cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to configure a GRE tunnel

361970
Views
68
Helpful
38
Comments

 

 

Introduction:

Tunneling provides a mechanism to transport packets of one protocol within another protocol. The protocol that is carried is called as the passenger protocol, and the protocol that is used for carrying the passenger protocol is called as the transport protocol. Generic Routing Encapsulation (GRE) is one of the available tunneling mechanisms which uses IP as the transport protocol and can be used for carrying many different passenger protocols. The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.

 

The below diagram shows encapsulation process of GRE packet as it traversers the router and enters the tunnel interface:

 

GRE1.jpg

Configuring GRE Tunnel:

 

Configuring a GRE tunnel involves creating a tunnel interface, which is a logical interface. Then you must configure the tunnel endpoints for the tunnel interface.

 

To configure the tunnel source and destination, issue the tunnel source {ip-address | interface-type} and tunnel destination {host-name | ip-address} commands under the interface configuration mode for the tunnel.

 

The below example explain about how to create simple GRE tunnels between endpoints and the necessary steps to create and verify the GRE tunnel between the two networks.R1's and R2's Internal subnets(192.168.1.0/24 and 192.168.2.0/24) are  communicating with each other using GRE tunnel over internet.Both Tunnel interfaces are part of the 172.16.1.0/24 network.

 

gre2.jpg

 

First step is to create our tunnel interface on R1 and R2 :

 

R1R2

R1(config)# interface Tunnel1

R1(config-if)# ip address 172.16.1.1 255.255.255.0

R1(config-if)# ip mtu 1400

R1(config-if)# ip tcp adjust-mss 1360

R1(config-if)# tunnel source 1.1.1.1

R1(config-if)# tunnel destination 2.2.2.2

R2(config)# interface Tunnel1

R2(config-if)# ip address 172.16.1.2 255.255.255.0

R2(config-if)# ip mtu 1400

R2(config-if)# ip tcp adjust-mss 1360

R2(config-if)# tunnel source 2.2.2.2

R2(config-if)# tunnel destination 1.1.1.1

 

Since GRE is an encapsulating protocol, we adjust the maximum transfer unit (mtu) to 1400 bytes and maximum segment size (mss) to 1360 bytes. Because most transport MTUs are 1500 bytes and we have an added overhead because of GRE, we must reduce the MTU to account for the extra overhead. A setting of 1400 is a common practice and will ensure unnecessary packet fragmentation is kept to a minimum.

 

After configuring tunnel,two tunnel endpoints can see each other can verify using an icmp echo from one end.

R1# ping 172.16.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

 

Workstations on either network will still not be able to reach the other side unless a routing is configure on each router.Here We will configure static route on both router.

 

R1(config)# ip route 192.168.2.0 255.255.255.0 172.16.1.2

R2(config)# ip route 192.168.1.0 255.255.255.0 172.16.1.1

 

Now both networks (192.168.1.0/24 and 192.168.2.0/24) are able to freely communicate with each other over the GRE Tunnel .

Reference:

Generic Routing Encapsulation (GRE)

Comments
Community Member

good explanation

Community Member

Great guide. If you're using Linux, there's also a Guide for Setting up a GRE Tunnel on a Cisco Router using Ubuntu AWS Client.

Community Member

Is GRE supported on N5548?  I am investigating possibility of setting up GRE between Cisco 4948-10GE and Nexus N5548.  If these is not possible, can you suggest any alternative options?

Beginner

I have an issue that enpdoints are able to reach each other only when i enter routes as:

R1: ip route 192.168.2.0/24 int tunnel1

R2: ip route 192.168.1.0/24 int tunnel1

Have anyone idea why doesn’t it works when i enter route by next hop address?

P.S. also i saw this type of routes on working enterprise routers that had been configured not by me

P.P.S all the test routers have only initial config of GRE by this article

Sorry for bad English

Beginner

this what i have under my config for.

Ip classless

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

ip route 192.168.1.0 255.255.255.0 172.16.1.1

 

both routers can ping them safe but can not ping one and the other  !!!

Beginner

Hi, I have an issue with my gre . The tunnel is up and there is reachability on the end points but goes down once I introduce keep alives configs. What could be the cause?

 

Thanks in advance,

Joel

Beginner

Hi, I have an issue with my GRE . The tunnel is up and there is reachability on the end points but goes down once I introduce keep alives configs. What could be the cause?

 

Thanks in advance,

Joel

Collaborator

The tunnel interface need to be on the same network?