Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1274
Views
20
Helpful
8
Replies

What is the purpose of configuring IP address under the tunnel int

Network-learner
Level 1
Level 1

‎11-08-2021 03:25 AM

Hi All,

 

Please could someone explain me in simple terms the purpose of configuring IP address under the tunnel interface as I am a bit confused about it.

 

Thanks

Labels:
0 Helpful
8 Replies 8

Karsten Iwen
VIP
VIP

‎11-08-2021 03:46 AM

If you want to route IP through the tunnel, you have to enable the IP protocol on the tunnel interface. Configuring an IP address is the most simple way to achieve this.

Network-learner
Level 1
Level 1
In response to Karsten Iwen

‎11-08-2021 04:35 AM

Hi Karsten,

 

Thanks for your response.

Please could you elaborate more with an example if possible.

Thanks

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Network-learner

‎11-08-2021 10:31 AM

Karsten gave a good explanation. Let me suggest a slightly different approach. Early in my career in networking our networks might support both IP and IBM SNA traffic. So some of our interfaces would be configured with SNA addressing. These interfaces would process and transmit SNA traffic but would not process or transmit IP traffic. Other interfaces would be configured with IP addresses. These interfaces would process and transmit IP traffic but would not process or transmit SNA traffic.

In modern networks IP is the protocol we want to process. Any interface with no IP address configured will not process or transmit IP traffic. Any interface with an IP address will process and transmit IP traffic.

So if we have a config like this

interface Gi0/0

interface G0/1

interface tun0

the result is that no IP traffic is transmitted.

If we have a config like this

interface Gi0/0

ip address 10.10.10.1 255.255.255.0
interface G0/1

p address 10.10.20.1 255.255.255.0
interface tun0

p address 10.10.30.1 255.255.255.252

Then the result is that all interfaces will process and transmit IP traffic.

HTH

Rick

Network-learner
Level 1
Level 1
In response to Richard Burts

‎11-08-2021 12:33 PM

Hi Rick,

Thanks for your response.

If I understand correctly the only reason we are configuring the IP Address is just to process the IP traffic whereas the actual encapsulation is done by the source/destination of the tunnel using GRE.

I think that's the reason the tunnel IP address are not visible in packet capture of the GRE traffic.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Network-learner

‎11-09-2021 06:51 AM

Yes you configure an IP address on the tunnel interface so that IP traffic can be sent and can be received by the tunnel interface. And you are correct that the GRE processes a packet that is to be sent over the tunnel and encapsulates that payload with an IP header based on the source and destination.

HTH

Rick

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Network-learner

‎11-09-2021 08:36 AM

"I think that's the reason the tunnel IP address are not visible in packet capture of the GRE traffic."

First, is the tunnel packet being captured, encapsulated packet's destination and/or source using the tunnel's IPs?

For example pinging the far side of a tunnel from the tunnel's source?  If not, as in the case of transit packets, tunnel IPs would not be used.  I.e. they are not there.

Second, is just for "plain" GRE packets or encrypted tunnel packets?

For the former, I would expect (?) a packet capture to be able to decode the encapsulated packet's IP.  For the latter, they should be encrypted.

"If I understand correctly the only reason we are configuring the IP Address is just to process the IP traffic whereas the actual encapsulation is done by the source/destination of the tunnel using GRE."

Again, if you want "simple" forget about encapsulation and/or encryption.  Just think of them, and their usage, much like any other interface's IPs.  For example, as mention above, you can ping them.  Or, as another example, you can include them as part of a routing topology, both static or dynamic (i.e. routing protocol can use them).

Possibly, you're overthinking the tunnel interface IPs as being more complex then they are because a tunnel also encapsulates other packets.

Georg Pauwen
VIP
VIP

‎11-08-2021 03:54 AM

Hello,

 

in DMVPNs (which are very frequently used) you need a tunnel IP address to accomplish the mapping. An example is below:

 

interface Tunnel0
ip address 172.16.1.2 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp map 172.16.1.1 10.10.1.1
ip nhrp map multicast 10.10.1.1
ip nhrp network-id 1
ip nhrp holdtime 60
ip nhrp nhs 172.16.1.1
ip nhrp registration timeout 30
ip nhrp shortcut
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN_PROFILE

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-08-2021 12:29 PM

"Please could someone explain me in simple terms the purpose of configuring IP address under the tunnel interface as I am a bit confused about it."

In simple terms, the same reason(s) you apply an IP address to any other interface.

Perhaps what's confusing you a bit is a tunnel interface isn't a "physical" interface, but you generally use a tunnel interface like a "physical" interface.

0 Helpful
Customers Also Viewed These Support Documents