Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
4
Replies

GRE tunneling

trackjg24
Level 1
Level 1

‎01-27-2007 12:05 PM - edited ‎03-03-2019 03:31 PM

My company has a MPLS WAN, bascially any site can talk to any other remote site thru the MPLS cloud. In a month we will be having a disaster recovery drill. During this Drill we will enable the MPLS interfaces at our DR site and will also keep the production network up at the same time. Our problem is we don't want the sites that we are testing to talk on the production network, but talk on the DR network. At the same time we don't want any sites that are on the production network to talk to our DR network. Since the servers that are being restored use the same IP addresses as they would on the production network.

Our ISP suggested we do GRE tunneling to accomplish what we want to do during the drill. During an actual disaster everything would work normally, because our central site would be out of commission and the DR site would be the new corportate.

Here is a config that I have found on the net:

Router A:

interface Ethernet0/1

ip address 10.2.2.1 255.255.255.0

interface Serial0/0

ip address 192.168.4.1 255.255.255.0

interface Tunnel0

ip address 1.1.1.2 255.255.255.0

tunnel source Serial0/0

tunnel destination 192.168.4.2

Router B:

interface FastEthernet0/1

ip address 10.1.1.1 255.255.255.0

interface Serial0/0

ip address 192.168.4.2 255.255.255.0

interface Tunnel0

ip address 1.1.1.1 255.255.255.0

tunnel source Serial0/0

tunnel destination 192.168.4.1

My only concern with this config is that I will want to connect 2 more sites to talk to the host site, can this be done with just one tunnel on the host side, or do I need to create multiple tunnels (one for each site). Any help with this would be appreciated.

Labels:
0 Helpful
4 Replies 4

autobot130
Level 1
Level 1

‎01-27-2007 12:57 PM

Are you running BGP to your provider's PE router? Be aware of what routing protocol takes precedence, especially when your using GRE tunnels. The GRE tunnel would establish neighbors with your IGP, such as EIGRP.

If you are using native BGP to the provider PE router, it has the AD of 20 vs. your IGP which should be a lot higher. That means the GRE will be the backup route.

If you want multiple tunnels, you may want to look into DMVPN tunnels do you dont have to manually configure all the individual GRE tunnels.

0 Helpful

trackjg24
Level 1
Level 1
In response to autobot130

‎01-28-2007 07:15 AM

We are using EIGRP neighboors. WE would only be setting up a couple tunnels, since we are only testing 1 or 2 sites. Thanks for the input.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎01-27-2007 01:40 PM

Matt

The traditional implementation of GRE (which is what this configuration is) is a point to point connection. So yes you would need multiple tunnels - one for each site.

Here are a couple of things to keep in mind about using GRE tunnels:

- this example shows the GRE tunnel running over a point to pont serial connection. Many GRE implementations have the source in one subnet and the destination in a different subnet, with multiple hops in between.

- the tunnel destination must be reachable, independent of the operation of the tunnel. (the tunnel destination must be reachable before the tunnel comes up.) So before you configure the tunnel you might ping to the destination to be sure that it is really reachable.

- be careful about advertising the subnets of the tunnel source and the tunnel destination in any routing protocol that will run over the tunnel. Advertising these subnets can result in a problem of recursive lookup in which it appears that the tunnel destination is reachable by going through the tunnel.

- if you are going to run a dynamic routing protocol over the tunnel be aware that the routers connected by tunnel will appear to be one hop away from each other, even though the physical path may be multiple hops. This can have the effect of making destinations look more favorable through the tunnel than they might otherwise be.

GRE tunnels work quite well. I have implemented many GRE tunnels in a variety of situations and they can be quite effective.

HTH

Rick

HTH

Rick
0 Helpful

bbiandov
Level 1
Level 1
In response to Richard Burts

‎01-28-2007 09:38 AM

trackjg24 -

post your route table, this is where it gets tricky, I had to spend some time figuring out how to route default gw traffic across GRE

I guess that is one area of confusion, but routing selected subnets should be cool tho the routing table does tell the whole picure

Thsnks

Boyan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card