How to configure GRE Tunnel on Cisco IOS Router

Lessons Discussion
44

Hi Adrian,

Once the GRE tunnel is up, it acts like a regular interface. With normal interfaces we also don’t see the next hop IP address within the IP packet.

Here’s the logic of the router:

  1. When HQ sends a packet with destination 172.16.3.3 it has to check its routing table for a match:
HQ#show ip route eigrp 

      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
D        172.16.3.0/24 [90/27008000] via 192.168.13.3, 00:00:07, Tunnel1
  1. Above you can see that the next hop is the remote IP address of the tunnel. Now it has to do another lookup to figure out how to get there:
HQ#show ip route 192.168.13.3
Routing entry for 192.168.13.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via eigrp 13
  Routing Descriptor Blocks:
  * directly connected, via Tunnel1
      Route metric is 0, traffic share count is 1
  1. To the router, the tunnel interface is “directly connected”. With regular interfaces (FastEthernet / Gigabit etc) this means we can do an ARP for the IP address and reach it directly. However this time, the router knows we are using a GRE interface so it will encapsulate the IP packet…its puts a GRE header in front of it and a new IP header with the source/destination IP addresses that we used to build the tunnel:
HQ#show interfaces tunnel 1 | include source
  Tunnel source 192.168.12.1, destination 192.168.23.3
  1. Now the router will have to figure out how to get to 192.168.23.3, the tunnel destination so it does another lookup:
HQ#show ip route 192.168.23.3
Routing entry for 192.168.23.3/32
  Known via "static", distance 1, metric 0
  Routing Descriptor Blocks:
  * 192.168.12.2
      Route metric is 0, traffic share count is 1
  1. It sees there is a static route for 192.168.23.3/3 with 192.168.12.2 as the next hop. Time to figure out how to get there:
HQ#show ip route 192.168.12.2
Routing entry for 192.168.12.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via GigabitEthernet0/1
      Route metric is 0, traffic share count is 1

This IP address can be reached directly since we have an interface that is directly connected to 192.168.12.0/24. Time to figure out the L2 address:

HQ#show ip arp 192.168.12.2
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.12.2           10   fa16.3e73.b9df  ARPA   GigabitEthernet0/1

Now we have the L2 address and the Ethernet frame will be on its way…

Hope this helps!

Rene

3 Likes