Junos Intermediate Routing Chapter 6: IP Tunneling
Chapter Objectives After successfully completing this chapter, you will be able to: Describe IP tunneling concepts and applications Explain the basic operations of GRE and IP-IP tunnels Configure and monitor GRE and IP-IP tunnels
Agenda: IP Tunneling Overview of IP Tunneling GRE and IP-IP Tunnels Implementing GRE and IP-IP Tunnels
What Is an IP Tunnel? An IP communications channel between two networks over an IP network (typically the Internet) Can be secure or unsecure, depending on tunneling protocol Internet Customer X Site-A Customer X Site-B
Tunneling IP Packets When a packet enters an IP tunnel, it is encapsulated; once it exits the tunnel, it is decapsulated Tunnel Endpoint A Internet Tunnel Endpoint B Rtr X User A User B Encapsulated Packets Payload Packet Payload Packet Outer IP Header Tunnel Header IP Header Inner IP Header IP Header IP Payload IP Payload IP Payload
Uses of IP Tunnels (1 of 2) IP tunnels can carry traffic that is not otherwise routable over a public IP network such as the Internet This traffic could include IPX, AppleTalk, or IP traffic that uses RFC 1918 addressing Internet Company X Site-A Company X Site-B IPX IPX IP Tunnel AppleTalk AppleTalk RFC 1918 RFC 1918
Uses of IP Tunnels (2 of 2) IP tunnels can be used as backup links if failure occurs Use route preference or metrics to prefer internal connection over IP tunnel when the network is stable Internet Note: Traffic from Subnet A to Subnet B uses primary path between R1 and R2 when it is available; otherwise the IP tunnel is used. Tunnel functions as a point-to-point link between R1 and R2 R1 R2 Subnet A Subnet B
Agenda: IP Tunneling Overview of IP Tunneling GRE and IP-IP Tunnels Implementing GRE and IP-IP Tunnels
Overview of GRE and IP-IP GRE is an IP tunneling protocol that can encapsulate a wide variety of Network Layer protocol packet types IP-IP is an IP tunneling protocol that can encapsulate one IP packet inside another IP packet IPX Internet IPX Outer IP Header AppleTalk GRE Header IP Tunnel AppleTalk Inner IP Header RFC 1918 IP Payload RFC 1918 Internet RFC 1918 IP Tunnel RFC 1918 Outer IP Header Inner IP Header IP Payload
Intentionally Blank
GRE and IP-IP Tunnel Requirements (1 of 2) A tunnel interface is required on each tunnel endpoint GRE and IP-IP tunnels use the gr-x/y/z and ip-x/y/z naming standards, respectively Tunnel Endpoint A Internet Tunnel Endpoint B Rtr X gr-0/0/0.0 ip-0/0/0.0 gr-0/0/0.0 ip-0/0/0.0 User A User B A single tunnel can be defined on each logical interface.
GRE and IP-IP Tunnel Requirements (2 of 2) An end-to-end communications path is required Routing Requirements Tunnel endpoints must have a valid route to the remote endpoint. All intermediary devices must have a route to the tunnel endpoints. Tunnel endpoints must have a route that directs traffic into tunnel. Internet Tunnel Endpoint A Tunnel Endpoint B User A User B
GRE and IP-IP Tunnel Considerations (1 of 3) By default, GRE and IP-IP tunnels are stateless Some GRE implementations provide a keepalive mechanism; BFD also accomplishes the same functionality Internet Tunnel Endpoint A Rtr X Tunnel Endpoint B User A User B Tunnel remains up on side A even though tunnel is down on side B gr-0/0/0.0 = up gr-0/0/0.0 = down
Intentionally Blank
GRE and IP-IP Tunnel Considerations (2 of 3) Tunnels add additional overhead to packets, which can adversely affect some types of communications Packets larger than the MTU are fragmented or dropped depending if the DF bit is clear or set MSS = 1500 Internet MTU = 1476 MTU = 1476 Tunnel Endpoint A Tunnel Endpoint B User A User B By default, packets larger than 1476 will either be fragmented or dropped.
Intentionally Blank
GRE and IP-IP Tunnel Considerations (3 of 3) The route for the remote tunnel endpoint cannot use the tunnel interface as next hop; if so, the tunnel will bounce We recommend a very specific route with a low route preference, such as a static route Destination Prefix Next Hop Protocol/ Preference 192.168.2.1 172.18.1.1 Static/5 Destination Prefix Next Hop Protocol/ Preference 192.168.1.1 172.18.2.1 Static/5 Internet (.2) 172.18.1.0/30 (.1) (.1) 172.18.2.0/30 (.2) Tunnel Endpoint A Rtr X Tunnel Endpoint B User A User B lo0: 192.168.1.1 lo0: 192.168.2.1
Agenda: IP Tunneling Overview of IP Tunneling GRE and IP-IP Tunnels Implementing GRE and IP-IP Tunnels
Case Study: Objectives and Topology Use the sample topology and implement a GRE tunnel between R1 and R2 that carries traffic destined to the remote 172.20.11x.0/24 subnet Internet (.10) 172.20.110.0/24 (.1) (.1) 172.20.111.0/24 (.10) (.2) 172.18.1.0/30 (.1) (.1) 172.18.2.0/30 (.2) R1 Rtr X R2 lo0: 192.168.1.1 lo0: 192.168.2.1 gr-0/0/0.0 gr-0/0/0.0 Note: The preceding steps used to implement and monitor a GRE tunnel are also applicable to IP-IP tunnels.
Case Study: Defining the Tunnel Interface [edit] user@R1# show interfaces gr-0/0/0 unit 0 { tunnel { source 192.168.1.1; destination 192.168.2.1; } family inet; [edit] user@R2# show interfaces gr-0/0/0 unit 0 { tunnel { source 192.168.2.1; destination 192.168.1.1; } family inet; We recommend using the loopback addresses as the tunnel source and destination addresses Family inet is required to process IPv4 packets through the tunnel Internet (.10) 172.20.110.0/24 (.1) (.1) 172.20.111.0/24 (.10) (.2) 172.18.1.0/30 (.1) (.1) 172.18.2.0/30 (.2) R1 Rtr X R2 lo0: 192.168.1.1 lo0: 192.168.2.1 gr-0/0/0.0 gr-0/0/0.0
Intentionally Blank
Case Study: Defining the Required Routes [edit] user@R1# show routing-options static route 192.168.2.1/32 next-hop 172.18.1.1; route 172.20.111.0/24 next-hop gr-0/0/0.0; [edit] user@R2# show routing-options static route 192.168.1.1/32 next-hop 172.18.2.1; route 172.20.110.0/24 next-hop gr-0/0/0.0; Internet (.10) 172.20.110.0/24 (.1) (.1) 172.20.111.0/24 (.10) (.2) 172.18.1.0/30 (.1) (.1) 172.18.2.0/30 (.2) R1 Rtr X R2 lo0: 192.168.1.1 lo0: 192.168.2.1 gr-0/0/0.0 gr-0/0/0.0 Note: Remember that all intermediary routers must have a route to the loopback addresses.
Case Study: Verifying Operations (1 of 3) Use the show interfaces interface-name terse command to verify the tunnel interface is up user@R1> show interfaces gr-0/0/0 terse Interface Admin Link Proto Local Remote gr-0/0/0 up up gr-0/0/0.0 up up inet user@R2> show interfaces gr-0/0/0 terse Interface Admin Link Proto Local Remote gr-0/0/0 up up gr-0/0/0.0 up up inet Internet (.10) 172.20.110.0/24 (.1) (.1) 172.20.111.0/24 (.10) (.2) 172.18.1.0/30 (.1) (.1) 172.18.2.0/30 (.2) R1 Rtr X R2 lo0: 192.168.1.1 lo0: 192.168.2.1 gr-0/0/0.0 gr-0/0/0.0 Note: Remember GRE and IP-IP tunnels are stateless so you should always ensure that both sides are up.
Case Study: Verifying Operations (2 of 3) Use the show route command to ensure that the required routes are installed on both tunnel endpoints user@R1> show route 192.168.2.1 inet.0: 11 destinations, 11 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.2.1/32 *[Static/5] 01:19:00 > to 172.18.1.1 via ge-0/0/3.0 user@R1> show route 172.20.111.0/24 172.20.111.0/24 *[Static/5] 01:17:44 > via gr-0/0/0.0
Case Study: Verifying Operations (3 of 3) Send traffic through the tunnel and confirm that interface statistics are increasing on the tunnel interface user@R1> ping 172.20.111.10 rapid count 25 source 172.20.110.1 PING 172.20.111.10 (172.20.111.10): 56 data bytes !!!!!!!!!!!!!!!!!!!!!!!!! --- 172.20.111.10 ping statistics --- 25 packets transmitted, 25 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.492/3.185/8.064/2.521 ms user@R1> show interfaces gr-0/0/0.0 detail | find "traffic statistics" Traffic statistics: Input packets: 25 Output packets: 25 … Internet (.10) 172.20.110.0/24 (.1) (.1) 172.20.111.0/24 (.10) (.2) 172.18.1.0/30 (.1) (.1) 172.18.2.0/30 (.2) R1 Rtr X R2 lo0: 192.168.1.1 lo0: 192.168.2.1 gr-0/0/0.0 gr-0/0/0.0
Summary In this chapter, we: Described IP tunneling concepts and applications Explained the basic operations of GRE and IP-IP tunnels Configured and monitored GRE and IP-IP tunnels
Review Questions What are some common reasons to use IP tunnels? Name some differences between GRE and IP-IP. List the key requirements for GRE and IP-IP tunnels. Why should the route for the remote tunnel endpoint be specific and use a low route preference?
Lab 5: IP Tunneling Configure and monitor a GRE tunnel.