Cisco IOS to Linux GRE Tunnel
Cisco IOS to Linux Server (RHEL 5.x) GRE tunnel is configured using the following network scenario. In both side there is default route. The default route is created in Cisco router but not in Linux server however it comes itself when IP is assigned to the interface facing the internet.
Cisco IOS to Linux GRE Tunnel Network Scenario
For this purpose, I’ve used RedHat Enterprise Linux (RHEL) 5.x and Cisco 3620 Router where the RHEL has been installed in ESXI virtual Machine. Network IP 192.168.5.0/24 is assumed as public internet IP address.
Cisco Router Configuration
- Eth0/1 is configured with ip address 192.168.5.55/24
- Tunnel 0 is created and configured with IP address 10.10.10.2/30. The tunnel source is specified the interface “eth0/1” facing internet and destination is specified another side internet IP address “192.168.5.167”
- Loopback 0 and 1 is configured for testing purpose from Linux server
- Default route is configured with next-hop “eth0/1”
The configuration looks like as below in Cisco router;
| interface Tunnel0 ip address 10.10.10.2 255.255.255.252 ip mtu 1380 tunnel source Ethernet0/1 tunnel destination 192.168.5.167 ! interface loopback 0 ip address 192.168.255.3 255.255.255.0 ! interface loopback 1 ip address 192.168.254.1 255.255.255.0 ! interface Ethernet0/1 ip address 192.168.5.55 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 Ethernet0/1 |
Linux server (RHEL) is configured as below
- Eth0 is configured with IP address 192.168.5.167/24
| Configure the Interface eth0 [root@localhost ~]# #ifconfig eth0 192.168.5.167 netmask 255.255.255.0 up [root@localhost ~]# #route add default gw 192.168.5.1 Verifying the all active Interface status. Note that the GRETUN0 appears only after adding the configuration. [root@localhost ~]# ifconfig eth0 Link encap:Ethernet HWaddr00:0C:29:2C:3E:0C inet addr:192.168.5.167 Bcast:192.168.5.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2c:3e0c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10179 errors:0 dropped:0 overruns:0 frame:0 TX packets:10036 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1125105 (1.0 MiB) TX bytes:1133222 (1.0 MiB) Interrupt:59 Base address:0x2000 GRETUN0 Link encap:UNSPEC HWaddr C0-A8-05-A7-C9-BF-E8-FC-00-00-00-00-00-00-00-00 inet addr:10.10.10.1 P-t-P:10.10.10.1 Mask:255.255.255.252 UP POINTOPOINT RUNNING NOARP MTU:1380 Metric:1 RX packets:29 errors:0 dropped:0 overruns:0 frame:0 TX packets:29 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2596 (2.5 KiB) TX bytes:3292 (3.2 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1755 errors:0 dropped:0 overruns:0 frame:0 TX packets:1755 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4231052 (4.0 MiB) TX bytes:4231052 (4.0 MiB) |
2. GRE tunnel is configured with Ip address 10.10.10.1/30 and local address 192.168.5.167 & destination address 192.168.5.55.
| Firstly, to add the Config go to /etc/rc.local as; [root@localhost ~]# vi /etc/rc.local Now add the GRE tunnel Config as; modprobe ip_gre ip tunnel add GRETUN0 mode gre remote 192.168.5.55 local 192.168.5.167 ip link ls dev GRETUN0 ip link set GRETUN0 up ip link ls dev GRETUN0 ip addr add 10.10.10.1/30 dev GRETUN0 ip addr ls dev GRETUN0 ifconfig GRETUN0 mtu 1380 Modeprobe runs the module for GRE; ip tunnel creates the tunnel with GRETUN0 as the name for the tunnel. Remote and local are the same as source and destination. Don’t forget to type wq! to save the file after SHFIT+ESC and “:”. here i have used “VI” command to edit the configuration which is up to you among other methods. Verifying the output, use cat /etc/rc.local .you can use less or more instead of cat gives the same output. In case using less type “q” to quit out the output window and in other case user CTRL+C. [root@localhost ~]# cat /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don’t # want to do the fullSysVstyle init stuff. touch /var/lock/subsys/local modprobe ip_gre ip tunnel add GRETUN0 mode gre remote 192.168.5.55 local 192.168.5.167 ip link ls dev GRETUN0 ip link set GRETUN0 up ip link ls dev GRETUN0 ip addr add 10.10.10.1/30 dev GRETUN0 ip addr ls dev GRETUN0 ifconfig GRETUN0 mtu 1380 |
3. Static route is added for network 192.168.255.0/24 and 192.168.254.0/24
| Now add the static route as; [root@localhost ~]#ip route add 192.168.255.0/24 via 10.10.10.2 [root@localhost ~]#ip route add 192.168.254.0/24 via 10.10.10.2 OR use the following command [root@localhost ~]#route add -net 192.168.255.0 netmask 255.255.255.0 gw 10.10.10.2 [root@localhost ~]#route add -net 192.168.254.0 netmask 255.255.255.0 gw 10.10.10.2 Where 10.10.10.2 is the Cisco‘s tunnel IP gateway for this network. Verifying the Route, you can use netstat –rn or route –n. Routing table verifies that the destination networks are routed as desired. [root@localhost ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.10.10.0 0.0.0.0 255.255.255.252 U 0 0 0 GRETUN0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.255.0 10.10.10.2 255.255.255.0 UG 0 0 0 GRETUN0 192.168.254.0 10.10.10.2 255.255.255.0 UG 0 0 0 GRETUN0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.5.1 0.0.0.0 UG 0 0 0 eth0 [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.10.0 0.0.0.0 255.255.255.252 U 0 0 0 GRETUN0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.255.0 10.10.10.2 255.255.255.0 UG 0 0 0 GRETUN0 192.168.254.0 10.10.10.2 255.255.255.0 UG 0 0 0 GRETUN0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.5.1 0.0.0.0 UG 0 0 0 eth0 |
Verifying GRE tunnel status Linux server to Cisco IOS
|
Verifying the GRE tunnel form Linux server to Remote Network defined in Cisco Router
[root@localhost ~]#ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:2c:3e:0c brd ff:ff:ff:ff:ff:ff
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
4: gre0: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
5: GRETUN0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1380 qdisc noqueue
link/gre 192.168.5.167 peer 192.168.5.55
The above verify that the configured GRE Tunnel “GRETUN0” is up
[root@localhost ~]#ip tun
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
gre0: gre/ip remote any local any ttl inherit nopmtudisc
GRETUN0: gre/ip remote 192.168.5.55 local 192.168.5.167 ttl inherit
[root@localhost ~]#
The above output verifies that the GRE tunnel has proper local and peer gateways
[root@localhost ~]# ping 10.10.10.1
PING10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.054 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.035 ms
— 10.10.10.1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.031/0.040/0.054/0.010 ms
Now checking the rechability to remote site GRE Tunnel interface IP of Cisco Router from Linux Server.
[root@localhost ~]# ping 10.10.10.2
PING10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_seq=1 ttl=255 time=6.11 ms
64 bytes from 10.10.10.2: icmp_seq=2 ttl=255 time=3.27 ms
64 bytes from 10.10.10.2: icmp_seq=3 ttl=255 time=3.22 ms
64 bytes from 10.10.10.2: icmp_seq=4 ttl=255 time=3.27 ms
— 10.10.10.2 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 3.225/3.972/6.113/1.238 ms
After getting the rechability to remote GRE TUnnel defined in Cisco Router in above, Now checking the remote Networks defined in Cisco loopback IPs. [root@localhost ~]# ping 192.168.255.3 PING192.168.255.3 (192.168.255.3) 56(84) bytes of data. 64 bytes from 192.168.255.3: icmp_seq=1 ttl=255 time=3.37 ms 64 bytes from 192.168.255.3: icmp_seq=2 ttl=255 time=3.38 ms 64 bytes from 192.168.255.3: icmp_seq=3 ttl=255 time=3.38 ms [root@localhost ~]# ping 192.168.254.1 PING192.168.255.3 (192.168.254.1) 56(84) bytes of data. 64 bytes from 192.168.254.1: icmp_seq=1 ttl=255 time=3.30 ms 64 bytes from 192.168.254.1: icmp_seq=2 ttl=255 time=3.38 ms 64 bytes from 192.168.254.1: icmp_seq=3 ttl=255 time=3.38 ms |
Of course, the output above shows that it would be very helpful to complete your one of tough task to create a GRE Tunnel in Cisco IOS to Linux server.