↪️
ccie.nyquist.eu
  • Table of Contents
  • Layer 2 Technologies
    • Ethernet Switching
      • L2 Switch Operations
      • Spanning Tree
        • 802.1d – STP
        • 802.1w – RSTP
        • 802.1s – MSTP
      • VTP 101
      • Private VLANs
      • VLANs
      • EtherChannel 101
    • Layer 2 WAN Protocols
      • HDLC
        • HDLC 101
      • PPP
        • PPP 101
        • PPP Authentication - PAP
        • PPP Authentication – CHAP
        • PPP Authentication – EAP
        • PPP Multilink
        • PPPoFR – PPP over Frame Relay
        • PPPoE – PPP over Ethernet
      • Frame Relay
        • Frame Relay 101
        • Frame Relay 102
        • Frame Relay Encapsulations – IETF vs Cisco
        • Multilink Frame Relay
        • Frame Relay Switching
        • Routing over Frame Relay
      • Bridging
        • Bridging on a router
        • MTU 101
    • Wireless
      • Wireless Principles
      • Wireless Implementations
      • Wireless Roaming
      • Wireless Authentication
        • WPA2 PSK
        • WPA2 802.1X
  • IPv4
    • IPv4 Addressing
      • Backup Interfaces
      • FHRP 101
      • DHCP 101
      • DNS 101
      • ARP 101
      • IPv4 101
      • Tunnel Interfaces
        • GRE Tunnels
      • BFD – Bidirectional Forwarding Detection
    • IPv4 Routing
      • How the routing table is built
        • How CEF works
        • Routing Order of Operations
        • NSF – Non Stop Forwarding
      • RIP
        • RIP 101
      • EIGRP
        • EIGRP 101
        • EIGRP Metric
        • More EIGRP Features
      • OSPF
        • OSPF 101
        • OSPF Areas
        • OSPF LSAs
        • OSPF Mechanics
      • IS-IS
        • IS-IS 101
        • IS-IS Mechanics – CLNP
      • BGP
        • BGP 101
        • BGP Attributes
        • More BGP
      • Route Redistribution
      • Policy based Routing
      • PfR 101 – Perfromance Routing
      • ODR
  • IPv6
    • IPv6-101
    • IPv6 Routing
    • Interconnecting IPv6 and IPv4
  • MPLS
    • MPLS 101
    • MPLS L3 VPN
  • Multicast
    • Multicast 101
    • PIM 101
    • IGMP 101
    • Inter Domain Multicast
    • IPv6 Multicast
    • Multicast features on switches
  • Security
    • NAT 101
    • NAT for Overlapping Networks
    • ACLs 101
    • ACLs 102
    • Cisco IOS Firewall
    • Zone Based Firewall
    • AAA 101
    • Controlling CLI Access
    • Control Plane
    • Switch Security
      • Switchport Traffic Control
      • Switchport Port Security
      • DHCP Snooping and DAI
      • 802.1x
      • Switch ACLs
    • IPSec VPN 101
      • IKE / ISAKMP 101
      • IPSEC Crypto Maps 101
      • IPSEC VTI 101
      • DMVPN 101
    • EAP 101
  • Network Services
    • NTP 101
    • HTTP 101
    • File Transfer 101 – TFTP & FTP
    • WCCP 101
  • QoS
    • QoS 101
    • Classification and Marking
    • Congestion Management
      • Legacy Congestion Management
      • SPD – Selective Packet Discard
      • CBWFQ
      • IP RTP Priority
    • Congestion Avoidance – WRED
    • Policing and Shaping
      • CAR 101
    • Compression and LFI
      • Header and Payload Compression
      • LFI for MultiLink PPP
    • Frame Relay QoS
      • Per VC Frame Relay QoS
    • RSVP 101
    • Switching QoS
  • Network Optimization
    • NetFlow 101 – TNF – Traditional NetFlow
    • NetFlow 102 – FNF – Flexible NetFlow
    • IP SLA 101
    • IP Accounting 101
    • Logging 101
    • SNMP and RMON 101
    • Cisco CLI Tips and Tricks
    • AutoInstall
    • Enhanced Object Tracking
    • Troubleshooting 101
    • SPAN, RSPAN, ERSPAN
  • Network Architecture
    • Hierarchical Network Architecture
    • SD Access
    • SD WAN
Powered by GitBook
On this page
  • Tunnel Modes
  • GRE (Generic Routing Encapsulation)
  • Path MTU Discovery
  • VRF Support

Was this helpful?

  1. IPv4
  2. IPv4 Addressing

Tunnel Interfaces

PreviousIPv4 101NextGRE Tunnels

Last updated 2 years ago

Was this helpful?

Tunnel Modes

A tunnel makes two distant devices appear directly connected over a logical interface. When a packet is sent out on the tunnel interface, it is encapsulated in the “carrier” protocol and sent over a physical interface.The most used carrier protocols are GRE, IP-in-IP and IPv6, and this can be set using the tunnel mode.

When configuring a tunnel you must set a tunnel source, a destination and the carrier protocol:

R(config)# interface TUNNEL
R(config-if)# tunnel source {SRC-ADDR|SRC-INTERFACE}
R(config-if)# tunnel destination DEST-ADDR
R(config-if)# tunnel mode MODE

The tunnel source can be defined as either the Layer3 address or as an interface, but the destination can only be an address on the remote device. The tunnel mode specifies the carrier protocol. For IPv4, the most commonly used methods of tunneling are GRE and IPIP.

R(config-if)# tunnel mode {gre ip|ipip}
! gre ip - Encapsulates IPv4 in GRE
! ipip - Encapsulates IPv4 in IPv4

After this, you can define the encapsulating protocol’s address on the tunnel interface:

R(config-if)# ip address {unnumbered INTERFACE| IP-ADDR NETMSK}

When you have isolated networks running IPv6, you can connect them over an IPv4 backbone using tunnels. Common options are:

R(config-if)# tunnel mode {gre ipv6|ipv6ip [6to4|auto-tunnel|isatap]}
! gre ipv6 - Encapsulates IPv6 in GRE
! ipv6ip - Encapsulates IPv6 in IPv4

More details about configuring IPv6 tunnels can be found

Another option is to have ipv6 as the transport protocol:

R(config-if)# tunnel mode ipv6

The transported protocols can be IPv4 or IPv6, based on the type of address defined on the tunnel interface.

GRE (Generic Routing Encapsulation)

GRE is defined as IP Protcol 47. It adds a 20 byte IP header and 4 byte GRE header to an existing packet so that it can be routed based on this new information.

GRE Keepalives

GRE supports sending and monitoring keepalives to determine the status of a tunnel interface.

R(config-if)# keepalive [PERIOD [RETRIES]]
! Default PERIOD: 10 sec
! Default RETRIES: 5

Path MTU Discovery

Tunneling packets means an extra encapsulation header that is added to the packet which can make the packet too big on some links. To set the MTU value on a tunnel you can set it manually or use auto-discovery:

R(config-if)# ip mtu MTU
R(config-if)# tunnel path-mtu-discovery [age-timer {TIME|infinte}| min-mtu SIZE]
! Default TIME: 10 min

The discovery will run for a limited ammount of time unless the infinte keyword is used. Using SIZE, you can configure a minimum size of the discovered MTU that can be accepted. If the timer expires, the router will choose a MTU equal to the default interface MTU-20 Bytes for IP-in-IP or default interface MTU-24 Bytes for GRE. Path MTU discovery is only available on GRE and IPIP tunnels.

VRF Support

The transport protocol of one tunnel can run in one VRF, while the transported protocol can run in another VRF. By default, both the transport and the transported protocols run in the global VRF. You can change the VRF of the transporting protocol with:

R(config-if)# tunnel vrf VRF

Source and destination addresses of the tunnel must run in this VRF. To change the VRF of the transported protocol, use:

R(config-if)# ip vrf forwarding vRF

The addresses defined on the tunnel will run in this VRF.

here