gre tunnels

Charlotte098 · ‎09-06-2011

Hi can someone help I'm setting up a gre tunnel as a little homework for home and i'm not getting any of the routing right. Can someone

explain with my configuration where i am going wrong? I'm just trying to get the hang of it. I've been doing static routing between physical interfaces which is fine but with the tunnel interface I'm not sure what I'm meant to be routing. I have four routers connected together and it's just all static routes. The tunnel interface is always meant to have an IP isn't it? My tunnel is in an up and up state but I can't seem to ping from R1 to R2 at least to establish there is some connectivity. I think I'm still a bit confused at what a gre tunnel is I think.

R1# show run

Building configuration...

Current configuration : 2492 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no network-clock-participate slot 1

no network-clock-participate slot 2

no network-clock-participate wic 0

no network-clock-participate wic 1

no network-clock-participate wic 2

no network-clock-participate aim 0

no network-clock-participate aim 1

no aaa new-model

ip subnet-zero

!

no ip domain lookup

!

ip cef

ip audit po max-events 100

no ftp-server write-enable

!

interface Loopback0

ip address 192.168.2.5 255.255.255.252

!

interface Loopback1

ip address 192.168.2.1 255.255.255.252

!

interface Loopback2

ip address 192.168.2.9 255.255.255.252

!

interface Tunnel0

ip address 192.168.2.13 255.255.255.252

tunnel source 192.168.2.5

tunnel destination 192.168.2.29

!

interface FastEthernet0/0

ip address 192.168.2.17 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet1/0

no ip address

shutdown

!

interface FastEthernet1/1

no ip address

shutdown

!

interface FastEthernet1/2

no ip address

shutdown

!

interface FastEthernet1/3

no ip address

shutdown

!

interface FastEthernet1/4

no ip address

shutdown

!

interface FastEthernet1/5

no ip address

shutdown

!

interface FastEthernet1/6

no ip address

shutdown

!

interface FastEthernet1/7

no ip address

shutdown

!

interface FastEthernet1/8

no ip address

shutdown

!

interface FastEthernet1/9

no ip address

shutdown

!

interface FastEthernet1/10

no ip address

shutdown

!

interface FastEthernet1/11

no ip address

shutdown

!

interface FastEthernet1/12

no ip address

shutdown

!

interface FastEthernet1/13

no ip address

shutdown

!

interface FastEthernet1/14

no ip address

shutdown

!

interface FastEthernet1/15

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router bgp 1

no synchronization

bgp log-neighbor-changes

network 192.168.2.0 mask 255.255.255.252

network 192.168.2.4 mask 255.255.255.252

network 192.168.2.16 mask 255.255.255.252

neighbor 192.168.2.29 remote-as 11

neighbor 192.168.2.29 ebgp-multihop 5

neighbor 192.168.2.29 update-source Loopback0

no auto-summary

!

no ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 Tunnel0

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R2#show run

Building configuration...

Current configuration : 2258 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

no network-clock-participate slot 1

no network-clock-participate slot 2

no network-clock-participate wic 0

no network-clock-participate wic 1

no network-clock-participate wic 2

no network-clock-participate aim 0

no network-clock-participate aim 1

no aaa new-model

ip subnet-zero

!

no ip domain lookup

!

ip cef

ip audit po max-events 100

no ftp-server write-enable

!

interface FastEthernet0/0

ip address 192.168.2.18 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.2.21 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet1/0

no ip address

shutdown

!

interface FastEthernet1/1

no ip address

shutdown

!

interface FastEthernet1/2

no ip address

shutdown

!

interface FastEthernet1/3

no ip address

shutdown

!

interface FastEthernet1/4

no ip address

shutdown

!

interface FastEthernet1/5

no ip address

shutdown

!

interface FastEthernet1/6

no ip address

shutdown

!

interface FastEthernet1/7

no ip address

shutdown

!

interface FastEthernet1/8

no ip address

shutdown

!

interface FastEthernet1/9

no ip address

shutdown

!

interface FastEthernet1/10

no ip address

shutdown

!

interface FastEthernet1/11

no ip address

shutdown

!

interface FastEthernet1/12

no ip address

shutdown

!

interface FastEthernet1/13

no ip address

shutdown

!

interface FastEthernet1/14

no ip address

shutdown

!

interface FastEthernet1/15

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

router bgp 11

no synchronization

bgp log-neighbor-changes

network 192.168.2.16 mask 255.255.255.252

network 192.168.2.20 mask 255.255.255.252

no auto-summary

!

no ip http server

no ip http secure-server

ip classless

ip route 192.168.2.0 255.255.255.252 192.168.2.16

ip route 192.168.2.4 255.255.255.252 192.168.2.16

ip route 192.168.2.8 255.255.255.252 192.168.2.16

ip route 192.168.2.14 255.255.255.255 192.168.2.17

ip route 192.168.2.29 255.255.255.255 192.168.2.22

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

For some reason could not reply so I'll letting you know how I went with all the instructions that were posted so far.

The tunnel is in an up state and i can ping from end to end. I just had some crappy static route skills that i needed to work on. So how do I test that the tunnel works? Why would I have to configure keepalives on both ends? It's to prove that it is up but how do you prove that. Someone told me this but I just wanted to hear it again.

Message was edited by: Charlotte

cadet alain · ‎09-06-2011

Hi,

You don't have the tunnel configured on R2 and you don't have any BGP neighborship also on this router.

on R1:

ip route 0.0.0.0 0.0.0.0 Tunnel0

will cause problems because your are routing to the tunnel destination via the tunnel, this will cause a routing loop. You should have a route to tunnel destination which points to next-hop router on both routers and then leave the default route via tunnel0.

The tunnel is up/up because by default there is no keepalive configured on a GRE tunnel so once it is configured it is in up/up state even if you didn't configure opposite side as you did or the physical path it is using is down.

Regards.

Alain.

Don't forget to rate helpful posts.

andrew.prince · ‎09-06-2011

Your config is incorrect (partially) on R1 and missing a bunch on R2.

What are you trying to do???

fabios · ‎09-06-2011

Charlotte,

You create The tunnel interfaces but missed The tunnel mode command.

When you create a tunnel you need to define carrier protocol and passenger protocol.

This is done by issuing the tunnel mode command in the tunnel interface configuration mode.

Some of the options are tunnel mode ipip tunnel mode ipv6ip etc.

Look up the tunneling configuration guide in the cisco docs and you will find exactly the tunnel you are looking for in the configuration examples.

Cheers

Fabio

Sent from Cisco Technical Support iPad App

cadet alain · ‎09-06-2011

Hi Fabio,

default mode for a tunnel interface is GRE so if the OP wants a GRE tunnel there is no need to define tunnel mode.

Regards.

Alain.

Don't forget to rate helpful posts.

JohnTylerPearce · ‎09-06-2011

For starters you left out the GRE Tunnel configuration on R2 completely. For just basic GRE Tunnel configuration

all you need to do the following on both sides of the tunnel.

int Tunnel0

ip address x.x.x.x x.x.x.x

tunnel source (IP address or Physical Interface)

tunnel destination (IP address of destination).

You will need this on both sides.

Second your configuring an eBGP connection to R2 via 192.168.2.29 it appears. But since you have a default

route to Tunnel0, everything is being routed out that interface which isn't going to work seeing as how there is no

GRE Tunnel configuration on R2.

Third your eBGP neighbor on R1 is 192.168.2.29, if you loo kat R2's route table you will see a static route for

destination 192.168.2.29/32 going to 192.168.2.22, which appears to be the other side if Fa0/1 on R2.

Basically, you want to make sure you have IP connectivity between your tunnel endpoints on both sides.

If you want to route something through the tunnel you want to make sure it goes to the Tunnel Interface with

whatever numbe you choose i.e. (tunnel0, tunnel1, tunnel2 etc etc).

It will then add another IP header on the IP header and transport it through the tunnel, once it gets to the other

GRE Tunnel end point, it breaks the IP header off, and the original IP header remains.

Charlotte098 · ‎09-06-2011

hi thanks for all the replies. R2 is the second router connected. The tunnel end point is on R4 which I haven't listed here because all I really needed to know is what static routes to use in between both R1 and R2 to establish connectivity. R4 also has the rest of the bgp configuration it is the neighbor. I know that is configured correctly. Now i know which routes to use and why thanks all i'll give it a try.

Leo Laohoo · ‎09-06-2011

Configuration from R1:

interface Loopback0

ip address 192.168.2.5 255.255.255.252

interface Loopback2

ip address 192.168.2.9 255.255.255.252

!

interface Tunnel0

ip address 192.168.2.13 255.255.255.252

tunnel source 192.168.2.5

tunnel destination 192.168.2.29

R1 router has tunnel source and destination going to the same router???? Another thing, why use a /30 subnet for a loopback address?

Fabio Francisco · ‎09-06-2011

Mate tunnel destination 192.168.2.29 and his loopback is 192.168.2.9 255.255.255.252 so it isn't the same router....

at my first glance I thought the same....

yeah I agree /32 is usually indicated for loopbacks...

Cheers,

Fabio

Leo Laohoo · ‎09-06-2011

Oh Sh1T! My eyes are fr1ggin betraying me.

Fabio Francisco · ‎09-06-2011

and today I left my glasses at home

Leo Laohoo · ‎09-06-2011

I need to get a new pair of glasses.

Charlotte098 · ‎09-08-2011

The tunnel is in an up state and i can ping from end to end. I just had some crappy static route skills that i needed to work on. So how do I test that the tunnel works? Why would I have to configure keepalives on both ends? It's to prove that it is up but how do you prove that. Someone told me this but I just wanted to hear it again.

andrew.prince · ‎09-08-2011

The tunnel sends kepalives from both sides. Without you will create a back hole, as a tunnel only needs a valid source interface and a route to the destination. So you could configure a loopback interface in a router, and remove the keepalive from the ethernet interface (so the interface is up/up) and a static route pointing out of the interface - and the tunnel would be up/up....so you see the issue.

cadet alain · ‎09-08-2011

Hi,

you should configure keepalives because by default there is none on the tunnel interface so as long as the tunnel is created it is up/up and stays like this event if the destination is down or physical interface it is using is down or other side of tunnel is down.

Regards.

Alain.

Don't forget to rate helpful posts.