There are many technologies today you can use to connect your corporate locations via provider or internet network. Most often used WAN connections through provider network are L2VPN or L3VPN. If you use internet there is IPsec site-to-site tunnel connection. There are pros and cons for both methods. While L2VPN or L3VPN connections are more expensive and require using dedicated provider links, using internet are less expensive but less stable in sense of delay and reliability.
In this article I will describe using L3VPN link via provider network and GRE tunnel as overlay link. GRE (Generic Routing Encapsulation) is technology in which one IP packet is encapsulated into new IP packet with addition of GRE field in new encapsulated packet. Next picture gives view of GRE packet with its fields:
So, let`s discuss how upper packet is created. Three fields at right side are created at machine from which you send data through your GRE tunnel. You create data, data goes to TCP packet and IP header is added. This IP packet has source IP address which is your machine IP address, destination is IP of destination machine. It can be machine at your remote location or machine at your partner company. Anyway, it is location with which you have established GRE tunnel. So, when your IP packet is created it is send to destination IP. To rich it destination it must arrive to router where GRE tunnel is terminated. It is router where is configured GRE tunnel interface. In this article I will also explain how to configure GRE tunnels. When your packet has arrived to router where is GRE tunnel interface it has to be send through tunnel interface. Here is the magic! What does mean sent packet through GRE tunnel interface. It simply means that packet get new header and this new header consist of two fields at left side of packet from above picture. One field is GRE field which is maximum 5 bytes long and carry informations such as flags, protocol type and optional informations. Second field from picture is outer IP header which is classic IP header where source and destination IP addresses are addresses of source and destination of GRE tunnel. In addition I will explain how to configure GRE connection which will help you to understand what are source and destination IP addresses of GRE tunnel.
I will present GRE tunnel configuration on example where Cisco GRE technology and configurations are used. We will assume that we have two locations, central and remote which are connected through L3VPN provider connection. Let`s see the picture:
So, at the picture we have two locations, one central and one remote connected with provider L3VPN link. We have two provider routers and two customer routers (R1 and R2). L3VPN connection enables that two locations are visible through provider network. Provider must provide that you can ping router at your remote location from your central location. So, address 192.168.1.1 must be pingable from R1 where source address is 192.168.0.1. That is main requirement which enables that GRE tunnel between two locations is functional. Now, let us talk about GRE tunnel. We will have GRE tunnel spread between our customer routers R1 and R2. Termination addresses of tunnel will be 192.168.0.1 at central and 192.168.1.1 at remote location. All packets which should go to remote location from central location and which are routed through tunnel will enter the tunnel at central side, will be encapsulated at router R1 and will come to remote location on router R2 end will be decapsulated there. If we take a look at first picture our encapsulated packet at router R1 will have addresses 192.168.0.1 and 192.168.1.1 in outer IP header as source and destination addresses.
Now I will give configurations that should be applied at routers R2 and R2 to have GRE tunnel established. Here they are:
interface Tunnel1 bandwidth 512 ip address 10.0.0.1 255.255.255.252 ip mtu 1400 ip virtual-reassembly in load-interval 30 keepalive 10 3 tunnel source FastEthernet0/1 tunnel destination 192.168.1.1
- FastEthernet0/1 is interface of R1 which is connected to provider router. Its IP address is 192.168.0.1 which is tunnel source
- Ip mtu 1400 is command to set MTU on the tunnel to be 1400 bytes
- load-interval 30 is command which make the router to save traffic paramaters every 30 seconds
- ip virtual-reassembly in is command which tells the router to reassembly all fragments of packet before passing them to end host
- keepalive command is keepalive mechanism of GRE tunnel
At the other end of tunnel, at R2 we will have this configuration:
interface Tunnel1 bandwidth 512 ip address 10.0.0.2 255.255.255.252 ip mtu 1400 ip virtual-reassembly in load-interval 30 keepalive 10 3 tunnel source FastEthernet0/1 tunnel destination 192.168.0.1
- FastEthernet0/1 is interface of R2 which is connected to provider router. Its IP address is 192.168.1.1 which is tunnel source
With configuration given above we will have functional GRE tunnel through provider L3VPN connection. There are many advantages of GRE tunnels. Also we must enable that all trafic between our cental and remote locations is routed through GRE tunnel. With GRE tunnel you have full control of communication between your locations and provider does not know details of your internal IP addressing. Also you can set your own routing protocol through GRE tunnel interfaces independent of provider routing protocol.
There was brief explanation of GRE encapsulation and configuration with Cisco equipment and I hope that it will help you to configure your own tunnels.