02-19-2012 01:04 PM - edited 03-04-2019 03:20 PM
Hi,
I tried to configure a GRE tunnel between 2 VRFs, with following caracteristics:
- the tunnel interfaces are in the VRF
- the source & destination of the tunnel are in the global routing table
What is strange is that it works, but I don't understand well why.
Here are some details:
R1:
interface Tunnel0
ip vrf forwarding vpn1
ip address 192.168.0.1 255.255.255.0
tunnel source 80.1.0.2
tunnel destination 80.2.0.2
!
R2:
interface Tunnel0
ip vrf forwarding vpn1
ip address 192.168.0.2 255.255.255.0
tunnel source 80.2.0.2
tunnel destination 80.1.0.2
80.x.x.x subnets are in global table.
I tried a "ping vrf vpn1" from R1 to R2 (I created a loopback in the vrf VPN1 and static route to reach it). The ping works
Whar I don't understand: my packet leaves R1, encapsulated into the GRE tunnel. But inside the packet, I don't see chat information can permit to R2 router to know to which VRF the packet is the destination.
Someone has any idea??
Solved! Go to Solution.
02-19-2012 01:33 PM
Hello,
When a GRE packet arrives, its outer IP header is analyzed and matched to existing Tunnel interfaces. The packet will be processed by the particular Tunnel interface whose tunnel source matches the destination address in the outer IP header and whose tunnel destination matches the source address in the outer IP header. This way, any tunnelled packet is associated with a proper Tunnel interface.
Now, the Tunnel interface itself resides in the VRF "vpn1" according to your configuration, so the inner IP packet after decapsulating the outer IP+GRE is processed within that VRF. That makes the inner IP packet to be processed withing the proper VRF while the outer IP header was processed by the global routing table.
Therefore, no specific VRF information is placed into your GRE-encapsulated packets. It is only a matter of appropriate associating the incoming GRE packets with corresponding Tunnel interfaces, and processing the tunnelled IP packets according to the VRF the Tunnel interface is placed into.
Please feel welcome to ask further.
Best regards,
Peter
02-19-2012 01:33 PM
Hello,
When a GRE packet arrives, its outer IP header is analyzed and matched to existing Tunnel interfaces. The packet will be processed by the particular Tunnel interface whose tunnel source matches the destination address in the outer IP header and whose tunnel destination matches the source address in the outer IP header. This way, any tunnelled packet is associated with a proper Tunnel interface.
Now, the Tunnel interface itself resides in the VRF "vpn1" according to your configuration, so the inner IP packet after decapsulating the outer IP+GRE is processed within that VRF. That makes the inner IP packet to be processed withing the proper VRF while the outer IP header was processed by the global routing table.
Therefore, no specific VRF information is placed into your GRE-encapsulated packets. It is only a matter of appropriate associating the incoming GRE packets with corresponding Tunnel interfaces, and processing the tunnelled IP packets according to the VRF the Tunnel interface is placed into.
Please feel welcome to ask further.
Best regards,
Peter
02-19-2012 01:55 PM
Understood, many thanks for your clear explanations!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide