Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1471
Views
10
Helpful
7
Replies

GRE TuNNEL ADDRESS

Go to solution
ahmedsid432135621
Level 1
Level 1

‎01-26-2021 07:30 PM

I was looking at GRE DMVPN and have a basic idea. can anyone tell me what role the tunnel interface ip address plays in the GRE tunnel process. reason i am asking is that we have tunnel source and tunnel destination addresses as the overlay address and it seem to me that the tunnel interface address plays no role. although i maybe wrong here.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎01-27-2021 06:14 AM

The original poster has asked 2 versions of the question:

1) does the tunnel IP address play any role? The answer to this question is yes the IP address plays an important role - having an IP address on the interface enables IP processing on the interface. If there was no IP address then there would be no IP processing.

2) then the question is changed to is the interface address used in the encapsulation process? The answer to this question is that no the tunnel IP is not used in the encapsulation. The tunnel IP might appear in the payload of the packet (for example as the source address for a routing protocol update, or as the source address for a ping from the router to some destination reached via the tunnel) but is not used for encapsulation.

HTH

Rick

View solution in original post

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-27-2021 03:31 PM

Without tunnel IPs, how would you effectively use a "tunnel" at L3? (NB: you can also have L2 tunnels running across an IP network, e.g. L2TPv3.)

The tunnel IPs are what form the effective virtual L3 link between the physical tunnel's end points.

You later ask are either the internal or external tunnel IP used in the encapsulation process.  Internal no, external yes.  The latter becomes the tunnel packet's physically routable IPs.

However, the internal tunnel IPs are often used for routing purposes across the virtual link which generally ties together the internal network's networks, the latter being "invisible" to the physical networks the tunnel transits.

View solution in original post

7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2021 07:39 PM

I suggest understanding how DMVPN works and how the information carried over the header.

 

we often refer to an underlay and overlay network:

  • The underlay network is the network we use for connectivity between the different routers, for example the Internet.
  • The overlay network is our private network with GRE tunnels.

 

small example information that clarify you :

 

https://networklessons.com/cisco/ccie-routing-switching/introduction-to-dmvpn 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
ahmedsid432135621
Level 1
Level 1
In response to balaji.bandi

‎01-26-2021 07:41 PM

the link seems to be a dead link.  to clarify my question further, is the interface address used in the encapsulation process or the tunnel source and destination is used?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to ahmedsid432135621

‎01-26-2021 07:46 PM

Copy and paste on the browser, Looks when you click the link it adding some other content to the URL, May be a community forum issue - will report background.

 

https://networklessons.com/cisco/ccie-routing-switching/introduction-to-dmvpn 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-27-2021 12:02 AM

Hello,

 

--> it seems to me that the tunnel interface address plays no role.

 

In short, you are exactly right. The tunnel interface address is completely arbitrary and can be any address. All that matters is the NHRP mapping. As in the example below, the tunnel address can be whatever you want it to be, as long as as it is mapped.

 

interface Tunnel0
ip address 172.16.1.2 255.255.255.0
no ip redirects
ip nhrp authentication dmvpn
ip nhrp map 172.16.1.1 97.12.13.1
ip nhrp map multicast 97.12.13.1
ip nhrp network-id 1
ip nhrp holdtime 60
ip nhrp nhs 172.16.1.1
ip nhrp registration timeout 30
ip nhrp shortcut
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN_PROFILE

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-27-2021 12:32 AM

Hello @ahmedsid432135621 ,

>> it seem to me that the tunnel interface address plays no role. although i maybe wrong here.

 

In DMVPN we configure a tunnel source address that is the exit interface , we do not configure a tunnel destination address but we use

tunnel mode gre multipoint.

The tunnel address is used to build a logical flat subnet between all DMVPN peers and it is used to exchange routing information.

However, another very important protocol is NHRP .

NHRP is a resolution protocol like ARP it allows a DMVPN spoke router to find out the WAN public address of another spoke by simply knowing the internal private address of that spoke asking to the NHRP server ( that is the HUB of the DMVPN).

All spokes register with NHRP server providing the mapping private / WAN addresses for each of them

 

So we cannot say that internal tunnel address plays no role , it provides a logical flat subnet that allows to run IGP protocols like OSPF or EIGRP over it.

To be noted routing exchanges are performed only between spokes and the hub ( or hubs).

 

Most of the job is done by NHRP.

 

Finally IPSec is used for protecting the traffic that travels over DMVPN using an IPsec profile.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎01-27-2021 06:14 AM

The original poster has asked 2 versions of the question:

1) does the tunnel IP address play any role? The answer to this question is yes the IP address plays an important role - having an IP address on the interface enables IP processing on the interface. If there was no IP address then there would be no IP processing.

2) then the question is changed to is the interface address used in the encapsulation process? The answer to this question is that no the tunnel IP is not used in the encapsulation. The tunnel IP might appear in the payload of the packet (for example as the source address for a routing protocol update, or as the source address for a ping from the router to some destination reached via the tunnel) but is not used for encapsulation.

HTH

Rick

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-27-2021 03:31 PM

Without tunnel IPs, how would you effectively use a "tunnel" at L3? (NB: you can also have L2 tunnels running across an IP network, e.g. L2TPv3.)

The tunnel IPs are what form the effective virtual L3 link between the physical tunnel's end points.

You later ask are either the internal or external tunnel IP used in the encapsulation process.  Internal no, external yes.  The latter becomes the tunnel packet's physically routable IPs.

However, the internal tunnel IPs are often used for routing purposes across the virtual link which generally ties together the internal network's networks, the latter being "invisible" to the physical networks the tunnel transits.

Customers Also Viewed These Support Documents