Wednesday, 21 November 2012

GRE IP-in-IP tunnel

GRE is an encapsulation method that allows you to transport  some traffic inside another one.  You can, for instance,  encapsulate some protocol in another (carrier) protocol or just the same protocol as is the case of GRE IP in IP packets as it is the example of this entry.
First of all, we need to define the different protocols involved in tunneling:
  • Carrier Protocol: In our case GRE, the protocol that is in charge of the encapsulation.
  • Passenger Protocol: The protocol which is going to be encapsulated.
  • Transport Protocol:The protocol is used to transport the passenger protocol.
We are going to encapsulate ip traffic in ip packets. But you can use for different kinds of traffic, as encapsulating ipv6 packets in ipv4 packets to move across to an Ipv4-only network.


For our example we are going to create a GRE tunnel between R2 and R3. We just used static routes between the different routers to assured network conectivity for the different networks.

Router R2 Configuration:

interface Loopback0
ip address 192.168.100.1 255.255.255.0
!
interface Tunnel0
ip address 192.168.0.1 255.255.255.0
keepalive 5 3
tunnel source 10.0.0.2
tunnel destination 10.10.0.2
ip route 192.168.200.0 255.255.255.0 Tunnel0



Router R3 Configuration:

iinterface Loopback0
ip address 192.168.200.1 255.255.255.0
!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
keepalive 10 3
tunnel source 10.10.0.2
tunnel destination 10.0.0.2
!
ip route 192.168.100.0 255.255.255.0 Tunnel0



Manual IPv6 tunnels

We can use a tunnel also to connect IPv6 networks across an IPv4 specifying the ipv6 keyword in the tunnel mode command. In this case, ipv6 will be the passenger protocol as ipv4 is the the carrier and transport protocol.

In our example we are establishing a tunnel between R2 and R3.
This will be the configuration:


 R2#interface Tunnel0
 no ip address
 ipv6 address 2001::1/32
 keepalive 3 3
 tunnel source 10.0.0.2
 tunnel destination 10.10.0.2
 tunnel mode ipv6ip


 R3#inter
face Tunnel0
 no ip address
 ipv6 address 2001::2/32
 keepalive 3 3
 tunnel source 10.10.0.2
 tunnel destination 10.0.0.2
 tunnel mode ipv6ip

 

Sunday, 16 September 2012

DF Bit


One very interested bit I in the packet IP hearder is the DF or Don't Fragment. If the packet is set to 1, the routes accross the network wil not fragment the packet.


As an application example let's suppose we try to ping one router from another one.

First of all, we verify that the destination router is reachable:









Next, we are going to send different packets size with the DF enabled. This could help us to figure out which is the lower MTU packet size the the networks allow:




















As we can see the Mtu configured is 1500 (the default value for a cisco router). In case we didn't enable the DF when sending a packet bigger than 1500 the router would fragment it in smaller packets: