RIP with Tunnel ?

ravikant_a · ‎09-25-2002

Is it possible to use RIP as routing protocol with GRE tunnel set on a VPN network ? . As we are trying to reach the remote office via a VPN service provider. Also if we want to use static routes then what is the advantage? can we use only static routes instead of RIP ?.

We are currently using 3640[12.0(4)T,Serial] at one end and 1750[12.0(5)XQ1,serial ] at remote end.

Thanks,

Ravikant.

steve.barlow · ‎09-25-2002

Yes it is possible to run RIP over GRE. Assign the tunnel interface an IP and add that subnet to the RIP process. Static routing can also be used though. Static routes will take less of your bandwidth but don't scale very well (not that rip does very well at that either). If you only have a few sites or a few routes, static routes are fine and easier. Have them point at the tunnel, and if the tunnel drops the routes drop (and a backup route could kick in if you have one). If you have more sites, then look to use a routing protocol like EIGRP (or RIP if you have to).

Hope that helps.

Steve

vcjones · ‎09-25-2002

Actually, GRE tunnels have a nasty habit of never going down, even when they are not connected, so if you want to have a backup path kick in, you must run a routing protocol over the tunnel to detect tunnel failure. Note that you can still use a floating static route to activate the backup route, you just can't depend on a static route pointing to the tunnel to disappear when the tunnel dies.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

steve.barlow · ‎09-25-2002

If interface tunnel0 can't reach it's tunnel destination, the tunnel interface is down. Also, "keepalive packets are GRE IP packets, so it is possible that they will be dropped somewhere between the GRE tunnel endpoints. To reduce the chance that dropped keepalive packets will cause the tunnel interface to be taken down, increase the number of retries." Recursive routing will also temporarily down a tunnel. A tunnel is not the same as a loopback.

Steve

vcjones · ‎09-27-2002

Last time I checked this, a tunnel would only go down if there was no useful path to the other end. If a default route is in the routing table, then there will always be a useful path unless the path is declared invalid due to recursion.

In other words, if "show ip route " returns "unknown" the tunnel is down, but if it returns a next hop, the tunnel is up, whether or not the is actually reachable.

Yes, I ignored recursive routing in my initial post because I consider recursive tunnel routing a configuration error rather than a network failure, and consequently not relevant to the original poster who appeared to have a properly configured tunnel.

Vincent C Jones

ravikant_a · ‎09-28-2002

Thanks for the valuable suggestions !

As per the service provider’s plan we have to use static it seems. Is it mandatory to use the same routing protocol (RIP/Static) as that of service provider’s with our both the ends being remote & not central ones ?.

Also what is a backup route ? & how to configure it?

Why the tunnel source is loopback interface though tunnel interface has its own IP?.

Please suggest some resources for configuring a GRE(plain without Ipsec or any kind of encryption should support 12.0(4)T ) tunnel.

Regards,

Ravikant.

steve.barlow · ‎09-28-2002

I don't know why the provider would tell you, or care, what you use for routing. You can use whatever you want.

A backup route is a route (path) to the same destination as another route but with a higher admin distance. For example, rip has an admin distance (see link http://www.cisco.com/warp/public/105/admin_distance.html) of 120, static routes have 1. So if you used rip, you would create a static route with an admin distance of higher than 120 to create a backup route, for example 200 (ip route x.x.x.x 255.255.255.0 y.y.y.y 200 - when x.x.x.x is the destination and y.y.y.y is the backup next hop).

The tunnel source is an interface as the router must know the tunnel endpoint addresses (ie where does the tunnel begin and end). The tunnel ip is the subnet that the tunnel is on (ie it is like any other interface, needs an IP, other end point must be on same subnet).

Here is a like link on GRE and ipsec and OSPF (sub ospf with rip) : http://www.cisco.com/warp/public/707/gre_ipsec_ospf.html

Hope it helps.

Steve

ravikant_a · ‎09-30-2002

Dear Steve,

Thanks for the help & suggestions.

I think I am still to understand the loopback interface properly. As tunnel ip is the subnet ip of the subnet on which the other endpoint being set on the same subnet, is the logic applies to the loopback interface also? or one is free to assign any Ip(even subnet mask of 255.255.255.255 ) to a loopback interface?.

With best regards,

Ravikant.

steve.barlow · ‎09-30-2002

You can definitely have:

!

interface Loopback0

ip address 10.10.10.10 255.255.255.255

no ip directed-broadcast

!

The address/subnet must be unigue on the network or you will have routing problems.

Interface Tunnel IP must be on the same subnet as the peers interface tunnel (as the tunnel is seen as any other link), but that subnet can't be used else where on your network (or you will have routing problems).

Loopback's are used if you want to change your router ID (example for OSPF) but you can't renumber a physical interface. It is also good for peering in BGP and DLSW+, as the interface never goes down (unless you admin down it), and if your peer has multiple paths to you, they peer with the loopback so that if one path dies, you are still peered. They can be used in almost any situation you want if you always want the interface to be up (eg Ipsec tunnel).

Steve