Cisco IOS to Linux GRE Tunnel

Cisco IOS to Linux GRE Tunnel

Cisco IOS to Linux Server (RHEL 5.x) GRE tunnel is configured using the following network scenario. In both side there is default route. The default route is created in Cisco router but not in Linux server however it comes itself when IP is assigned to the interface facing the internet.

Cisco IOS to Linux GRE Tunnel Network Scenario

Cisco IOS To LINUX GRE Tunnel

For this purpose, I’ve used RedHat  Enterprise Linux (RHEL) 5.x and Cisco 3620 Router where the RHEL has been installed in ESXI virtual Machine. Network IP 192.168.5.0/24 is assumed as public internet IP address.

 Cisco Router Configuration

  1. Eth0/1 is configured with ip address 192.168.5.55/24
  2. Tunnel 0 is created and configured with IP address 10.10.10.2/30. The tunnel source is specified the interface “eth0/1” facing internet and destination is specified another side internet IP address “192.168.5.167”
  3. Loopback 0 and 1 is configured for testing purpose from Linux server
  4. Default route is configured with next-hop “eth0/1”

The configuration looks like as below in Cisco router; 

 

interface Tunnel0
ip address 10.10.10.2 255.255.255.252
ip mtu 1380
tunnel source Ethernet0/1
tunnel destination 192.168.5.167
!
interface loopback 0
ip address 192.168.255.3 255.255.255.0
!
interface loopback 1
ip address 192.168.254.1 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.5.55 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/1

 

Linux server (RHEL) is  configured as below

  1. Eth0 is configured with IP address 192.168.5.167/24
Configure the Interface eth0
[root@localhost ~]# #ifconfig eth0 192.168.5.167 netmask 255.255.255.0 up
[root@localhost ~]# #route add default gw 192.168.5.1
 
Verifying the all active Interface status. Note that the GRETUN0 appears only after adding the configuration.
 
[root@localhost ~]# ifconfig
eth0      Link encap:Ethernet HWaddr00:0C:29:2C:3E:0C
inet addr:192.168.5.167  Bcast:192.168.5.255  Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe2c:3e0c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:10179 errors:0 dropped:0 overruns:0 frame:0
TX packets:10036 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1125105 (1.0 MiB)  TX bytes:1133222 (1.0 MiB)
Interrupt:59 Base address:0x2000
 
GRETUN0  Link encap:UNSPEC  HWaddr C0-A8-05-A7-C9-BF-E8-FC-00-00-00-00-00-00-00-00
inet addr:10.10.10.1  P-t-P:10.10.10.1  Mask:255.255.255.252
UP POINTOPOINT RUNNING NOARP  MTU:1380  Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2596 (2.5 KiB)  TX bytes:3292 (3.2 KiB)
 
lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:1755 errors:0 dropped:0 overruns:0 frame:0
TX packets:1755 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4231052 (4.0 MiB)  TX bytes:4231052 (4.0 MiB)

 

2. GRE tunnel is configured with Ip address 10.10.10.1/30 and local address 192.168.5.167 & destination address 192.168.5.55.

 

Firstly, to add the Config go to /etc/rc.local as;
[root@localhost ~]# vi /etc/rc.local
Now  add the GRE tunnel Config as;
 
modprobe ip_gre
ip tunnel add GRETUN0 mode gre remote 192.168.5.55 local 192.168.5.167
ip link ls dev GRETUN0
ip link set GRETUN0 up
ip link ls dev GRETUN0
ip addr add 10.10.10.1/30 dev GRETUN0
ip addr ls dev GRETUN0
ifconfig GRETUN0 mtu 1380
 
Modeprobe runs the module for GRE; ip tunnel creates the tunnel with GRETUN0 as the name for the tunnel. Remote and local are the same as source and destination. Don’t forget to type wq! to save the file after SHFIT+ESC and “:”. here i have used “VI” command to edit the configuration which is up to you among other methods.
 
Verifying the output, use cat /etc/rc.local .you can use less or more instead of cat gives the same output. In case using less type “q” to quit out the output window and in other case user CTRL+C.
 
[root@localhost ~]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the fullSysVstyle init stuff.
 
touch /var/lock/subsys/local
 
modprobe ip_gre
ip tunnel add GRETUN0 mode gre remote 192.168.5.55 local 192.168.5.167
ip link ls dev GRETUN0
ip link set GRETUN0 up
ip link ls dev GRETUN0
ip addr add 10.10.10.1/30 dev GRETUN0
ip addr ls dev GRETUN0
ifconfig GRETUN0 mtu 1380

 

3. Static route is added for network 192.168.255.0/24 and 192.168.254.0/24

Now  add the static route as;
 
[root@localhost ~]#ip route add 192.168.255.0/24 via 10.10.10.2
[root@localhost ~]#ip route add 192.168.254.0/24 via 10.10.10.2
 
OR use the following command
 
[root@localhost ~]#route add -net 192.168.255.0 netmask 255.255.255.0 gw 10.10.10.2
[root@localhost ~]#route add -net 192.168.254.0 netmask 255.255.255.0 gw 10.10.10.2
 
Where 10.10.10.2 is the Cisco‘s tunnel IP gateway for this network.
 
Verifying the Route, you can use netstat –rn or route –n. Routing table verifies that the destination networks are routed as desired.
 
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.10.10.0      0.0.0.0         255.255.255.252 U         0 0          0 GRETUN0
192.168.5.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.255.0   10.10.10.2      255.255.255.0   UG        0 0          0 GRETUN0
192.168.254.0   10.10.10.2      255.255.255.0   UG        0 0          0 GRETUN0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.5.1     0.0.0.0         UG        0 0          0 eth0
 
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.10.0      0.0.0.0         255.255.255.252 U     0      0        0 GRETUN0
192.168.5.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.255.0   10.10.10.2      255.255.255.0   UG    0      0        0 GRETUN0
192.168.254.0   10.10.10.2      255.255.255.0   UG        0 0          0 GRETUN0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         192.168.5.1     0.0.0.0         UG    0      0        0 eth0
 

 

Verifying  GRE tunnel status  Linux server to Cisco IOS 
Verifying the GRE tunnel form Linux server to Remote Network defined in Cisco Router
 
[root@localhost ~]#ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:2c:3e:0c brd ff:ff:ff:ff:ff:ff
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
4: gre0: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
5: GRETUN0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1380 qdisc noqueue
link/gre 192.168.5.167 peer 192.168.5.55
 
The above verify that the configured GRE Tunnel “GRETUN0” is up
 
[root@localhost ~]#ip tun
sit0: ipv6/ip  remote any  local any  ttl 64  nopmtudisc
gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
GRETUN0: gre/ip  remote 192.168.5.55  local 192.168.5.167  ttl inherit
[root@localhost ~]#
 
The above output verifies that the GRE tunnel has proper local and peer gateways
 
[root@localhost ~]# ping 10.10.10.1
PING10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.054 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.035 ms
 
— 10.10.10.1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.031/0.040/0.054/0.010 ms
 
Now  checking the rechability  to remote site GRE Tunnel interface IP of Cisco Router from Linux  Server.
[root@localhost ~]# ping 10.10.10.2
PING10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_seq=1 ttl=255 time=6.11 ms
64 bytes from 10.10.10.2: icmp_seq=2 ttl=255 time=3.27 ms
64 bytes from 10.10.10.2: icmp_seq=3 ttl=255 time=3.22 ms
64 bytes from 10.10.10.2: icmp_seq=4 ttl=255 time=3.27 ms
 
— 10.10.10.2 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 3.225/3.972/6.113/1.238 ms

After getting the rechability to remote GRE TUnnel defined in Cisco Router in above, Now checking the remote Networks  defined in Cisco loopback IPs.
[root@localhost ~]# ping 192.168.255.3
PING192.168.255.3 (192.168.255.3) 56(84) bytes of data.
64 bytes from 192.168.255.3: icmp_seq=1 ttl=255 time=3.37 ms
64 bytes from 192.168.255.3: icmp_seq=2 ttl=255 time=3.38 ms
64 bytes from 192.168.255.3: icmp_seq=3 ttl=255 time=3.38 ms
 
[root@localhost ~]# ping 192.168.254.1
PING192.168.255.3 (192.168.254.1) 56(84) bytes of data.
64 bytes from 192.168.254.1: icmp_seq=1 ttl=255 time=3.30 ms
64 bytes from 192.168.254.1: icmp_seq=2 ttl=255 time=3.38 ms
64 bytes from 192.168.254.1: icmp_seq=3 ttl=255 time=3.38 ms

Of course, the output above shows that it would be very helpful to complete your one of tough task to create a GRE Tunnel in Cisco IOS to Linux server.