GRE Tunnel 2

Wendell
By Wendell June 30, 2016 13:05

GRE tunnels, without the encryption, can be a breeze to configure and verify – you just need to practice the variations. Today’s post does just that, with a lab topology that looks like two enterprise routers connected to the Internet, with a need for a point-to-point GRE tunnel. No muss, no fuss, just get the tunnel working, make it pingable across the tunnel, with EIGRP exchanging routes.

Requirements

This lab uses a rather small design with three routers, but actually does a nice job of approximating how two remote enterprise sites would connect to the Internet. Think of the two routers on the edges of the figure as enterprise routers (Acme1 and Acme2). Both have an Internet access link, and both have a default route (ip route 0.0.0.0  0.0.0.0) with a next-hop address referencing the router in the middle of the design. The one router in the middle represents the entire Internet, but one is enough: The Enterprise routers now have public IP addresses on the links connected to the cloud, and private IP addresses in network 10.0.0.0.

The specific rules for this lab are:

  • As the tunnel source, refer to each router’s local interface that the Acme router to the Internet
  • As the tunnel destination, use the remote Internet IP addresses on the Acme routers (that is, the IP addresses used as the source address by the opposite router)
  • Assign the tunnel IP addresses as private IP addresses per the figure
  • Configure EIGRP on the tunnel interface using EIGRP network commands
  • Use all existing EIGRP parameters and autonomous systems.
  • Assume all device interfaces shown in the lab are up, working and with correct IP addresses assigned.

 

Figure 1: Two Enterprise Routers at Acme Corp, with One Router Acting as Entire Internet

 

Initial Configuration

Examples 1, 2 and 3 show the beginning configuration state of Internet, Acme1 and Acme2.

Example 1: Internet Config

 

Example 2: Acme1 Config

 

Example 3: Acme2 Config

 

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

To test your solution, if you happen to try it with VIRL or real gear, you can verify the configuration and operation of the tunnel interface by issuing the show interfaces tunnel0 command. EIGRP should form a neighborship across the interface and allow each of the Acme branch routers to see each other’s routes and to communicate between each other. Additionally, look at show ip interface brief, which should show the tunnel interface, it’s IP address, and a state of up/up.

 

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

The VIRL topology matches this lab topology exactly.

Answers: PPP over Ethernet 1
Answers: GRE Tunnel 2
Wendell
By Wendell June 30, 2016 13:05
Write a comment

2 Comments

  1. Sanjin Beslagic November 13, 08:45

    Hi,

    can you please explain to me how to make routes on router named Internet. We have default routes on Edge1 and Edge2 and one router between them.

    Sanjin

    Reply to this comment
    • certskills November 21, 13:17

      Hi Sanjin,
      The Internet router in this case only needs to route packets to addresses in those two inner subnets, and those are covered by connected routes. So the Internet router needs no static routes nor routing protocol for this limited case in a lab. EG:
      Acme1 uses its default route when forwarding to the 198.51.100.2 tunnel destination, sending the packet to the Internet router.
      The Internet router has a connected route for 198.51.100.0/30, matching that destination, sending the packet to Acme2.
      Similar logic in the reverse direction.
      Wendell

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories