Tunnel key in PTP GRE tunnel

sarahr202 · ‎06-28-2016

Hi everybody

I am trying to understand how a router picks a particular GRE tunnel to decapsulate GRE encapsulated packet.

Please consider the following illustration:

SET UP:

As can be seen both R2/R3 has two GRE tunnels using same tunnel source and tunnel destination. We issue ping 24.24.24.4 (PC4 ) on PC5 ( which uses source IP 35.35.35.5 , this ping is delivered to PC5's gateway ( R3) : Following will occur:

1) R3 has a static route 0.0.0.0/0 192.192.192.2, recursive look up on R3 shows outgoing interface to be a tunnel0.

2) R3 encapsulates the packet with SRC IP 13.13.13.3 and destination IP 21.21.21.2 , the packet is routed and arrives on R2;

Now what GRE tunnel ( tunnel 0 or tunnel1) will be used to decapulate this GRE packet?

This is what I see:

I shutdown tunnel 1 and leave tunnel 0 up and up and capture traffic on the link between R2--PC4.

R2(config)#interface tunnel 1
R2(config-if)#shut
*Mar 1 01:01:11.039: %LINK-5-CHANGED: Interface Tunnel1, changed state to administratively down

Below we can see GRE header is no longer present, indicating successful decapsulation of GRE header on R2 using tun0:

Next I unshut tun1 and disable tun0:

R2(config)#interface tunnel 0
R2(config-if)#shut
R2(config)#interface tun
R2(config)#interface tunnel 1
R2(config-if)#no shut

*Mar 1 01:07:42.527: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up

Again we issue ping from PC5 tp PC4 24.24.24.4 and capture traffic on the link between R2--PC4:

Again we see R2 is able to decapsulate GRE encapsulated packet using tun1

GRE encapsulated packet arriving at R2 from internet has no info for R2 to pick specific GRE tunnel ( there is no tunnel id):

but yet R2 still able to pick a tunnel to de-capsulate it. as shown below:

Both tunnel are up:

R2#show interfaces tunnel 0
Tunnel0 is up, line protocol is up

R2#show interfaces tunnel 1
Tunnel1 is up, line protocol is up

Packet capture on the link between R2--PC4:

Questions:

1) How does R2 determine which GRE tunnel to pick to decapsulate the packet?

In this case we have seen it is not required to have tunnel key when we have multiple tunnels configured on the same router ( here R2) using same tunnel source and tunnel destination in case of PTP GRE tunnels.

Your input will be appreciated!!

Thanks and have a great day.

ADDITIONAL INFO:

R2 is using tun1 to decapsulate the packet. tun0 is used when tun1 is down:

Both tunnel are up:

R5 ping PC4:
Sending 5, 100-byte ICMP Echos to 24.24.24.4, timeout is 2 seconds:
!!!!!

Below we see TUN1 counters increment. It was only when Tun1 is dwon, does TUN0 counters increment.

Philip D'Ath · ‎06-28-2016

As you have correctly observed, when their are multiple GRE tunnels terminating on a single IP address on a router the router also uses the tunnel key to determine which tunnel the packet should belong to.

sarahr202 · ‎06-30-2016

Hi Philip,

Thanks for your response.

Still not sure how does a router pick a tunnel to decapsulate GRE encapsulated packet? In my example, both tunnels can be used to decapsulate GRE encapsulated packet, in my example R2 happens to pick Tun1, when both tunnels are up, R2 only picks TUN0 when Tun1.

Not sure if it is documented anywhere: How does R2 determine to pick Tun2?

Have a nice day!

Philip D'Ath · ‎06-30-2016

It de-encapsulates the packet first. Then it does a match on IP addresses and then the tunnel key.

sarahr202 · ‎06-30-2016

Thanks Philip for the response.

It de-encapsulates the packet first. Then it does a match on IP addresses and then the tunnel key

This is my understanding, others can provide their feed backs:

In order to decapsulate the GRE encapsulted packet , router needs to first determine which GRE tunnel will be used to decapsulate it, once decapsulated, then original IP packet is now exposed and ready for route look up and be forwarded.

Thanks,