Cisco GRE routing semantics to ip_gre

ohroblot

2/7/23, 5:51 AM

I am reading this article about setting up a GRE IP Tunnel: https://packetpushers.net/anatomy-of-gre-tunnels/

There's a section about creating a GRE tunnel interface on router A

R1:
interface Tunnel100
tunnel mode gre
ip address 102.1.1.1 255.255.255.0
ipv6 enable                     
tunnel source Loopback0           
tunnel destination 2.2.2.2

I do not have a Cisco router but instead I am trying to create a similar GRE tunnel on a Debian Machine. What does the tunnel source/ tunnel destination map to in the typical ip_gre tunnel setup.

ip tunnel add Tunnel100 mode gre remote 2.2.2.2 local [?] ttl 64
ip addr add 102.1.1.1/24 dev Tunnel100
ip link set gre0 up

Is my above ip_gre settings configured correctly?

Once the gre tunnel is up, should I be able to ping from the 102.1.1.1/24 ip address range to hosts behind the 2.2.2.2 network?

0 + 0

routing

gre

tunnel

Score:0

Server

drookie

2/7/23, 9:30 AM

IP tunnels are mostly point-to-point, so they aren't able to send or receive the broadcast traffic (more complex technologies exist, but lets leave them out of the scope for now).

So no, your setup is incorrect: you need to configure the remote address for a tunnel too. Yeah, the mask can be any that you can imagine, but effectively it will still be /32 - all other masks will merely confuse your routing stack, and most of the time things will work only if the mask doesn't interfere with de-facto /32 on this interface. For Cisco IOS it's common to have /30 or /31 masks, because of the legacy issues.

The latter means that you have to assign separate network prefix to an interface, or you won't be able to reach the networks behind the tunnel remote.

What about the 2.2.2.2 question - its form makes me think that you confuse inner and outer addresses of the tunnel. Outer ones are merely here to make sure the packet will be routed across the network where it would be dropped otherwise. For example, the packet with ip dst 192.168.0.1 isn't able to pass the WAN, - thats why in order to link the networks 192.168.0.0/24 and 192.168.1.0/24 via WAN the tunnel may be created, with outer IP addresses from public space. ip tunnel add usually contains outer (public) addresses, and ip addr add contains inner ones. This, of course, will be working if both pairs are private ones, but this setup is not intuitive.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Cisco GRE routing semantics to ip_gre

TH: Cisco GRE กำหนดเส้นทางความหมายไปยัง ip_gre

RO: Semantica de rutare Cisco GRE către ip_gre

RU: Семантика маршрутизации Cisco GRE для ip_gre

VI: Ngữ nghĩa định tuyến GRE của Cisco tới ip_gre

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.