GRE and IP in IP Tunnels

GRE is a tunneling mechanism able to transport packets of one protocol within another protocol. The passenger protocol is the protocol carried, and the transport protocol is the protocol that is used for carrying the passenger protocol. GRE uses IP as the transport protocol and can be used for carrying many different passenger protocols (IPv4, IPv6 or non-IP protocols such as CLNS or IPX).

Contents

• Topology
• Generic Routing Encapsulation (GRE) Tunnels
  • GRE Configuration
• IP in IP Tunnels
  • IP in IP Configuration
• Recursion Errors in tunnel configuration

Topology            

Figure 1

Generic Routing Encapsulation (GRE) Tunnels

The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.

GRE uses IP protocol 47.

Figure 2

GRE Configuration

Figure 3

Configuring a GRE tunnel involves creating a tunnel interface, which is a logical interface. However, before creating any tunnel interface is recommended to verify IP reachability (ping command) between endpoints.

Verify reachability:

Create a tunnel interface:

Define a tunnel source and destination:

Define payload protocols:

Enable keepalives if needed. GRE keepalives were implemented to determine possible issues with the remote endpoint and avoid traffic being black holed. Only local issues can cause a tunnel to go down if keepalives are not configured.

Setting the IP MTU on the tunnel interface is used to attempt to offload fragmentation to the remote end and ideally stop the router from having to do fragmentation. The TCP Adjust MSS feature is used to have the router edit the payload of a TCP three-way handshake if the MSS exceeds the configured value. At a maximum, the MSS should be the IP MTU minus 40 bytes (20 bytes for the IP header + 20 bytes for the TCP header).

The example below explains how to create the GRE tunnels between the endpoints shown in Figure 3.

IP in IP tunnels

IP in IP tunneling refers to the encapsulation of an IP packet (passenger) as a payload in another IP packet (transport). IP in IP tunneling does not require any additional header such as a GRE header used in the GRE tunnels.

IP in IP can only carry IP payload and all possible combinations are: IPv4 over IPv4, IPv6 over IPv4, IPv4 over IPv6, and IPv6 over IPv6.

It uses IP protocol 4.

Figure 4

IP in IP Configuration

Figure 5

Configuration steps are the same as GRE except for the tunnel mode.

The example below explains how to create the IP in IP tunnels between the endpoints shown in Figure 5.

Recursion Errors in Tunnels

The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the GRE tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes:

• A misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing)
• A temporary instability caused by route flapping elsewhere in the network

Solution 1 to Recursive Errors

The simplest solution is to use one routing domain for the links which the tunnel traffic would have to transit (e.g. EIGRP AS 1) and a different routing domain (e.g. EIGRP AS 2) over the tunnel and for networks connected using the tunnel.   This way, the problem would not arise.

Figure 6

Configuration:

Solution 2 to Recursive Errors

If the tunnel has to be advertised into the same routing domain, then the important thing is to filter the tunnel source addresses from any route advertisements sent out of the tunnel – so that the far side router will not see a more preferred route through the tunnel (lower metric).

Figure 7

First, match the tunnel source network with a prefix-list and remember to allow other prefixes. Then apply this distribute list to the routing protocol with a distribute list out of the tunnel.