GRE隧道技术

GRE隧道技术

1. 掌握GRE隧道配置
2. GRE 隧道本身并不支持数据加密。需要其他协议如IPsec等实现数据传输加密
3. GRE支持广播
   

1.配置各台路由器的IP地址，并且使用ping命令确认个路由器的直连接口的互通。
2. 在R1和R3上配置静态路由。确保Internet网络骨干可以互通信。

在R1与R3上配置静态默认数由，不仅仅是用于模拟接入路由器。同时还为了确保在创建隧道时，隧道源与隧道目标的IP地址相互可见。以便于实现隧道。

3. 确保R1能够ping通R3的路由器的公网接口IP

   R1#ping 211.64.135.34
   Type escape sequence to abort.
   Sending 5, 100-byte ICMP Echos to 211.64.135.34, timeout is 2 seconds:
   !!!!!
   Success rate is 100 percent (5/5), round-trip min/avg/max = 19/19/21 ms
   

4. 在R1或R3路由器上ping路由器R3或R1的环回口。

   R1#ping 192.168.1.1  
   Type escape sequence to abort.
   Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
   U.U.U			\\\不可达消息
   Success rate is 0 percent (0/5)
   

5. 在R1路由器上配置GRE隧道

   R1(config)#interface tunnel 0					\\启用GRE隧道
   R1(config-if)#ip add 10.1.1.1 255.255.255.0		  \\为隧道指定IP地址
   R1(config-if)#no sh 
   R1(config-if)#tunnel source serial 1/1			  \\配置隧道的本地源端口	
   R1(config-if)#tunnel destination 211.64.135.34	   \\配置隧道的目标端口 
   R1(config-if)#exit
   

6. 在R3上配置GRE隧道

   R3(config)#interface tunnel 0
   R3(config-if)#ip address 10.1.1.2 255.255.255.0
   R3(config-if)#tunnel source serial 1/0
   R3(config-if)#tunnel destination 202.102.48.65
   R3(config-if)#exit
   

7. 在R1上查看隧道接口信息

   R3#show interface tunnel 0
   Tunnel0 is up, line protocol is [up] 
     Hardware is [Tunnel]
     Internet address is 10.1.1.2/24
     MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, 
        reliability 255/255, txload 1/255, rxload 1/255
     Encapsulation [TUNNEL], loopback not set
     Keepalive not set
     Tunnel linestate evaluation up
     Tunnel source 211.64.135.34 (Serial1/0), destination 202.102.48.65
      Tunnel Subblocks:
         src-track:
            Tunnel0 source tracking subblock associated with Serial1/0
             Set of tunnels with source Serial1/0, 1 member (includes iterators), on interface <OK>
     Tunnel protocol/transport [GRE/IP]
       Key disabled, sequencing disabled
       Checksumming of packets disabled
     Tunnel TTL 255······
   

   UP :当R1和R3方配置好隧道后，在本地查看隧道接口，其状态为up

   Tunnel：基于隧道的接口

   TUNNEL：采用了GRE隧道协议进行数据的封装。即在原始的数据包基础上，再次封装勇敢GRE的报头。

   GRE/IP：隧道的协议为GRE

8. 查看R1的路由表/

   R1#show ip route
   Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
          D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
          N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
          E1 - OSPF external type 1, E2 - OSPF external type 2
          i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
          ia - IS-IS inter area, * - candidate default, U - per-user static route
          o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
          a - application route
          + - replicated route, % - next hop override
   
   Gateway of last resort is 202.102.48.66 to network 0.0.0.0
   
   S*    0.0.0.0/0 [1/0] via 202.102.48.66
         10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
   C        10.1.1.0/24 is directly connected, [Tunnel0]
   L        10.1.1.1/32 is directly connected, Tunnel0
         172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
   C        172.16.1.0/24 is directly connected, Loopback0
   L        172.16.1.1/32 is directly connected, Loopback0
   C        172.16.2.0/24 is directly connected, Loopback1
   L        172.16.2.1/32 is directly connected, Loopback1
         202.102.48.0/24 is variably subnetted, 2 subnets, 2 masks
   C        202.102.48.64/30 is directly connected, Serial1/1
   L        202.102.48.65/32 is directly connected, Serial1/
   

   Tunnel0:隧道接口的直连路由

9. 在R1上PING路由器R3的隧道接口。

   R1#ping 10.1.1.2
   Type escape sequence to abort.
   Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
   !!!!!
   Success rate is 100 percent (5/5), round-trip min/avg/max = 18/19/20 ms
   R1#
   

10. 在R1和R3分别配置目标为R1和R3的回环接口，下一跳为隧道接口的路由。

    R1(config)#ip route 192.168.0.0 255.255.0.0 10.1.1.2
    

    R3(config)#ip route 172.16.0.0 255.255.0.0 10.1.1.1
    

11. 再次在R1或者R3上使用PING命令，检测是否可以PING通对方的环回接口的私有网络地址。

    R1#ping 192.168.1.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 19/19/20 ms
    R1#ping 192.168.2.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 17/19/21 ms
    R1#
    

12. 还可以使用如下命令，查看GRE隧道的其他信息。

    R1#show interface tunnel 0 stats                  
    Tunnel0
              Switching path    Pkts In   Chars In   Pkts Out  Chars Out
                   Processor         15       1860         18       2076
                 Route cache          0          0          0          0
                       Total         15       1860         18       2076
    R1#
    

13. 实验完成