Routing
Routing

Dymanic GRE Tunnel VPN

‎06-01-2011 07:17 AM

Hi Experts

Can you pls give me an example of when to use Dynamic-Tunnel ( GRE ) as per the documentations they said it use to dynamically create GRE tunnel to the PE that can be resolved via BGP but no MPLS path to it

 

And please give me a configurations example  for both end of the tunnel  Smiley Happy

Thanks a lot

Rashed Alwarrag

BR ,,,
4 REPLIES 4
Routing
Solution
Accepted by topic author ralwarrag
‎08-26-2015 01:27 AM

Re: Dymanic GRE Tunnel VPN

[ Edited ]
‎06-03-2011 02:47 AM

Hi Rashed,

 

Dynamic GRE tunnel VPN are useful where you don't have MPLS labeled-path between the PEs.

 

As per RFC2547, packet coming from CE are forwarded by PE by pushing two labels(Upper and Bottom). Intermediate P routers will forward these packets based on the bottom label and eventually when packet arrives on the other side PE, packets would be forwarded based on the Upper Label.

 

However, in case of non-MPLS routers being deployed in network, then VPNs may not work.

Hence in this case where, there are non-MPLS "P" routers, VPNs can still be deployed with dynamic GRE.

 

When a PE router receives a VPN route from other side PE, it looks for BGP nexthop entry in "inet.3" table as part of route resolution. If this lookup fails, then the routes are hidden. By configuring dynamic GRE, the PEER address would be installed in "inet.3" table which makes these routes as active.

 

 

Example:

 

Toplogy:

=======

 

CE1------PE1------P------PE2------CE2

 

 


[edit]
suryak@PE1# show protocols bgp
group int {
    type internal;
    local-address 1.1.1.1;
    neighbor 3.3.3.3 {
        family inet-vpn {
            unicast;
        }
    }
}

[edit]
suryak@PE1# show routing-instances
VPNA {
    instance-type vrf;
    interface ge-3/0/0.0;
    route-distinguisher 65000:1;
    vrf-target target:100:100;
    protocols {
        bgp {
            group CE1 {
                neighbor 172.168.1.1 {
                    peer-as 100;
                }
            }
        }
    }
}

[edit]
suryak@PE1# show routing-options              
router-id 1.1.1.1;
autonomous-system 65000;
dynamic-tunnels {
    hun-box {
        source-address 1.1.1.1;
        gre;
        destination-networks {
            3.3.3.3/32;
        }
    }
}

[edit]
suryak@PE1# run show route 3.3.3.3

inet.0: 42 destinations, 42 routes (41 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

3.3.3.3/32         *[OSPF/10] 00:28:20, metric 2
                    > to 10.8.1.2 via ge-3/2/0.0

inet.3: 1 destinations, 2 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

3.3.3.3/32         *[Tunnel/300] 00:21:03
                    > via gr-5/2/0.32769
                    [Tunnel/300] 00:23:06
                      Tunnel

[edit]
suryak@PE1# run show bgp summary                                               
Groups: 2 Peers: 2 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l3vpn.0            2          2          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
3.3.3.3               65000         65         62       0       0       26:13 Establ
  bgp.l3vpn.0: 2/2/2/0
  VPNA.inet.0: 2/2/2/0
172.168.1.1             100         64         65       0       0       27:23 Establ
  VPNA.inet.0: 1/1/1/0

[edit]
suryak@PE1# run show route receive-protocol bgp 3.3.3.3 extensive              

inet.0: 42 destinations, 42 routes (41 active, 0 holddown, 1 hidden)

inet.3: 1 destinations, 2 routes (1 active, 0 holddown, 0 hidden)

VPNA.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
* 120.120.0.0/24 (1 entry, 1 announced)
     Import Accepted
     Route Distinguisher: 65000:3
     VPN Label: 299824
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: 200 I
     Communities: target:100:100

* 172.169.0.0/30 (1 entry, 1 announced)
     Import Accepted
     Route Distinguisher: 65000:3
     VPN Label: 299824
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: I
     Communities: target:100:100

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

* 65000:3:120.120.0.0/24 (1 entry, 0 announced)
     Import Accepted
     Route Distinguisher: 65000:3
     VPN Label: 299824
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: 200 I
     Communities: target:100:100

* 65000:3:172.169.0.0/30 (1 entry, 0 announced)
     Import Accepted
     Route Distinguisher: 65000:3
     VPN Label: 299824
     Nexthop: 3.3.3.3
     Localpref: 100
     AS path: I
     Communities: target:100:100

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

[edit]
suryak@PE1# run show route forwarding-table destination 120.120.0.0 vpn VPNA   
Routing table: VPNA.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
120.120.0.0/24     user     0                    indr 2097150     3
                                                Push 299824   621     2 gr-5/2/0.32769

 

 

 

Regards

Surya Prakash

If you think I answered you query, please accept the solution

In case your liked it, Kudos would be appreciated.

Routing

Re: Dymanic GRE Tunnel VPN

‎06-03-2011 07:01 AM

Thanks a lot  Surya for your usual help and support Smiley Happy

 

BR ,,,
Routing

Re: Dymanic GRE Tunnel VPN

‎06-03-2011 07:17 AM

A questions this tunnel it have to be configured in both site PE1 and PE 2 right ??

 

BR ,,,
Routing

Re: Dymanic GRE Tunnel VPN

[ Edited ]
‎06-03-2011 07:28 AM

Hi Rashed,

 

Yes, you need to configure GRE tunnels on both of the PEs.

 

PE1:

====


[edit]
suryak@PE1# show routing-options              
router-id 1.1.1.1;
autonomous-system 65000;
dynamic-tunnels {
    hun-box {
        source-address 1.1.1.1;
        gre;
        destination-networks {
            3.3.3.3/32;
        }
    }
}

 

PE2:

====

[edit]
suryak@PE2# show routing-options
router-id 3.3.3.3;
autonomous-system 65000;
dynamic-tunnels {
    box-hun {
        source-address 3.3.3.3;
        gre;
        destination-networks {
            1.1.1.1/32;
        }
    }
}

 

Glad to know it helped you Smiley Happy

 

Regards

Surya Prakash

If you think I answered your query, please accept it as the solution

In case your liked it, Kudos would be appreciated.