GRE(4) | Device Drivers Manual | GRE(4) |
gre
—
encapsulating network device
pseudo-device gre
The gre
network interface pseudo device
encapsulates datagrams into IP. These encapsulated datagrams are routed to a
destination host, where they are decapsulated and further routed to their
final destination. The “tunnel” appears to the inner datagrams
as one hop.
gre
interfaces are dynamically created and
destroyed with the
ifconfig(8)
create
and destroy
subcommands.
This driver currently supports the following modes of operation:
GRESSOCK
ioctl(2). If userland does
not supply a socket, then the kernel will create one using the addresses
and ports supplied by
ioctl(2)s
SIOCSLIFPHYADDR
,
GRESADDRD
, and/or
GRESADDRS
.The greX interfaces support a number of ioctl(2)s, such as:
to ifconfig(8).
Note that the IP addresses of the tunnel endpoints may be the same as the ones defined with ifconfig(8) for the interface (as if IP is encapsulated), but need not be, as e.g. when encapsulating AppleTalk.
Configuration example:
Host X-- Router A --------------tunnel---------- Router D ----Host E | | \ / +----- Router B ----- Router C --------+
On Router A (NetBSD):
# route add default B # ifconfig greN create # ifconfig greN A D netmask 0xffffffff linkX up # ifconfig greN tunnel A D # route add E D
On Router D (Cisco):
Interface TunnelX ip unnumbered D ! e.g. address from Ethernet interface tunnel source D ! e.g. address from Ethernet interface tunnel destination A ip route C <some interface and mask> ip route A mask C ip route X mask tunnelX
or on Router D (NetBSD):
# route add default C # ifconfig greN create # ifconfig greN D A # ifconfig tunnel greN D A
If all goes well, you should see packets flowing ;-)
If you want to reach Router A over the tunnel (from Router D (Cisco)), then you have to have an alias on Router A for e.g. the Ethernet interface like:
ifconfig <etherif> alias Y
and on the Cisco
ip route Y mask tunnelX
A similar setup can be used to create a link between two private networks (for example in the 192.168 subnet) over the Internet:
192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* \ / \ / +----- the Internet ------+
Assuming Router A has the (external) IP address A and the internal address 192.168.1.1, while Router B has external address B and internal address 192.168.2.1, the following commands will configure the tunnel:
On Router A:
# ifconfig greN create # ifconfig greN 192.168.1.1 192.168.2.1 # ifconfig greN tunnel A B # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1
On Router B:
# ifconfig greN create # ifconfig greN 192.168.2.1 192.168.1.1 # ifconfig greN tunnel B A # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1
To setup the same tunnel as above, but using GRE in UDP encapsulation instead of GRE encapsulation, set flags link0 and link2, and specify source and destination UDP ports.
On Router A:
# ifconfig greN create # ifconfig greN link0 link2 # ifconfig greN 192.168.1.1 192.168.2.1 # ifconfig greN tunnel A,port-A B,port-B # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1
On Router B:
# ifconfig greN create # ifconfig greN link0 link2 # ifconfig greN 192.168.2.1 192.168.1.1 # ifconfig greN tunnel B,port-B A,port-A # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1
Along these lines, you can use GRE tunnels to interconnect two IPv6 networks over an IPv4 infrastructure, or to hook up to the IPv6 internet via an IPv4 tunnel to a Cisco router.
2001:db8:1::/64 -- NetBSD A ---- Tunnel ---- Cisco B --- IPv6 Internet \ / \ / +------ the Internet ------+
The example will use the following addressing:
Then the following commands will configure the tunnel:
On Router A (NetBSD):
# ifconfig greN create # ifconfig greN inet6 2001:db8:ffff::1/64 # ifconfig greN tunnel A B # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN
On Router B (Cisco):
Interface TunnelX tunnel mode gre ip ipv6 address 2001:db8:ffff::2/64 ! transfer network tunnel source B ! e.g. address from LAN interface tunnel destination A ! where the tunnel is connected to ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel
The MTU of greX interfaces is set to 1476 by default to match the value used by Cisco routers. This may not be an optimal value, depending on the link between the two tunnel endpoints. It can be adjusted via ifconfig(8).
There needs to be a route to the decapsulating host that does not run over the tunnel, as this would be a loop. (This is not relevant for IPv6-over-IPv4 tunnels, of course.)
In order to tell ifconfig(8) to actually mark the interface as up, the keyword “up” must be given last on its command line.
The kernel must be set to forward datagrams by either option GATEWAY in the kernel config file or by issuing the appropriate option to sysctl(8).
atalk(4), gif(4), inet(4), ip(4), netintro(4), options(4), protocols(5), ifconfig(8), sysctl(8)
A description of GRE encapsulation can be found in RFC 1701 and RFC 1702.
A description of MOBILE encapsulation can be found in RFC 2004.
Heiko W.Rupp
<hwr@pilhuhn.de>
David Young
<dyoung@NetBSD.org>
(GRE in UDP encapsulation, bug fixes)
The GRE RFCs are not yet fully implemented (no GRE options).
The MOBILE encapsulation appears to have been broken since it was
first added to NetBSD, until August 2006. It is
known to interoperate with another gre
in MOBILE
mode, however, it has not been tested for interoperability with any other
implementation of RFC 2004.
The NetBSD base system does not (yet) contain a daemon for automatically establishing a UDP tunnel between a host behind a NAT router and a host on the Internet.
January 4, 2009 | NetBSD 10.99 |