Outline

GRE is a tunneling protocol most traditional, fundamental function is to achieve tunneling.
GRE (Generic Routing Encapsulation) data network layer protocols (IPX, IPX, AppleTalk, etc.) is encapsulated, the encapsulated data using these reports can be transmitted in another network layer protocol.

Process tunneled data packet is divided into three steps:

Receive raw IP packets as the passenger protocol, IP address of the original IP packet header of a private IP address.
Put into the original IP encapsulation GRE protocol, GRE protocol is called encapsulation protocol (Encapsulation Protocol), IP encapsulation header address for a virtual link directly connected to both ends of the IP address.
The entire GRE packets as data, in the outer package public IP header, which is the origin and end point of the tunnel, so that the route to the end of the tunnel.

Here Insert Picture Description

GRE tunnel configuration roadmap

Basic Configuration
Configuring tunnel logical interface
Configuring the network route to the inner end network system
Open the corresponding inter-domain rules

working principle

After the packet is sent to the Internet, all routers only forward packets according to the outermost public IP, ie 200.1.1.1 only be forwarded according to public destination IP address, the destination until the packet reaches the real public IP , i.e. reach R3: after (IP 200.1.1.1), the public network IP header will be stripped, when R3 peel public IP packet header, found GRE header, finding the target IP address is 1.1.1.2, thereby obtaining GRE know yourself is the end of the tunnel, we will continue to peel the GRE header, and finally found the target IP address is 192.168.1.4, then the packet sent to 192.168.1.4 (router R4).

experiment

Here Insert Picture Description

Experimental requirements:

Beijing company telent R2 to R4 may be through the public network ISP

Configuring GRE

Rl :
Router> enable
Router # T the conf
Router (config) #hostname R2
R2(config)#no ip domain-lookup# closed DNS

R2(config)#int e0/0
R2(config-if)#ip add 10.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#
R2(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

R1(config)#int tunnel 1# Set tunnel 1 port
R1(config-if)#ip add 1.1.1.1 255.255.255.0# Configure the IP Tunnel
R1(config-if)#tunnel source 100.1.1.1# source IP address, public network ip
R1(config-if)#tunnel destination 200.1.1.1# Set destination address of the public network ip
R1(config-if)#exit
R1(config)#

R2:
Router>enable
Router#conf t
Router(config)#hostname R2
R2(config)#no ip domain-lookup

R2(config)#int e0/0
R2(config-if)#ip add 10.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#
R2(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

** ISP**

Router>ena
Router#conf t
Router(config)#hostname ISP

ISP(config)#int e0/0
ISP(config-if)#ip add 100.1.1.5 255.255.255.0
ISP(config-if)#no sh

ISP(config-if)#int e0/1
ISP(config-if)#ip add 200.1.1.5 255.255.255.0
ISP(config-if)#no sh
ISP(config-if)#ex

R3:

Router(config)#host R3
R3(config)#int e0/1
R3(config-if)#ip add 200.1.1.1 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int e0/0
R3(config-if)#ip add 192.168.1.1 255.255.255.0
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#
R3(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.5

R3(config)#int tunnel 3# Set tunnel 3 port
R3(config-if)#ip add 1.1.1.2 255.255.255.0# Configure the IP Tunnel
R3(config-if)#tunnel source 200.1.1.1# source IP address, public network ip
R3(config-if)#tunnel destination 100.1.1.1# Set destination address of the public network ip
R3(config)#

R4:

Router>
Router>ena
Router#conf t
Router(config)#host R4
R4(config)#int e0/0
R4(config-if)#ip add 192.168.1.2 255.255.255.0
R4(config-if)#no sh
R4(config-if)#exit
R4(config)#
R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

验证
R1#show interfaces tunnel 1
Tunnel1 is up, line protocol isup # tunnel 接口已近up
Hardware isTunnel
Internetaddress is 1.1.1.1/24 # 隧道接口
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 100.1.1.1, destination 200.1.1.1 #隧道源地址目的地址
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:33:17, output 00:33:17, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
376 packets input, 26253 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
469 packets output, 31271 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
R1#

Tunnel interface address as 1.1.1.1/24, the origin of the tunnel is 100.1.1.1, the end of the tunnel is 200.1.1.1, 100.1.1.1 as the source address of the interface where the normal state, and there is also a route to the end of the tunnel is 200.1.1.1 , so the tunnel is up.

Connectivity Check

R2>ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2>

At this point, can not ping nowhere, though our link tunnel mouth almost up, but still can not ping each other, still taking the public network, and did not take the tunnel mouth

Solution:
In the router creates a GRE tunnel sides will other private network packets destined for the introduction of the GRE tunnel transmission:

R1(config)#ip route 192.168.1.0 255.255.255.0 tunnel 1
R3(config)#ip route 10.1.1.0 255.255.255.0 tunnel 3

Configure telent
R4(config)#line vty 0 4# to enter the virtual terminal
R4(config-line)#login local# entry into force of the local
R4(config-line)#exit
R4(config)#username wyh password 123456# local user name: wyhpassword:123456
R1#telnet 192.168.1.2
Trying 192.168.1.2 … Open

User Access Verification

Username: wyh
Password: 123456
R4>enable
Password: #输入enable密码
% Password: timeout expired!
Password:
R4#

to sum up

RE OSI layer protocol tunnel interface does not do testing, as long as the local source address is valid, and the end of the tunnel there is a reachable route address, then the GRE tunnel interface will be up, regardless of whether the end of the tunnel has been configured tunnel interface; if GRE tunnels to interface status down, just to achieve the following three cases can be any one of:
1. No route destination address of the tunnel go.
2. Destined for the tunnel destination address of the tunnel route points to the interface itself.
3. Interface State of Origin address of the tunnel is down.

GRE tunneling mechanisms at both the tunnel exchange hello packets can also be used to make the interface consistent state parties, such a mechanism called GRE keepalive,
Regularly sent between the tunnel to the peer keepalive, no response is received on the end of more than a specified time, they think of the end has expired, so the end of this line protocol state to down.
Default configuration, GRE keepalive send a default is 10 seconds, three consecutive no response packet, i.e. after 30 seconds, the peer that it has expired, so that the line protocol of the present state to end down.
When configuring GRE keepalive, even if the tunnel does not support GRE keepalive, you can still receive a response, and even send sides intervals inconsistent, can work.

R1(config)#int tunnel 1
R1(config-if)#keepalive 5 3 # 5-second intervals, for three consecutive packets

Description: Configure the keepalive transmission interval is 5 seconds, three consecutive packets, i.e., 15 seconds, but no response is received that the peer fails, a default configuration parameter is 10 seconds, three consecutive packets, i.e., 30 seconds, but no response is received I think peer failure.

Huawei GRE Configuration

Configure the firewall
- Basic configuration (omitted)
- Configuration
  
  [USG-A]int Tunnel 1
  [USG-A-Tunnel1]ip add 1.1.1.1 24Tunnel adapter ip address #
  [USG-A-Tunnel1]tunnel-protocol gre# encapsulation protocol selection
  [USG-A-Tunnel1]source 100.1.1.1# public network firewall ip
  [USG-A-Tunnel1]destination 200.1.1.1# public network firewall ip
  [USG-A-Tunnel1]quit
  [USG-A]ip route-static 192.168.1.0 255.255.255.0 Tunnel 1# to each other by a private network
  [USG-A]
- B is similar to a firewall