GRE tunnel ×××

 

 

GRE隧道传递数据包的过程分为3步：

1．接收原始IP数据包看成乘客协议，原始IP数据包包头的IP地址为私有IP地址。 

2．将原始IP数据包封装进GRE协议，GRE协议称为封装协议（Encapsulation Protocol），封装的包头IP地址为虚拟直连链路两端的IP地址。

3．将整个GRE数据包看成数据，在外层封装公网IP包头，也就是隧道的起源和终点，从而路由到隧道终点。

实验配置

R1
en
conf t
line con 0
no exec-t
exit
host R1
int f0/0
no sh
ip add 192.168.1.1 255.255.255.0
end
====================R2============================
en
conf t
line con 0
no exec-t
exit
host R2
int f0/0
no sh
ip add 192.168.1.2 255.255.255.0
int f0/1
no sh
ip add 23.23.23.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 23.23.23.3
interface Tunnel2
no sh
ip address 1.1.1.2 255.255.255.0
tunnel source 23.23.23.2
tunnel destination 34.34.34.4
exit

ip route 192.168.2.0 255.255.255.0 tunnel2

建立GRE隧道的路由器双方将去往对方私有网段的数据包引入GRE隧道中传输

NAT配置
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list 100 interface FastEthernet0/0 overload
interface FastEthernet0/0
ip nat outside
interface FastEthernet1/0
ip nat inside
=====================Internet==========================
en
conf t
line con 0
no exec-t
exit
host Internet
int f0/0
no sh
ip add 23.23.23.3 255.255.255.0
int f0/1
no sh
ip add 34.34.34.3 255.255.255.0

======================R4================================
en
conf t
line con 0
no exec-t
exit
host R4
int f0/0
no sh
ip add 34.34.34.4 255.255.255.0
int f0/1
no sh
ip add 192.168.2.4 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 34.34.34.3
interface Tunnel4
no sh
ip address 1.1.1.4 255.255.255.0
tunnel source 34.34.34.4
tunnel destination 23.23.23.2
exit
ip route 192.168.1.0 255.255.255.0 Tunnel4

建立GRE隧道的路由器双方将去往对方私有网段的数据包引入GRE隧道中传输

NAT配置
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
ip nat inside source list 100 interface FastEthernet0/0 overload
interface FastEthernet0/0
ip nat outside
interface FastEthernet1/0
ip nat inside
=========================R5==============================
en
conf t
line con 0
no exec-t
exit
host R5
int f0/0
no sh
ip add 192.168.2.5 255.255.255.0

实验调试

查看R2当前的隧道接口状态：

R2#sh ip int tunnel 2
Tunnel2 is up, line protocol is up
  Internet address is 1.1.1.2/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1476 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled

查看R4隧道状态

R4#sh ip int tunnel 4
Tunnel4 is up, line protocol is up
  Internet address is 1.1.1.4/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1476 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
 --More--

测试连通性

R1#ping 192.168.2.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 172/202/220 ms

R5#ping 192.168.1.1

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 132/212/368 ms