Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
842
Views
0
Helpful
2
Replies

GRE and VRF configuration curiosly working

Go to solution
parisdooz12
Level 1
Level 1

‎02-19-2012 01:04 PM - edited ‎03-04-2019 03:20 PM

Hi,

I tried to configure a GRE tunnel between 2 VRFs, with following caracteristics:

- the tunnel interfaces are in the VRF

- the source & destination of the tunnel are in the global routing table

What is strange is that it works, but I don't understand well why.

Here are some details:

R1:

interface Tunnel0

ip vrf forwarding vpn1

ip address 192.168.0.1 255.255.255.0

tunnel source 80.1.0.2

tunnel destination 80.2.0.2

!

R2:

interface Tunnel0
ip vrf forwarding vpn1
ip address 192.168.0.2 255.255.255.0
tunnel source 80.2.0.2
tunnel destination 80.1.0.2

80.x.x.x subnets are in global table.

I tried a "ping vrf vpn1" from R1 to R2 (I created a loopback in the vrf VPN1 and static route to reach it). The ping works

Whar I don't understand: my packet leaves R1, encapsulated into the GRE tunnel. But inside the packet, I don't see chat information can permit to R2 router to know to which VRF the packet is the destination.

Someone has any idea??

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎02-19-2012 01:33 PM

Hello,

When a GRE packet arrives, its outer IP header is analyzed and matched to existing Tunnel interfaces. The packet will be processed by the particular Tunnel interface whose tunnel source matches the destination address in the outer IP header and whose tunnel destination matches the source address in the outer IP header. This way, any tunnelled packet is associated with a proper Tunnel interface.

Now, the Tunnel interface itself resides in the VRF "vpn1" according to your configuration, so the inner IP packet after decapsulating the outer IP+GRE is processed within that VRF. That makes the inner IP packet to be processed withing the proper VRF while the outer IP header was processed by the global routing table.

Therefore, no specific VRF information is placed into your GRE-encapsulated packets. It is only a matter of appropriate associating the incoming GRE packets with corresponding Tunnel interfaces, and processing the tunnelled IP packets according to the VRF the Tunnel interface is placed into.

Please feel welcome to ask further.

Best regards,

Peter

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎02-19-2012 01:33 PM

Hello,

When a GRE packet arrives, its outer IP header is analyzed and matched to existing Tunnel interfaces. The packet will be processed by the particular Tunnel interface whose tunnel source matches the destination address in the outer IP header and whose tunnel destination matches the source address in the outer IP header. This way, any tunnelled packet is associated with a proper Tunnel interface.

Now, the Tunnel interface itself resides in the VRF "vpn1" according to your configuration, so the inner IP packet after decapsulating the outer IP+GRE is processed within that VRF. That makes the inner IP packet to be processed withing the proper VRF while the outer IP header was processed by the global routing table.

Therefore, no specific VRF information is placed into your GRE-encapsulated packets. It is only a matter of appropriate associating the incoming GRE packets with corresponding Tunnel interfaces, and processing the tunnelled IP packets according to the VRF the Tunnel interface is placed into.

Please feel welcome to ask further.

Best regards,

Peter

0 Helpful

Go to solution
parisdooz12
Level 1
Level 1
In response to Peter Paluch

‎02-19-2012 01:55 PM

Understood, many thanks for your clear explanations!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card