A GRE (Generic Routing Encapsulation) tunnel in Cisco is a method of encapsulating and tunneling network traffic over an IP network. It allows the creation of a virtual point-to-point link between two endpoints, typically routers or switches, across an existing network infrastructure.
Here’s how it works:
- Encapsulation: GRE encapsulates the original packet with a new IP header, effectively hiding the original packet’s details. This new header contains information about the tunnel endpoints.
- Routing: Once encapsulated, the packet is routed through the network based on the outer IP header’s information, as if it were any other IP packet.
- Decapsulation: When the packet reaches the tunnel’s endpoint, the outer IP header is removed, and the original packet is extracted and forwarded to its destination based on the information contained within it.
GRE tunnels are often used for various purposes, such as:
- VPN (Virtual Private Network): GRE tunnels can create secure connections between remote sites over the internet, allowing for private communication.
- Overlay Networks: They are used in overlay networks, such as when deploying virtualization technologies like VMware NSX, to connect virtual networks across physical infrastructure.
- Routing Protocol Tunneling: GRE tunnels can be used to tunnel routing protocol traffic between routers, enabling routing updates to traverse networks that don’t natively support those protocols.
Cisco routers and switches support GRE tunneling, and configuring a GRE tunnel involves setting up the tunnel interfaces, defining tunnel source and destination addresses, and specifying any necessary routing protocols or encryption methods.
Logical Topology of our GRE Tunnel between the sites
Configurations
Configuration of Router at Site A
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface g0/0/0
Router(config-if)#ip address 1.1.1.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up
Router(config-if)#exit
Router(config)#interface g0/0/1
Router(config-if)#ip address 172.16.1.1 255.255.255.0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
Router(config-if)#exit
Router(config)#interface Tunnel1
Router(config-if)#
%LINK-5-CHANGED: Interface Tunnel1, changed state to up
Router(config-if)#ip address 172.16.1.1 255.255.255.0
Router(config-if)#tunnel source g0/0/0
Router(config-if)#tunnel destination 1.1.1.2
Router(config-if)#no shutdown
Router(config-if)#tunnel mode gre ip
Router(config-if)#exit
Router(config)#do copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Router(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Router(config)#ip route 192.168.20.0 255.255.255.0 172.16.1.2
Router(config)#Configuration of Router at Site B
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface g0/0/0
Router(config-if)#ip address 1.1.1.2 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up
Router(config-if)#exit
Router(config)#interface g0/0/1
Router(config-if)#ip address 192.168.20.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
Router(config-if)#exit
Router(config)#interface Tunnel1
Router(config-if)#
%LINK-5-CHANGED: Interface Tunnel1, changed state to up
Router(config-if)#ip address 172.16.1.2 255.255.255.0
Router(config-if)#tunnel source g0/0/0
Router(config-if)#tunnel destination 1.1.1.1
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#do copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Router(config)#ip route 192.168.10.0 255.255.255.0 172.16.1.1Check the tunnel status
Router>enable
Router#show interface Tunnel1
Tunnel1 is up, line protocol is up (connected)
Hardware is Tunnel
Internet address is 172.16.1.1/24
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 1.1.1.1 (GigabitEthernet0/0/0), destination 1.1.1.2
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5 packets input, 640 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped outPing check from Site A to Site B
Important Note
If you complete the configurations and forget the static routing between the sites, then line protocol on the tunnel will show up as ‘down’. Do not forget to enter your static routes on both sites otherwise tunnel will show up as up but line protocol will be down. With static routing, you can also route your other multiple VLAN subnets between the sites.
Happy networking 🙂
