Solved: GRE Tunnel and IGP

inamprix1 · ‎04-25-2016

[[{"type":"media","fid":"1288046","view_mode":"default","link_text":null,"attributes":{"alt":"GRE Tunnel and IGP","title":"GRE Tunnel and IGP","height":"230","width":"829","class":"image-style-none media-element file-default"}}]]

Please see the picture above of two sites connected using FA 0/1 on R1 and R2 and a GRE Tunnel is formed.

Case 1:

We have a point-to-point connection between the two routers and the IP address assigned to FA 0/1 on R1 and R2 belong to same subnet. We then configure a GRE Tunnel on these as indicated in the topology:

Using IGP like eigrp and ospf we can peer Routers R1 and R2 using the tunnel and the point-to-point connections.
This will make redundant paths between two routers
This will form dual peer relationship between the two routers ( e.g. for EIGRP or OSPF).
Or we can just tunnel for peering between the two routers.

My Question:

What is the norm in this topology use both connection for iGP peering or just tunnel in real world?
What is the norm in this topology use both connection for iGP peering or just tunnel in an exam?

Case 2:

If Fa 0/1 on both the routers are just public IPs and actually don't belong to same subnet. Then i think we have to create a Tunnel between the two routers and then use the tunnel to peer the two routers for iGP.

My Question:

I just want to know this is a valid case and also do we get this case in a Exam?

Please comment on both cases freely, I just creating these two cases to clear my mind.

Pawan Raut · ‎04-25-2016

Basically tunnel is Virtual Point to Point link between two routers. When you have two router physically connected by Point to point link in that case tunnel has no use but if you have two routers separated my many network hops then GRE or IPsec tunnel is useful and in this case tunnel give you the facility of Logical Point to Point network.

On tunnel You can run any routing protocol ospf,eigrp,BGP or Sttic route smiler like point to point interface between two routers.

Answer to your question on my view are as below

case 1

What is the norm in this topology use both connection for iGP peering or just tunnel in real world? -- No use of tunnel in this case so in real world it will use any routing protocol between point to point physical interface.
What is the norm in this topology use both connection for iGP peering or just tunnel in an exam? - Same as above point Exam are mostly base of real world scenario (not sure you are talking about which exam).

Case 2

I just want to know this is a valid case and also do we get this case in a Exam? - Yes this is valid in real world as well as exam point of view specially DMVPN and Ipsec tunnel in CCIE exam.

Please always rate the useful post !

Regards,

Pawan (CCIE# 52104)

View solution in original post

Ricardo Prado Rueda · ‎04-25-2016

Hi, I am assuming that the GRE tunnel configuration include the WAN interfaces as the tunnel source and tunnel destination. In this same train of thought, you should avoid including source and destination in the IGP configuration. The reason for this is that at some point the IGP will distribute information of such source/destination through the tunnel itself, basically telling the router that the destination for the tunnel is "inside" the tunnel itself which makes no sense at all. This kind of problem is called "recursive routing" and will force the GRE interfaces to flap continuously. The way to prevent this is by avoiding these addresses to be distributed through the IGP or use static routes for the tunnel destination on each router, so that the preferred path to establish the GRE tunnel is always "outside" of the same tunnel. You can see more information about this error on the following link:

http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/22327-gre-flap.html

The most common scenario in an exam or in real life is that there is no point-to-point connection between the routers, but public IPs that don't belong to the same subnet. In this case, the GRE tunnel allows you to connect the sites with a simulated "point-to-point" link that can run an IGP between the two sites and have all the advantages of a dynamic protocol running between the sites. In this case the IGP should only be running on the tunnel network, otherwise you will fall again in the recursive routing issue described above.

Also on a real scenario, you would like to add encryption to the GRE tunnel as well, since this type of encapsulation doesn't protect your data from someone looking into it.

Pawan Raut · ‎04-25-2016