GRE - Tunnel Interface

I am trying to grasp the purpose of the 'interface tunnel#' command, where #
= the specific number of the interface I assign.

I understand how to configure the interface and that I need a Tunnel Source
& Destination address. I note that I would have a LAN Ip address and a WAN
Ip address. I simply want to understand the relevance of the Tunnel
Interface command as it clearly doesn't route traffic.

My colleague explained that it is needed to allow the router to use the
specific method of encapsulation e.g. GRE.

Has anyone go a really good WWW site that they could point me at, or,
provide a more detailed explanation.

Thanks.

 

Hi Darren!

It definitely routes traffic!!!
As far as I am aware today its mostly used in MultiPoint
Hub-and-Spoke/Spoke-to-Spoke Dunamic Multipoint GRE/IPSEC VPN's.(DMVPN)
This allows for mutlicast and broadcast traffic to be encapsulated and
sent across the tunnel through the virtual interface IPSEC protected,
whereas standard site-to-site IPSEC VPN's
won't do that...please correct me if I'm wrong.
But definitely routes traffic.
One can setup a site-to-site GRE tunnel and then you encrypt the
traffic.

Check the link out for some more technical definitions....
http://www.cisco.com/pcgi-bin/Suppo...logies:GRE&s=Implementation_and_Configuration

Rob

 

"
Tunneling provides a way to encapsulate arbitrary packets inside a
transport protocol. This feature is implemented as a virtual interface
to provide a simple interface for configuration. The tunnel interface
is not tied to specific "passenger" or "transport" protocols, but
rather, it is an architecture that is designed to provide the services
necessary to implement any standard point-to-point encapsulation
scheme. Because tunnels are point-to-point links, you must configure a
separate tunnel for each link.

Tunneling has the following three primary components:

Passenger protocol, which is the protocol that you are encapsulating
(AppleTalk, Banyan VINES, CLNS, DECnet, IP, or IPX)
Carrier protocol, which is one of the following encapsulation
protocols:
Generic route encapsulation (GRE), Cisco's multiprotocol carrier
protocol
Cayman, a proprietary protocol for AppleTalk over IP
EON, a standard for carrying CLNP over IP networks
NOS, IP over IP compatible with the popular KA9Q program
Distance Vector Multicast Routing Protocol (DVMRP) (IP in IP tunnels)
Transport protocol, which is the protocol used to carry the
encapsulated protocol (IP only)


One of the most common uses of GRE tunnels is for VPNs over the
Internet.
IP traffic with private address gets encasuplated in packet that has
routable public IP address. That what the tunnel source and tunnel
destionation confiuration commands are for.

And these GRE tunnels are defintiely for routing traffic

 

Thanks for the replies.

I am starting to understand a little better now. I was happy with the fact
that the Tunnel routed traffic between networks, my confusion was that the
actual Tunnel Interface seemed to be doing nothing.

On a given router I was trying to picture the interfaces (logical &
physical).

Interface Ethernet -----Interface Tunnel#----Interface Tunnel
Source-----Interface WAN----Tunnel Destination

Whilst I could picture that data left the Tunnel Source 'interface' en route
to it's destination, I made the mistake of thinking that data left the
Ethernet onward somehow via the Tunnel# interface before hopping out of the
Source Interface to it's destination. Confusing me even more was the fact
that each of the above networks can have completely different subnet ranges.

It's a difficult concept to grasp.

Regards

Darren

 

Yes it is a bit difficult to concetualize.

A tunnel interface is a logical interface which causes an extra IP
header to be added to a packet that goes into the tunnel.

An tunnel encapsulated packet will be routed out the physical interface
that has the best route to tunnel destination IP address.

 

hey i have a very basic doubt, why should i use gre protocol to make packet routable. I could directly use ip header over it and give a next protocol field as something useful.
I dont get why do we need to use gre for that.