Configuration Library
Configuration Library

VPN with out MPLS Network using GRE

‎03-27-2011 12:49 PM

Title: GRE From VPN

How to make vpn using GRE and virtual-router without having mpls network, but less scalable.  

Product: M7i
Version: 8.5R2.10

Network Topology:

2 router connected between them with one conncetion, I attached the drawing of the topology.

 

Description:   

-        Purpose— if you have non mpls network and you still want to have the advantage of  the vpn application without the labels, it less scalable but still you will have two routing database like vpn in mpls network.

-        Description of the configuration:

The configuration shows how to configure gre tunnel between two routers within the routing-instances type- virtual-router. So you will have two different routing databases – one global and one virtual-router.
Since I used Loopback interfaces you will need static route in the global to the Loopback. The GRE connect using source ip that isn’t in the routing-instance (the loopback are at the global) and you will succeed to ping from the routing-instance to the gre ip only between the routers and not the loopbacks (you can ping the loopback from the global only).
Within the routing-instance you can use BGP, OSPF,RIP or static route. In my example I used BGP.

 Configuration:  

Router A:

--------

 

interfaces {

    fe-0/0/0 {

        description "Wan Side_global to Router B";

        unit 0 {

            family inet {

                address 100.1.1.1/30;

            }

        }

    }

    gr-1/2/0 {

        unit 1 {

            description "GRE From VPN";

            tunnel {

                source 1.1.1.1;

                destination 1.1.1.2;

            }

            family inet {

                mtu 1448;

                address 225.1.1.1/30;

            }

        }

    fe-1/3/0 {

        vlan-tagging;

        unit 100 {

            description "Lan Side_ VPN;

            vlan-id 100;

            family inet {

                address 200.1.1.254/24;

            }

        }

    }

    lo0 {

        unit 0 {

            family inet {

                address 1.1.1.1/32;  //sourceIP to open the GRE from VPN

            }

        }

    }

}

 

routing-options {

    static {

        route 1.1.1.2/32 next-hop 100.1.1.2;

    }

    autonomous-system 10000;

}

 

 

 

routing-instances {

    GREVPN {

        instance-type virtual-router;

        interface gr-1/2/0.1;

        interface fe-1/3/0.100;

        protocols {

            bgp {                          // you can use bgp, ospf or rip

                group ibgp {

                    type internal;

                    peer-as 10000;

                    neighbor 225.1.1.2 {

                        description to-RouterB;

                    }

                }

            }

        }

    }

}

 

 

 

 

 

 

Router B:

 

 

interfaces {

   fe-0/0/0 {

        description "Wan Side_global To Router A";

        unit 0 {

            family inet {

                address 100.1.1.2/30;

            }

        }

    }

    gr-1/2/0 {

        unit 1 {

            description "GRE From VPN";

            tunnel {

                source 1.1.1.2;

                destination 1.1.1.1;

            }

            family inet {

                mtu 1448;

                address 225.1.1.2/30;

            }

        }

    fe-1/3/0 {

        vlan-tagging;

        unit 100 {

            description "Lan Side_ VPN;

            vlan-id 100;

            family inet {

                address 200.1.2.254/24;

            }

        }

    }

    lo0 {

        unit 0 {

            family inet {

                address 1.1.1.2/32;  //source IP to open the GRE from VPN

            }

        }

    }

}

 

 

routing-options {

    static {

        route 1.1.1.1/32 next-hop 100.1.1.1;

    }

    autonomous-system 10000;

}

 

 

routing-instances {

    GREVPN {

        instance-type virtual-router;

        interface gr-1/2/0.1;

        interface fe-1/3/0.100;

        protocols {

            bgp {                          // you can use bgp, ospf or rip

                group ibgp {

                    type internal;

                    peer-as 10000;

                    neighbor 225.1.1.1 {

                        description to-RouterA;

                    }

                }

            }

        }

    }

}

Attachments

1 REPLY 1
Highlighted
Configuration Library

Re: VPN with out MPLS Network using GRE

[ Edited ]
‎11-28-2012 10:00 AM

Just wanted to point out that you have duplicate IP on your drawing. Config cleared it up though.

Feedback