Misc RIP and GRE questions

dennylester · ‎11-28-2005

I have a tunnel interface and the tunnel source is the FE0/1 port. For RIP I have the FE0/1 port set as a passive Interface since this is attached to the Internet. Will the RIP updates still go through the Tunnel interface, or will that Interface default to passive since FE0/1 is?

Can a tunnel interface be unnumbered to a loopback or Ethernet Interface? From all the examples I see they have each tunnel interface in it's own subnet. If I have a router with 10 GRE tunnels, it seems to be a waste of address space. I guess I can break a single class C into several subnets for each tunnel interface, but am wondering if there is a better way to do this. We have a frame relay cloud as a primary connection and a backup is using the Internet and GRE over IPSec tunnels. I'd like each tunnel to mirror the IP scheme for the frame cloud, just in a different Class C network. For example, can I do something like this

Host Router

Interface S0

IP Address 192.168.1.1 255.255.255.0

Interface Tunnel 0

IP Address 192.168.2.1 255.255.255.0

Remote A

Interface S0

IP Address 192.168.1.2 255.255.255.0

interface Tunnel 0

IP Address 192.168.2.2 255.255.255.0

Remote B

Interface S0

IP Address 192.168.1.3 255.255.255.0

Interface Tunnel 0

IP Address 192.168.2.3 255.255.255.0

Remote C

Interface S0

IP Address 192.168.1.4 255.255.255.0

Interface Tunnel 0

IP Address 192.168.2.4 255.255.255.0

INSTEAD OF THIS

Host Router

Interface S0

IP Address 192.168.1.1 255.255.255.0

Interface Tunnel 0

IP Address 192.168.2.1 255.255.255.0

Interface Tunnel 1

IP Address 192.168.3.1 255.255.255.0

Interface Tunnel 2

IP Address 192.168.4.1 255.255.255.0

Remote A

Interface S0

IP Address 192.168.1.2 255.255.255.0

interface Tunnel 0

IP Address 192.168.2.2 255.255.255.0

Remote B

Interface S0

IP Address 192.168.1.3 255.255.255.0

Interface Tunnel 0

IP Address 192.168.3.2 255.255.255.0

Remote C

Interface S0

IP Address 192.168.1.3 255.255.255.0

Interface Tunnel 0

IP Address 192.168.4.2 255.255.255.0

I hope this make sense.

Richard Burts · ‎11-28-2005

Denny

The answer to your first question is easy: whether the tunnel interface is passive is entirely independent of whether the FastEthernet is passive. So the FastEthernet can be passive and the tunnel can be active - no problem.

The second question is a bit more complex. The traditional implementation of GRE tunnels was a point to point virtual interface. As such I believe that it would work ok with ip unnumbered. This matches with your second alternative which is based on point to point tunnels where every tunnel is a separate subnet. I have implemented IPSec tunnels over GRE at a customer site using this model and it is working well.

Cisco has introduced an alternative in GRE tunnels for multipoint tunnels. This is effectively what you are suggesting in your first alternative. So I believe that you could do this if you want. Here is a link to a discussion which combines IPSec with dynamic multipoint GRE tunnels:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

HTH

Rick

HTH

Rick

dennylester · ‎11-28-2005

This info is extremely helpful. Unfortunately I don't have a lab to test various examples like this in, but they're promising to get me several routers for a lab and to have as backup equipment.

For now I will build them as point to point gre tunnels and break a class c into a bunch of small subnets.

Thank you,

Denny