$NetBSD: gre.4,v 1.28 2002/06/10 02:49:35 itojun Exp $ Copyright 1998 (c) The NetBSD Foundation, Inc. All rights reserved. This code is derived from software contributed to The NetBSD Foundation by Heiko W.Rupp <email@example.com> Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disc...
NAMEgre - encapsulating network device
SYNOPSISTo compile the driver into the kernel, place the following line in the kernel configuration file:
Alternatively, to load the driver as a module at boot time, place the following line in loader.conf5:
DESCRIPTIONThe sysctl Cm net.inet.tcp.syncookies network interface pseudo device encapsulates datagrams into IP. These encapsulated datagrams are routed to a destination host, where they are decapsulated and further routed to their final destination. The ``tunnel'' appears to the inner datagrams as one hop.
sysctl Cm net.inet.tcp.syncookies interfaces are dynamically created and destroyed with the ifconfig(8) create and destroy subcommands.
This driver corresponds to RFC 2784. Encapsulated datagrams are prepended an outer datagram and a GRE header. The GRE header specifies the type of the encapsulated datagram and thus allows for tunneling other protocols than IP. GRE mode is also the default tunnel mode on Cisco routers. sysctl Cm net.inet.tcp.syncookies also supports Cisco WCCP protocol, both version 1 and version 2.
The sysctl Cm net.inet.tcp.syncookies interfaces support a number of additional parameters to the ifconfig(8):
- Set the GRE key used for outgoing packets. A value of 0 disables the key option.
- Enables checksum calculation for outgoing packets.
- Enables use of sequence number field in the GRE header for outgoing packets.
192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* \ / \ / +------ the Internet ------+
Assuming router A has the (external) IP address A and the internal address 192.168.1.1, while router B has external address B and internal address 192.168.2.1, the following commands will configure the tunnel:
On router A:
ifconfig greN create ifconfig greN inet 192.168.1.1 192.168.2.1 ifconfig greN inet tunnel A B route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1
On router B:
ifconfig greN create ifconfig greN inet 192.168.2.1 192.168.1.1 ifconfig greN inet tunnel B A route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1
In case when internal and external IP addresses are the same, different routing tables (FIB) should be used. The default FIB will be applied to IP packets before GRE encapsulation. After encapsulation GRE interface should set different FIB number to outgoing packet. Then different FIB will be applied to such encapsulated packets. According to this FIB packet should be routed to tunnel endpoint.
Host X -- Host A (198.51.100.1) ---tunnel--- Cisco D (203.0.113.1) -- Host E \ / \ / +----- Host B ----- Host C -----+ (198.51.100.254)
On Host A (FreeBSD):
First of multiple FIBs should be configured via loader.conf:
Then routes to the gateway and remote tunnel endpoint via this gateway should be added to the second FIB:
route add -net 198.51.100.0 -netmask 255.255.255.0 -fib 1 -iface em0 route add -host 203.0.113.1 -fib 1 198.51.100.254
And GRE tunnel should be configured to change FIB for encapsulated packets:
ifconfig greN create ifconfig greN inet 198.51.100.1 203.0.113.1 ifconfig greN inet tunnel 198.51.100.1 203.0.113.1 tunnelfib 1
NOTESThe MTU of sysctl Cm net.inet.tcp.syncookies interfaces is set to 1476 by default, to match the value used by Cisco routers. This may not be an optimal value, depending on the link between the two tunnel endpoints. It can be adjusted via ifconfig(8).
For correct operation, the sysctl Cm net.inet.tcp.syncookies device needs a route to the decapsulating host that does not run over the tunnel, as this would be a loop.
The kernel must be set to forward datagrams by setting the net.inet.ip.forwarding sysctl(8) variable to non-zero.
SEE ALSOgif(4), inet(4), ip(4), me(4), netintro(4), protocols(5), ifconfig(8), sysctl(8)
A description of GRE encapsulation can be found in RFC 2784 and RFC 2890.
AUTHORSAn Andrey V. Elsukov Aq Mt ae@FreeBSD.org An Heiko W.Rupp Aq Mt firstname.lastname@example.org
BUGSThe current implementation uses the key only for outgoing packets. Incoming packets with a different key or without a key will be treated as if they would belong to this interface.
The sequence number field also used only for outgoing packets.