09-17-2018 08:48 PM
Hello,
Could someone please help me understand why do we really need 2 interfaces at both ends of a GRE tunnel?
Once we create a virtual tunnel interface, why is that interface not used as a source interface? Why we need to use another interface as source interface?
learner
09-18-2018 12:07 AM
By design, GRE tunnels are completely stateless. Each tunnel endpoint does not keep any information about the state of the remote tunnel endpoint. By default, the local tunnel endpoint router does not have the ability to bring the line protocol of the GRE Tunnel interface down if the remote end of the tunnel is unreachable.
09-18-2018 12:49 AM
Hello
@omz wrote:
By design, GRE tunnels are completely stateless. Each tunnel endpoint does not keep any information about the state of the remote tunnel endpoint. By default, the local tunnel endpoint router does not have the ability to bring the line protocol of the GRE Tunnel interface down if the remote end of the tunnel is unreachable.
However this can be easily negated by enabling keepalive on each tunnel so if either was to go down the opposite would also transition into a down state.
09-18-2018 04:12 AM
09-18-2018 05:27 AM
Hello
The physical interface of the tunnel will be the endpoint (specified tunnel source) However note that if this interface goes down it will ONLY shutdown the tunnel interface its related to locally not the far side of the tunnel interface unless keepalive is enabled on both tunnels then as I said if one tunnel interface goes down then its opposite will also.
09-18-2018 05:47 AM - edited 09-18-2018 05:49 AM
Hi
The tunnels are used to encapsulate traffic passing from a point A to B and passing through networks where you could not have access or restricted like Internet, so basically the source and destination addresses are associated to broadcast or physical interfaces. A golden key is that the source and destination must have communication (making ping) before to create the tunnel. Now the Tunnel ip address (not meaning to source and destination address) can be an own IP (new network) or you can use a loopback for example through the command:
interface tunnel 0
ip unnumbered loopback 0
tunnel source 190.5.47.8
tunne destination 200.47.47.93
<...others configs...>
Hope it is useful
:-)
09-18-2018 06:56 AM
09-18-2018 06:59 AM - edited 09-18-2018 07:04 AM
Hi,
You are welcome, the Tunnel IP and source IP cannot be the same because it can generate layer 3 loops or recursive troubles when you are using routing protocols to route traffic from the point A to B.
:-)
09-18-2018 07:39 AM
09-18-2018 06:25 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide