Configure
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
59
Alcatel-Lucent
Beta
Beta
OmniAccess 5740 Unified Services Gateway Web GUI Users Guide
A
DD
T
UNNEL
I
NTERFACE
You can configure IPSec tunnel interface or GRE tunnel interface from the
interfaces page.
•
Generic Routing Encapsulation Tunnel Interface
Generic Routing Encapsulation is a simple, stateless protocol that allows for
the tunneling of any in GRE. IP is used as transport for GRE. GRE tunnels
can be used to form VPNs, connecting remote sites using private IP
addresses via a public network. Typically, GRE tunnel is run between the
customer edge routers and are transparent to the rest of the network.
With GRE tunnels, a provider does not need to convert any core devices to
MPLS or establish MP-BGP sessions. There is also no need to establish BGP
route reflectors or modify existing routing configuration or policies. Therefore,
a provider may offer an alternative VPN solution to MPLS in a much shorter
time frame with greatly simplified provisioning and support. GRE tunnels are
used to carry non-IP traffic (like IPX, Appletalk, DECnet from legacy networks)
over an IP backbone.
GRE tunnel setup and mapping
A GRE tunnel is configured by specifying two endpoints, one local and the
other remote. In order to establish a bidirectional path, a GRE tunnel must be
configured from the remote endpoint as well. No intermediary routers need to
be configured, and the tunnel rides on top of standard IP. The only
requirement is that the tunnel must be configured in a context where the
remote endpoint is reachable.
If the remote address of a GRE tunnel is not reachable, then any circuit
associated with that tunnel is brought down. Any interface bound to a GRE
circuit is also marked in a down state, and any route to the tunnel interface is
withdrawn. This prevents the “blackholing” of traffic caused by network
instability, where traffic is sent through a tunnel that can no longer reach the
remote endpoint.
Public addresses must be used for tunnel endpoint addresses. It is possible to
use private IP addresses as the GRE tunnel interface IP address allowing a
private address VPN to be carried over a public network.
Summary
GRE tunnels are a flexible and powerful tool on any Router for offering a VPN
service without the need to migrate to an MPLS core network. Contexts and
interfaces are used in combination with GRE tunneling to create a VPN
service complete with private addressing, routing, user authentication, and
debugging and logging.
•
GRE tunnels may also be used by providers who wish to offer a VPN service
before transitioning to MPLS.
•
GRE protocol is defined in RFC-2784
•
Provides a means of encapsulating IP and non IP packets inside GRE header
and transport the payload over the GRE tunnel.
•
GRE protocol header size (minimum without any options) is 4 bytes.