GRE - Tunnel Interface

I am trying to grasp the purpose of the 'interface tunnel#' command, where # = the specific number of the interface I assign.

I understand how to configure the interface and that I need a Tunnel Source & Destination address. I note that I would have a LAN Ip address and a WAN Ip address. I simply want to understand the relevance of the Tunnel Interface command as it clearly doesn't route traffic.

My colleague explained that it is needed to allow the router to use the specific method of encapsulation e.g. GRE.

Has anyone go a really good WWW site that they could point me at, or, provide a more detailed explanation.

Thanks.

Reply to
Darren Green
Loading thread data ...

Hi Darren!

It definitely routes traffic!!! As far as I am aware today its mostly used in MultiPoint Hub-and-Spoke/Spoke-to-Spoke Dunamic Multipoint GRE/IPSEC VPN's.(DMVPN) This allows for mutlicast and broadcast traffic to be encapsulated and sent across the tunnel through the virtual interface IPSEC protected, whereas standard site-to-site IPSEC VPN's won't do that...please correct me if I'm wrong. But definitely routes traffic. One can setup a site-to-site GRE tunnel and then you encrypt the traffic.

Check the link out for some more technical definitions....

formatting link
Rob

Reply to
RobO

" Tunneling provides a way to encapsulate arbitrary packets inside a transport protocol. This feature is implemented as a virtual interface to provide a simple interface for configuration. The tunnel interface is not tied to specific "passenger" or "transport" protocols, but rather, it is an architecture that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme. Because tunnels are point-to-point links, you must configure a separate tunnel for each link.

Tunneling has the following three primary components:

Passenger protocol, which is the protocol that you are encapsulating (AppleTalk, Banyan VINES, CLNS, DECnet, IP, or IPX) Carrier protocol, which is one of the following encapsulation protocols: Generic route encapsulation (GRE), Cisco's multiprotocol carrier protocol Cayman, a proprietary protocol for AppleTalk over IP EON, a standard for carrying CLNP over IP networks NOS, IP over IP compatible with the popular KA9Q program Distance Vector Multicast Routing Protocol (DVMRP) (IP in IP tunnels) Transport protocol, which is the protocol used to carry the encapsulated protocol (IP only)

One of the most common uses of GRE tunnels is for VPNs over the Internet. IP traffic with private address gets encasuplated in packet that has routable public IP address. That what the tunnel source and tunnel destionation confiuration commands are for.

And these GRE tunnels are defintiely for routing traffic

Reply to
Merv

Thanks for the replies.

I am starting to understand a little better now. I was happy with the fact that the Tunnel routed traffic between networks, my confusion was that the actual Tunnel Interface seemed to be doing nothing.

On a given router I was trying to picture the interfaces (logical & physical).

Interface Ethernet -----Interface Tunnel#----Interface Tunnel Source-----Interface WAN----Tunnel Destination

Whilst I could picture that data left the Tunnel Source 'interface' en route to it's destination, I made the mistake of thinking that data left the Ethernet onward somehow via the Tunnel# interface before hopping out of the Source Interface to it's destination. Confusing me even more was the fact that each of the above networks can have completely different subnet ranges.

It's a difficult concept to grasp.

Regards

Darren

Reply to
Darren Green

Yes it is a bit difficult to concetualize.

A tunnel interface is a logical interface which causes an extra IP header to be added to a packet that goes into the tunnel.

An tunnel encapsulated packet will be routed out the physical interface that has the best route to tunnel destination IP address.

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.