Routing
Routing

Required routes for a GRE tunnel

‎06-28-2019 03:51 AM

See the graphic from an old JNCIS-ENT Routing study guide:

gre.JPG

Can somebody explain me how the routing tables of the intermediate routers should look like to route to the 192.168.x.x (private) addres? How can you route over the internet to private IP addresses?

 

With regards,


Certified:
JNCIS-ENT
JNCIS-SEC
JNCIA-Junos
4 REPLIES 4
Routing
Solution
Accepted by topic author Jean de la Cour
‎06-28-2019 05:12 AM

Re: Required routes for a GRE tunnel

‎06-28-2019 04:12 AM

of course in real life the tunnel endpoints for a tunnel going over the Internet must have global and global reachable internet-addresses.

Otherwise intermediate routers in teh Internet cannot forward the tunneled packets.

Unfortunately the example uses private addresses

 

regards

 

Alexander

Routing

Re: Required routes for a GRE tunnel

‎06-28-2019 04:18 AM

IP addresses used in this case study are all in Private ranges (LAN,WAN, lo0). It is used for demo purpose only and I believe they cannot use Public range as that ip range may be registered by someone in the internet (legal issue).

As you thought, if you want to build a gre tunnel over internet the tunnel end point IP address should be Public range so that it can be routed by the intermediate devices.

 

 

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Routing

Re: Required routes for a GRE tunnel

‎06-28-2019 04:32 AM

Hello Jean,

 

Below static route is created towards the ISP router from R1 in your picture, same static created from the R2 ruoter as well.

set routing-options static route 192.168.2.1/32 next-hop 172.18.1.1

 

But you need to have a public ip to transport you GRE packet in a real time scenario.

 

Below is a operation happens during the GRE tunneling.

 

Encapsulation—A router operating as a tunnel source router encapsulates and forwards GRE packets as follows:

  1. When a router receives a data packet (payload) to be tunneled, it sends the packet to the tunnel interface.
  2. The tunnel interface encapsulates the data in a GRE packet and adds an outer IP header.
  3. The IP packet is forwarded on the basis of the destination address in the outer IP header.

De-encapsulation—A router operating as a tunnel remote router handles GRE packets as follows:

  1. When the destination router receives the IP packet from the tunnel interface, the outer IP header and GRE header are removed.
  2. The packet is routed based on the inner IP header.

 

Regards,
Akash


'Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!'

 

Routing

Re: Required routes for a GRE tunnel

[ Edited ]
‎06-28-2019 05:10 AM

Thank you gentlemen,

 

I really thought I was missing something. Indeed Nellikka, it could have something to do with privacy (somebody owns such an public ip-address).

 

Nevertheless, careless of Juniper not to mention that the ip-address should be public. Especially because, in het cloud, the word "Internet" is stated. Because tunneling can be used for traffic with non routable ip addresses I thought I was misunderstanding something, but now it's clear. Smiley Happy

 

With regards,

 


Certified:
JNCIS-ENT
JNCIS-SEC
JNCIA-Junos