Do the IP addresses of the Tunnel need to be in the same subnet in order to connect?
Hello Mark
By definition, a GRE tunnel will connect two tunnel interfaces on two different routers across a network such as the internet, as if they are directly connected. So by definition, these interfaces must be on the same subnet. In other words, youâre tricking the routers into thinking theyâre directly connected. Two directly connected routers must have their interfaces on the same subnet. Does that make sense?
I hope this has been helpful!
Laz
Immensely helpful; thank you! I was certain that is the case but I was getting some real push back by another engineer that I work with and just wanted to sanity check myself. Thanks again.
1 Like
Hi Rene, thank you for this good work. Iâm confused about this. i did some research before studying this section of GRE Tunnel Recursive Route and Iâve learned that to overcome this problem, we MUST NOT advertise the internet facing interfaces on any routing protocols. or if there are physical interfaces configured with ip addresses, they shouldnât be advertised on any routing protocol⊠please correct me if Iâm wrong. thank you.
Hello Chris
Youâre on the right track. In the context of GRE Tunnel Recursive Route, the issue arises when the IP address of the interface terminating the tunnel is reachable via the tunnel itself. Often, it is the Internet-facing interface that terminates the tunnel, and under such circumstances, that IP address shouldnât be advertised via the tunnel itself. So the best practice you are suggesting is specific to the particular implementation.
In the lesson, Rene used the loopback interfaces as the tunnel-terminating interfaces. So in this case, it is the loopback addresses that should not be advertised via the tunnel.
The more generalized rule to follow is what Rene mentioned in the lesson:
Donât advertise the tunnel destination IP address on the tunnel interface. Either donât advertise it at all, or use route filtering.
The rule that states "donât advertise Internet-facing IP addresses in a routing protocol is not necessarily a hard and fast rule that you must never violate. In some cases, it might be necessary, depending on the specific network design and requirements. The key is to ensure that youâre not creating a recursive routing loop.
Rene gives three solutions to the recursive routing problem, the first of which is the most often implemented because of the reasons you state. The other options are doable as well, but may not be appropriate for use with your ISP. The purpose of the lesson was to show all possible permutations of the problem and its solutions. However, there are other considerations in real-world scenarios that may limit your options. Does that make sense?
I hope this has been helpful!
Laz