Você está na página 1de 15

IP Tunneling

Devakanth
17th Mar 2009

Overview
Introduction

Types of IP Tunneling
Advantages / Disadvantages of IP Tunneling
GRE Tunneling
Keepalive Mechanism
Implementation of GRE Tunneling in Woolworths Network
Configuration Example

Introduction
IP Tunneling is a method of connecting two disjoint Internet Protocol (IP)
networks that don't have a native routing path to each other, via a
communications channel (the IP tunnel) that uses encapsulation
technologies across an intermediate network (through Service Provider).
In IP tunnelling, every IP packet, with addressing information of its source
and destination IP networks, is encapsulated within another packet format
which includes IP Headers and Tunnel headers at Layer 2.
Reasons to use Tunneling include carrying a payload over an incompatible
delivery network, or to provide a secure path through an un-trusted network.
Tunneling can also be used to
"sneak through" a firewall. A
protocol that is blocked by the
firewall is "wrapped" inside a
protocol that is NOT blocked
by the firewall

Types of Tunneling
Layer Two Forwarding (L2F)
L2F is a tunneling protocol developed by Cisco Systems, Inc. to establish
Virtual Private Network connections over the Internet. L2F does not provide
encryption or confidentiality by itself; It relies on the protocol being tunneled to
provide privacy.
Point-to-Point Tunneling Protocol (PPTP)
Point to Point Tunneling Protocol (PPTP) is a network protocol that enables
the secure transfer of data from a remote client to a private enterprise server by
creating a VPN across TCP/IP-based data networks. PPTP supports on-demand,
multiprotocol, virtual private networking over public networks, such as the Internet.
Layer Two Tunnel Protocol (L2TP)
The Layer 2 Tunnel Protocol (L2TP) is an emerging IETF standard that
combines the best features of two existing tunneling protocols: Cisco's Layer 2
Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP).

Types of Tunneling

contd

Generic Routing Encapsulation (GRE)


GRE Tunneling protocol developed by Cisco that can encapsulate a wide
variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link
to Cisco routers at remote points over an IP Internetwork.
Serial Tunnel (STUN)
STUN enables the integration of traditional systems network architecture
(SNA) networks with multiprotocol networks.
Serial Tunneling - Synchronous Data Link Control (STUN-SDLC)
Serial tunneling allows SDLC or HDLC devices to connect to one another
through a multiprotocol internetwork rather than through a direct serial link.
GPRS Tunneling Protocol (GTP)
GTP is a group of IP-based communications protocols used to carry General
Packet Radio Service (GPRS) within GSM and Universal Mobile Telecommunications
System (UMTS) networks.

Advantages / Disadvantages of IP Tunneling


Advantages :

Carrying IP Payload over an incompatible delivery network.


Provide a secure path through an un-trusted network.
Integration on Multi-Protocol Environments through one IP Network.
Sneak Through Firewall.

Disadvantages :
Encapsulated datagrams are larger while transmission
Encapsulation cannot be used unless it is known in advance that the
node at the tunnel exit point can de-capsulate the datagram.
Difficult to perform authentication either at the source or destination.

GRE Tunneling
Generic Routing Encapsulation (GRE)
GRE tunnels are virtual tunnels that are created on an intermediary network and that
are used to transmit GRE-encapsulated data packets from a first network to a
second network.
GRE tunnels are designed to be completely stateless. This means that each tunnel
end-point does not keep any information about the state or availability of the remote
tunnel end-point. A consequence of this is that the local tunnel end-point router does
not have the ability to bring the line protocol of the GRE Tunnel interface down if the
remote end of the tunnel is unreachable.
A GRE Tunnel interface comes up as soon as it is configured and it stays up as long
as there is a valid tunnel source address or interface which is up. The tunnel
destination IP address must be routable even if it is not reachable.
interface tunnel 0
ip address 1.1.1.1 255.255.255.240
tunnel source loopback0 // Virtual interfaces are always UP
tunnel destination 8.8.8.8

GRE Tunneling

contd

GRE Tunnel Keepalives


Keepalive messages are sent by one network device via a physical or virtual circuit
to inform another network device that the circuit between them still functions.
The Keepalive interval is the period of time between each Keepalive message that
is sent by a network device.
The Keepalive retries is the number of times that the device continues to send
Keepalive packets without response before the interface is brought down.
Router(config-if) # keepalive 5 4
!--- The syntax of this command is keepalive [seconds [retries]].
!--- The default values are 10 seconds for the interval and 3 retries.

GRE Tunneling Example

contd

GRE Keepalive Cycle

IP

IP SRC
129.9.9.9

IP DEST
128.8.8.8

IP

GRE
PT=IP

IP SRC
128.8.8.8

IP

IP SRC
128.8.8.8

IP DEST
129.9.9.9

GRE
PT=0

IP DEST
129.9.9.9

GRE
PT=0

Router-A sends a GRE


Keepalive to Router-B, with
Protocol Type PT = IP
Router-B decapsulates the outer
GRE packet and forwards the
inner GRE packet to Router-A

Router-A now decapsulates this GRE packet it sees PT=0, which is its Keepalive
response. It drops the GRE packet and resets the tunnel Keepalive couter to 0.
If it did not receive the response it will not reset its Keepalive Counter until it reaches
the Keepalive Retries value which is set on the Tunnel and brings the Tunnel Down

Implementation on Woolworths Network


All IP Tunnels established from the Stores are
GRE Tunnels. Two IP Tunnels are established
from each site to Favona Raod Primary Device.
As discussed earlier the Primary GRE Tunnel
carries packets of multiple protocols (Data and
Voice). Where as the Secondary Tunnel is
configured to only carry Data.
The Destination of the Primary GRE Tunnel on all
the store devices is the Loopback IP of
wnzfavc38r01
Lo3 IP is 10.214.8.241
The Destination of the Secondary GRE Tunnel
on all the store devices is the Loopback IP of
wnzfavc38r01
Lo0 IP is 10.214.8.245

Implementation on Woolworths Network

contd

IP address of Loopback323 interface on the router at each store is used as the Tunnel
Source for the Primary GRE Tunnel from that store
Loopback323 IP 10.219.2.X / 24 (256 Stores)
IP address of Cellular0/0/0 interface on the router at each store is used as the Tunnel
Source for the Secondary GRE Tunnel from that store
Cellular0/0/0 IP 10.211.204.X / 24 (256 Stores)
On wnzfavc38r01 GRE Tunnels configured for every store. The Destination IP of all the
Tunnels on wnzfavc38r01 would be the source IPs on the store sites for both Primary
and Secondary
Keepalives are configured on the Tunnel Interfaces.

Configuration Example
Consider the configuration of 9128 CD Greenlane
On the Store Device
interface Tunnel91280
// Primary Tunnel
description Trigger Tunnel backup interface Tunnel91281
ip unnumbered Loopback323
keepalive 5 4
// 4 Keepalives are sent with 5 Seconds gap
tunnel source Loopback323
// Source IP of the Tunnel (10.219.2.71)
tunnel destination 10.214.8.241
// Destination IP of the Tunnel
interface Tunnel91281
// Backup Tunnel
description Backup Tunnel. Allows EIGRP and CDMA control
ip unnumbered Cellular0/0/0
keepalive 10 6
// 6 Keepalives are sent with 10 Seconds gap
tunnel source Cellular0/0/0
// Source IP of the Tunnel (10.211.204.51)
tunnel destination 10.214.8.245
// Destination IP of the Tunnel

The Primary Tunnel is Configured as Trigger Tunnel which Triggers the backup
Tunnel when the Primary interface goes down.

On wnzfavc38r01 Device
interface Tunnel91280
// Tunnel Connecting Primary Tunnel on Store Device
description Trigger Tunnel to Greenlane Countdown Store 9128
no ip address
keepalive 5 4
// 4 Keepalives are sent with 5 Seconds gap
tunnel source Loopback3
// Source IP of the Tunnel (10.214.8.241)
tunnel destination 10.219.2.71
// Destination IP of the Tunnel
interface Tunnel91281
// Tunnel Connecting Secondary Tunnel on Store Device
description CDMA Backup Tunnel to Greenlane Countdown Store 9128
ip unnumbered Loopback0
keepalive 10 6
// 6 Keepalives are sent with 10 Seconds gap
tunnel source Loopback
// Source IP of the Tunnel (10.214.8.245)
tunnel destination 10.211.204.51
// Destination IP of the Tunnel

Primary link from each site uses the OSPF routing protocol to exchange the routes.
CDMA link from each site uses EIGRP for exchanging the routes. The Secondary
Tunnel allows EIGRP and CDMA control.
4 Keepalives are sent with 5 Seconds gap before the Primary Tunnel goes down and
Secondary Tunnel is Triggered.

Thank You