GRE Configuration Example

NOTE:

GRE tunnel is a logical interface created by Linux kernel on software side. Once created, GRE tunnel stays in "UP" state unless it is shut down by CLI command "set l3-interface tunnel xxx disable".

For example, as shown in Figure 1, if physical port ge-1/1/1 is down, the underlay routing of the associate GRE tunnel is broken. It is not necessary that tunnel interface (tnl0) should be down. In this case, the state of GRE tunnel is "UP" in the display of show command run show l3-interface tunnel.

admin@R1# run show l3-interface tunnel tnl0
tnl0        State:UP
            Tunnel Source: 100.168.3.1
            Tunnel Destnation:: 100.168.10.2
            Tunnel protocol/transport: gre-ip
            Inet addr: 100.168.4.1
            Traffic statistics:
              5 sec input rate IPv4 0 packets/sec, IPv6 0 packets/sec
              5 sec forwarding rate IPv4 0 packets/sec, IPv6 0 packets/sec
              IPv4 Input Packets............................28
              IPv4 Forwarding Packets.......................5
              IPv6 Input Packets............................0
              IPv6 Forwarding Packets.........

In this document we will demonstrate a sample use case for GRE tunnels using two PICOS switches. As shown in Figure 1, we have two Pica8 switches connected to each other through a public IPv4 network. A host is connected with each device.

                                                                  Figure 1. GRE Tunnel Configuration

Switch configurations

Below is the switch R1 and R2 configurations.

R1 Configuration

Step 1: Configure L3 VLAN interface for GRE tunnel.

admin@R1# set vlans vlan-id 20 l3-interface vlan20
admin@R1# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 20
admin@R1# set l3-interface vlan-interface vlan20 address 100.168.3.1 prefix-length 24


Step 2: Configure L3 VLAN interface for PC1.

admin@R1# set vlans vlan-id 10 l3-interface vlan10
admin@R1# set l3-interface vlan-interface vlan10 vrf vrf1
admin@R1# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 10
admin@R1# set l3-interface vlan-interface vlan10 address 192.168.5.2 prefix-length 24


Step 3: Enable IP routing on R1 and configure VRF.

admin@R1# set ip routing enable true
admin@R1# set ip vrf vrf1 description orange


Step 4. Configure GRE tunnel name, IP, source IP, destination IP etc.

admin@R1# set l3-interface tunnel tnl0 address 100.168.4.1 prefix-length 24
admin@R1# set l3-interface tunnel tnl0 tunnel-mode gre-ip
admin@R1# set l3-interface tunnel tnl0 source 100.168.3.1
admin@R1# set l3-interface tunnel tnl0 destination 100.168.10.2
admin@R1# set l3-interface tunnel tnl0 vrf vrf1


Step 5: Create static routes for the GRE tunnel.

admin@R1# set protocols static vrf vrf1 route 192.168.6.0/24 next-hop 100.168.4.2
admin@R1# set protocols static route 100.168.10.0/24 next-hop 100.168.3.2


Or we can create the static route using the tunnel name as the next hop.

admin@R1# set protocols static vrf vrf1 interface-route 192.168.6.0/24 interface tnl0

R2 Configuration

Step1. Configure L3 VLAN interface for GRE tunnel.

admin@R2# set vlans vlan-id 20 l3-interface vlan20
admin@R2# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 20
admin@R2# set l3-interface vlan-interface vlan20 address 100.168.10.2 prefix-length 24


Step 2: Configure L3 VLAN interface for PC2.

admin@R2# set vlans vlan-id 10 l3-interface vlan10
admin@R2# set l3-interface vlan-interface vlan10 vrf vrf1
admin@R2# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 10
admin@R2# set l3-interface vlan-interface vlan10 address 192.168.6.2 prefix-length 24


Step 3: Enable IP routing on R1 and configure VRF.

admin@R2# set ip routing enable true
admin@R2# set ip vrf vrf1 description orange


Step 4. Configure GRE tunnel name, IP, source IP, destination IP etc.

admin@R2# set l3-interface tunnel tnl0 address 100.168.4.2 prefix-length 24
admin@R2# set l3-interface tunnel tnl0 tunnel-mode gre-ip
admin@R2# set l3-interface tunnel tnl0 source 100.168.10.2
admin@R2# set l3-interface tunnel tnl0 destination 100.168.3.1
admin@R2# set l3-interface tunnel tnl0 vrf vrf1


Step 5: Create static routes for the GRE tunnel.

admin@R2# set protocols static vrf vrf1 route 192.168.5.0/24 next-hop 100.168.4.1
admin@R2# set protocols static route 100.168.3.0/24 next-hop 100.168.10.3


Or we can also create the static route with the tunnel name as the next hop.

admin@R2# set protocols static vrf vrf1 interface-route 192.168.5.0/24 interface tnl0

Verify Configuration

  • Run command run show l3-interface tunnel to display information about the GRE tunnel interface.
admin@R1# run show l3-interface tunnel tnl0
tnl0        State:UP
            Tunnel Source: 100.168.3.1
            Tunnel Destnation:: 100.168.10.2
            Tunnel protocol/transport: gre-ip
            Inet addr: 100.168.4.1
            Traffic statistics:
              5 sec input rate IPv4 1400 packets/sec, IPv6 0 packets/sec
              5 sec forwarding rate IPv4 28 packets/sec, IPv6 0 packets/sec
              IPv4 Input Packets............................28
              IPv4 Forwarding Packets.......................5
              IPv6 Input Packets............................0
              IPv6 Forwarding Packets.......................0
  • To verify the configuration on R1, we can use the command show l3-interface tunnel tnl0 as shown below.
admin@R1# show l3-interface tunnel tnl0
vrf: "vrf1"
    address 100.168.4.1 {
        prefix-length: 24
    }
    tunnel-mode: "gre-ip"
    source: 100.168.3.1
    destination: 100.168.10.2
  • Similarly on R2, run the same command.
admin@R2# show l3-interface tunnel tnl0
vrf: "vrf1"
    address 100.168.4.2 {
        prefix-length: 24
    }
    tunnel-mode: "gre-ip"
    source: 100.168.10.2
    destination: 100.168.3.1
  • Check to see if PC1 can reach PC2.
PC1# ping 192.168.6.1
PING 192.168.6.1 (192.168.6.1) 56(84) bytes of data.
64 bytes from 192.168.6.1: icmp_seq=1 ttl=64 time=3.064 ms
64 bytes from 192.168.6.1: icmp_seq=2 ttl=64 time=2.062 ms
64 bytes from 192.168.6.1: icmp_seq=3 ttl=64 time=1.060 ms


Copyright © 2024 Pica8 Inc. All Rights Reserved.