conf t

(config)#int tunnel 1

(config_if)#ip address 1.1.1.2 255.255.255.252

(config_if)#tunnel source 50.0.0.1

(config_if)#tunnel destination 10.0.0.1

(config_if)#tunnel mode gre

But GRE tunnel not provide any enctyption or hashing.

your can use authentication by giving command in tunnel interface

(config_if)#key Cisco#234

key should be same on both tunnels end here example is Cisco#234

Fore more security you can use IPSec over GRE tunnel.

carl_townshend Tue, 01/27/2009 - 07:25

hi there, can someone please give me a sistutation or example of when youwould need to use them, im still not aware why they are needed

thanks

mszeftawy Sun, 02/01/2009 - 04:53

Hi Carl

the tunnel interfaces are used as described above to run dynamic or static routing or bundling links between routers.

also tunnles keepalives are commanly used to overcome the black holes caused by certain type of connections when they still up while the link has mideway problem in L1 or L2.

1 more point to be clear is you can configure the tunnle interfaces between routers that are not directly connected so you can run dynamic routing between them and bypath any intermdiate hops

 

carl_townshend Wed, 02/04/2009 - 04:05

i am still unsure why people would need them, can anyone elaborate on this, ie give a situation when I would need one ?

mamendoza Mon, 02/09/2009 - 18:09

Carl,

For GRE without the IPSec, let's say you have a remote site that is connected via a dedicated circuit by your service provider and you don't want to share routing tables with the provider, but still want to provide routing for your remote site. With perhaps just a static route to the tunnel destinations on each router you can provide full routing for your remote site through the GRE tunnel.

gkuzmowycz Fri, 02/13/2009 - 10:46

I'll give another example. We have MPLS connectivity among our regional offices and home office. We route traffic over that using BGP. However, our carrier does not support multicast traffic over BGP over MPLS, yet we need to send multicast traffic to our regional offices. Hence, GRE tunnels to each.

Actions

This Discussion