01-11-2022 01:57 PM - last edited on 01-14-2022 11:51 AM by Translator
Dear Community,
I came across the following blog (https://packetpushers.net/anatomy-of-gre-tunnels/) regarding GRE tunnels but had a question about it. The topology and config are attached. My question is this:
-How is it possible according to this topology for the tunnel source and destinations to be private loopback IP's? How are the packets going to route over the internet where the source and destination addresses are private IP's? This makes no sense to me. Is this a typo in the config?
To me, it makes more sense to use the following configs:
R1:
interface Tunnel100
tunnel mode gre
ip address 102.1.1.1 255.255.255.0
ipv6 enable
tunnel source F2/0
tunnel destination 23.1.1.x
R2:
interface Tunnel100
tunnel mode gre
ip address 102.1.1.2 255.255.255.0
ipv6 enable
tunnel source F3/0
tunnel destination 12.1.1.x
Please let me know if I am missing something. Much appreciated!
Thank you.
Solved! Go to Solution.
01-11-2022 02:23 PM - last edited on 03-09-2022 11:28 PM by smallbusiness
Hi @ChristopherCraddock66504 ,
You are correct. For a GRE tunnel going over the Internet, the tunnel source and destination need to be a public IP address.
Regards,
01-11-2022 02:23 PM - last edited on 03-09-2022 11:28 PM by smallbusiness
Hi @ChristopherCraddock66504 ,
You are correct. For a GRE tunnel going over the Internet, the tunnel source and destination need to be a public IP address.
Regards,
01-12-2022 12:47 AM
The 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4 aren't private addresses at all.
Case in point 1.1.1.1 is used by Cloudflare for their public DNS servers.
I remember seeing those addresses being used in Cisco documentations/configuration examples going back 15 years at least and being confused by them initially.
In most of those cases it didn't really matter since they weren't used for actual routing but for router ID's in OSPF and such.
R1 having 1.1.1.1 as router ID and R2 having 2.2.2.2 etc. making it simple to keep track of the routers.
Using them for examples where it will have an effect on actual routing might be unnecessarily confusing.
But technically not any worse than using any other public IP that you don't own in a configuration example.
But as already answered by Harold Ritter if the GRE tunnel is going over the internet the tunnel source and destination needs to be a public IP.
To expand on that the actual IP on the tunnel interfaces can be private addresses.
Here is an example from https://www.ciscopress.com/articles/article.asp?p=2832406&seqNum=7
R1(config)# interface Tunnel0 R1(config-if)# ip address 192.168.2.1 255.255.255.0 R1(config-if)# tunnel source 209.165.201.1 R1(config-if)# tunnel destination 209.165.201.2 R1(config-if)# tunnel mode gre ip R1(config-if)# exit R1(config)# router ospf 1 R1(config-router)# network 192.168.2.0 0.0.0.255 area 0 R2(config)# interface Tunnel0 R2(config-if)# ip address 192.168.2.2 255.255.255.0 R2(config-if)# tunnel source 209.165.201.2 R2(config-if)# tunnel destination 209.165.201.1 R2(config-if)# tunnel mode gre ip R2(config-if)# exit R2(config)# router ospf 1 R2(config-router)# network 192.168.2.0 0.0.0.255 area 0
01-12-2022 05:08 AM
Mathias,
Thank you for the correction. You're right, 1.1.1.1 and 2.2.2.2 are not private IP addresses, I am not sure what I was thinking there. Like you said, the example in this blog is confusing because they are choosing to use 1.1.1.1 and 2.2.2.2 as tunnel source and destinations while the topology diagram uses completely different IP's for the actual public facing interfaces. Thanks so much for the feedback!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide