Sunday, February 12, 2017

destiny : port 0

Create a point-to-multipoint GRE tunnel

ip tunnel add ${interface name} mode gre local ${local endpoint address} key ${key value}
Examples:
ip tunnel add tun8 mode gre local 192.0.2.1 key 1234
ip link set dev tun8 up
ip address add 10.0.0.1/27 dev tun8
Note the absence of ${remote endpoint address}. This is the same to what is called "mode gre multipoint" in Cisco IOS.
In the absence of remote endpoint address the key is the only way to identify the tunnel traffic, so ${key value} is required.
This type of tunnels allows you to communicate with multiple endpoints by using the same tunnel interface. It's commonly used in complex VPN setups with multiple endpoints communicating to one another (in Cisco terminology, "dynamic multipoint VPN").
As there is no explicit remote endpoint address, obviously it is not enough to just create a tunnel. Your system needs to know where the other endpoints are.
In real life NHRP (Next Hop Resolution Protocol) is used for it. For testing you can add peers manually (given remote endpoint uses 203.0.113.6 address on its physical interface and 10.0.0.2 on the tunnel):
ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8
You will have to do it on the remote endpoint too, like:
ip neighbor add 10.0.0.1 lladdr 192.0.2.1 dev tun8
Note that link-layer address and neighbor address are both IP addresses, so they are on the same OSI layer. This one of the cases where link-layer address concept gets interesting.

No comments: