Saturday , December 7 2024
Home / Security / GRE on Huawei routers

GRE on Huawei routers

Generic Routing Encapsulation (GRE) is introduced to encapsulate packets. Then these packets can be transmitted over an IPv4 network. GRE provides a mechanism to encapsulate packets of one protocol into packets of another protocol. This allows packets to be transmitted over heterogeneous networks. GRE also provides tunnels to transparently transmit VPN packets. When a device receives a packet that needs to be encapsulated and routed, it adds a GRE header to the packet and encapsulates it into another protocol such as IP. The packet is then forwarded by the IP protocol.

Let’s try to configure GRE tunnel between labnario_1 and labnario_3. All packets sent from PC_1 to PC_2, and vice versa, will be transmitted through the GRE tunnel.

Assure communication between routers in the network. It is omitted here.

Create a tunnel interface with tunnel-protocol as GRE on both labnario_1 and labnario_3 routers. Assign IP address of tunnel interface and IP addresses of tunnel’s source and destination:

[labnario_1]interface Tunnel 0/0/0
[labnario_1-Tunnel0/0/0]ip address 10.0.0.1 255.255.255.0
[labnario_1-Tunnel0/0/0] tunnel-protocol gre
[labnario_1-Tunnel0/0/0] source 150.0.0.1
[labnario_1-Tunnel0/0/0] destination 160.0.0.1

[labnario_3]interface Tunnel 0/0/0
[labnario_3-Tunnel0/0/0]ip address 10.0.0.2 255.255.255.0
[labnario_3-Tunnel0/0/0] tunnel-protocol gre
[labnario_3-Tunnel0/0/0] source 160.0.0.1
[labnario_3-Tunnel0/0/0] destination 150.0.0.1

Configure static routing on labnario_1 and labnario_3 to PC_2 and PC_1 respectively, with GRE tunnel as outbound interface. This ensures that all traffic directed to those PCs will be going through GRE tunnel interface.

[labnario_1]ip route-static 172.16.10.0 255.255.255.0 Tunnel0/0/0

[labnario_3]ip route-static 172.16.0.0 255.255.255.0 Tunnel0/0/0

Check routing tables of both routers:

[labnario_1]display ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 10       Routes : 10       

Destination/Mask    Proto   Pre  Cost  Flags NextHop         Interface

       10.0.0.0/24  Direct  0    0       D   10.0.0.1        Tunnel0/0/0
       10.0.0.1/32  Direct  0    0       D   127.0.0.1       Tunnel0/0/0
      127.0.0.0/8   Direct  0    0       D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0       D   127.0.0.1       InLoopBack0
      150.0.0.0/24  Direct  0    0       D   150.0.0.1       GigabitEthernet0/0/0
      150.0.0.1/32  Direct  0    0       D   127.0.0.1       GigabitEthernet0/0/0
      160.0.0.0/24  OSPF    10   2       D   150.0.0.2       GigabitEthernet0/0/0
     172.16.0.0/24  Direct  0    0       D   172.16.0.2      Ethernet0/0/0
     172.16.0.2/32  Direct  0    0       D   127.0.0.1       Ethernet0/0/0
    172.16.10.0/24  Static  60   0       D   10.0.0.1        Tunnel0/0/0

[labnario_3]display ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 10       Routes : 10       

Destination/Mask    Proto   Pre  Cost   Flags NextHop         Interface

       10.0.0.0/24  Direct  0    0        D   10.0.0.2        Tunnel0/0/0
       10.0.0.2/32  Direct  0    0        D   127.0.0.1       Tunnel0/0/0
      127.0.0.0/8   Direct  0    0        D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0        D   127.0.0.1       InLoopBack0
      150.0.0.0/24  OSPF    10   2        D   160.0.0.2       GigabitEthernet0/0/1
      160.0.0.0/24  Direct  0    0        D   160.0.0.1       GigabitEthernet0/0/1
      160.0.0.1/32  Direct  0    0        D   127.0.0.1       GigabitEthernet0/0/1
     172.16.0.0/24  Static  60   0        D   10.0.0.2        Tunnel0/0/0
    172.16.10.0/24  Direct  0    0        D   172.16.10.2     Ethernet0/0/0
    172.16.10.2/32  Direct  0    0        D   127.0.0.1       Ethernet0/0/0

Let’s check if traffic is going through GRE tunnel:

PC_1>ping 172.16.10.1 -t

Ping 172.16.10.1: 32 data bytes, Press Ctrl_C to break
From 172.16.10.1: bytes=32 seq=1 ttl=126 time=31 ms
From 172.16.10.1: bytes=32 seq=2 ttl=126 time=78 ms
From 172.16.10.1: bytes=32 seq=3 ttl=126 time=78 ms
From 172.16.10.1: bytes=32 seq=4 ttl=126 time=63 ms
From 172.16.10.1: bytes=32 seq=5 ttl=126 time=94 ms
From 172.16.10.1: bytes=32 seq=6 ttl=126 time=78 ms
From 172.16.10.1: bytes=32 seq=7 ttl=126 time=62 ms
From 172.16.10.1: bytes=32 seq=8 ttl=126 time=32 ms
From 172.16.10.1: bytes=32 seq=9 ttl=126 time=93 ms
From 172.16.10.1: bytes=32 seq=10 ttl=126 time=78 ms

--- 172.16.10.1 ping statistics ---
  10 packet(s) transmitted
  10 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 31/67/94 ms

[labnario_1]display interface Tunnel 0/0/0
Tunnel0/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2013-01-28 13:22:16 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.0.0.1/24
Encapsulation is TUNNEL, loopback not set
Tunnel source 150.0.0.1 (GigabitEthernet0/0/0), destination 160.0.0.1
Tunnel protocol/transport GRE/IP, key disabled
keepalive disabled
Checksumming of packets disabled
Current system time: 2013-01-28 13:22:59-08:00
    300 seconds input rate 0 bits/sec, 0 packets/sec
    300 seconds output rate 0 bits/sec, 0 packets/sec
    49 seconds input rate 136 bits/sec, 0 packets/sec
    49 seconds output rate 136 bits/sec, 0 packets/sec
    10 packets input,  840 bytes
    0 input error
    10 packets output,  840 bytes
    0 output error
    Input:
      Unicast: 0 packets, Multicast: 0 packets
    Output:
      Unicast: 10 packets, Multicast: 0 packets
    Input bandwidth utilization  : --
    Output bandwidth utilization : --

Use debugging for GRE verification:

<labnario_1>debugging tunnel ?
  all        All debugging functions
  control    Control debugging function
  error      Error debugging function
  keepalive  GRE keepalive debugging function
  packet     Packet debugging function
  timer      Timer debugging function

<labnario_3>debugging tunnel all 
<labnario_3>t m
Info: Current terminal monitor is on.
<labnario_3>t d
Info: Current terminal debugging is on.

Jan 28 2013 12:25:04.340.3-08:00 labnario_1 TUNNEL/7/debug:GRE_FWD: Tunnel0/0/0-Out:GRE/IP encapsulated 150.0.0.1->160.0.0.1(len = 84).
Jan 28 2013 12:25:04.340.4-08:00 labnario_1 TUNNEL/7/debug:GRE_FWD: GRE Transmit: Transmit packets through IP output sucessfully.
Jan 28 2013 12:25:04.400.1-08:00 labnario_1 TUNNEL/7/debug:GRE_FWD:GRE-Input: Src(160.0.0.1)/dest(150.0.0.1), length = 84.
Jan 28 2013 12:25:04.400.2-08:00 labnario_1 TUNNEL/7/debug:GRE_FWD: Get packet without checksum.
Jan 28 2013 12:25:04.400.3-08:00 labnario_1 TUNNEL/7/debug:GRE_FWD: Tunnel0/0/0-In: GRE decapsulated IP source(172.16.10.1)/destination(172.16.0.1)(len = 60).
Jan 28 2013 12:25:04.400.4-08:00 labnario_1 TUNNEL/7/debug:GRE_FWD: Put packets into IP queue sucessfully.
Jan 28 2013 12:25:05.400.1-08:00 labnario_1 TUNNEL/7/debug:GRE_FWD: GRE-Encapsulation: Mbuf length = 60 from Tunnel0/0/0 out.

Packet capture output from interface GE0/0/0 of labnario_1:

Final configs:

sysname labnario_1
#
interface Ethernet0/0/0
 ip address 172.16.0.2 255.255.255.0
#
interface GigabitEthernet0/0/0
 ip address 150.0.0.1 255.255.255.0
#
interface Tunnel0/0/0
 ip address 10.0.0.1 255.255.255.0
 tunnel-protocol gre
 source 150.0.0.1
 destination 160.0.0.1
#
ospf 1
 area 0.0.0.0
  network 150.0.0.0 0.0.0.255
#
ip route-static 172.16.10.0 255.255.255.0 Tunnel0/0/0

sysname labnario_2
#
interface GigabitEthernet0/0/0
 ip address 150.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 160.0.0.2 255.255.255.0
#
ospf 1
 area 0.0.0.0
  network 150.0.0.0 0.0.0.255
  network 160.0.0.0 0.0.0.255

sysname labnario_3
#
interface Ethernet0/0/0
 ip address 172.16.10.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 160.0.0.1 255.255.255.0
#
interface Tunnel0/0/0
 ip address 10.0.0.2 255.255.255.0
 tunnel-protocol gre
 source 160.0.0.1
 destination 150.0.0.1
#
ospf 1
 area 0.0.0.0
  network 160.0.0.0 0.0.0.255
#
ip route-static 172.16.0.0 255.255.255.0 Tunnel0/0/0

Leave a Reply

Your email address will not be published. Required fields are marked *