EcoRouter Documentation

Tunneling Configuration EcoRouter Documentation / Tunneling Configuration

GRE
IP in IP

Tunneling is a mechanism of transfering one protocol's packet inside the other's which allows to transfer data securely between two networks.

Tunnel are the logical connection point-to-point type which is defined by source tunnel point and destination tunnel point.

GRE

GRE (Generic Routing Encapsulation) is a protocol mechanism which uses IP (UDP) as a transport protocol and can be used for transmitting other protocols inside it.

For sending via GRE tunnel the IP packet gets an additional GRE header when goes through the interface. In the header the start tunnel point IP address and finish tunnel point IP address are specified as a source address and destination address. After the packet arrives to the destination of tunnel address interface the service GRE header will be omitted and the packet will be processed accordin to its native IP header.

MTU in tunnelling protocols

The typical dimension of MTU for L3 interface is 1500 bytes. When the service header is added new requirements for MTU value when transmitting packet appear. The GRE header has a size of 4 bytes, the transport IP header is 20 bytes, IP packet's header is 20 bytes, thus it is necessary to specify the maximum size of MTU on tunnel interfaces less than the standard value.

Flags in GRE

In EcoRouterOS incapsulation for external header specifies the DF bit to 1 (do not fragmentize). If incoming frame's header contains MF bit set to 1 (fragmentized) or fragment offset bit set to 1 (the last fragment of original frame) the frame will be rejected. In GRE all incoming frames where any of GRE header flags checksum, routing, key, seq number, strict source route or recursion is not 0 will be rejected.

Configuring commands

Command	Description
interface tunnel.<number>	Create tunnel interface where the number is arbitrary
ip mtu <value>	Specify mtu value for interface
ip tunnel <source IP> <destination IP> mode <gre \| ipip>	Specify tunnel's start and finish IP addresses and tunnel's type

Example of GRE tunnel basic configuring

The tunnel between the ECO-1 and ECO-2 devices will be configured. See the configuration of ECO-1 device below.

Step 1. Interfaces and ports configuring

ecorouter>en 
ecorouter#conf t

ecorouter(config)#interface e1

ecorouter(config-if)ip add 11.0.0.1/16

ecorouter(config)#interface e2

ecorouter(config-if)ip add 192.168.0.1/24

ecorouter(config)#port te0

ecorouter(config-port)#service-instance te0

ecorouter(config-service-instance)#encapsulation untagged 
ecorouter(config-service-instance)#connect ip interface e1

ecorouter(config)#port te1

ecorouter(config-port)#service-instance te1

ecorouter(config-service-instance)#encapsulation untagged 
ecorouter(config-service-instance)#connect ip interface e2

Step 2. Creating tunnel interface named tunnel.0

ecorouter(config)#interface tunnel.0

Step 3. Spepcifying IP address

ecorouter(config-if)#ip add 172.16.0.1/16

Step 4. Specifying MTU value

ecorouter(config-if)#ip mtu 1400

Step 5. Specifying GRE tunnel mode and tunnel's start and finish IP addresses

ecorouter(config-if)#ip tunnel 11.0.0.1 12.0.0.2 mode gre

Step 6. Configuring traffic routeing into tunnel

ecorouter(config)#ip route 12.0.0.0/8 11.0.0.2

ecorouter(config)#ip route 192.168.200.0/24 172.16.0.2

The second device must be configured analogically.

Show commands

Use the show interface tunnel.<TUNNEL_NUMBER> command to show the tunnel's state.

For the configuration above the following result will be shown:

ecorouter#sh int tunnel.0 
 Interface tunnel.0 is up, line protocol is up 
  Ethernet address: 0000.ab27.8404 
  MTU: 1400 
  Tunnel source: 11.0.0.1 
  Tunnel destination: 12.0.0.2 
  Tunnel mode: GRE 
  ICMP redirection is on 
  <UP,BROADCAST,RUNNING,NOARP,MULTICAST> 
  inet 172.16.0.1/16 broadcast 172.16.255.255/16 
  total input packets 0, bytes 0 
  total output packets 0, bytes 0

IP in IP

IP in IP is a tunnelling mechanism which allows to put one IP packet into another.

The tunneling process is to add another one IP header to a standard IP packet. In the upper header will contain tunnel's start and finish IP addresses. After the packet has come into the tunnel finish router the upper header will be removed, the packet will be transmitted further with an ordinary inner IP header.

MTU in IP in IP

The typical dimension of MTU for L3 interface is 1500 bytes. When the service header is added new requirements for MTU value when transmitting packet appear. The IP in IP header has a size of 20 bytes, IP packet's header is 20 bytes, thus it is necessary to specify the maximum size of MTU on tunnel interfaces less than the standard Ethternet value.

Flags in IP in IP

In EcoRouterOS incapsulation for external header specifies the DF bit to 1 (do not fragmentize).

If incoming frame's header contains MF bit set to 1 (fragmentized) or fragment offset bit set to 1 (the last fragment of original frame) the frame will be rejected.