Protocols And Standards; Configuring A Gre/Ipv4 Tunnel; Configuration Guidelines - HPE FlexNetwork 10500 Series Configuration Manual
Layer 3-ip services
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Security configuration manual (702 pages) ,
- Network management and monitoring command reference (423 pages)
Table of Contents
Advertisement
•
Allows IPsec to protect not only unicast packets. GRE supports encapsulating multicast,
broadcast, and non-IP packets. After GRE encapsulation, these packets become common
unicast packets, which can be protected by IPsec.
•
Simplifies IPsec configuration. Packets are first encapsulated by GRE. You can define the
packets to be protected by IPsec according to the GRE tunnel's source and destination
addresses, without considering the source and destination addresses of the original packets.
GRE and IPsec can also form IPsec over GRE tunnels. As a best practice, use GRE over IPsec
tunnels instead of IPsec over GRE tunnels.
For more information about IPsec, see Security Configuration Guide.
Protocols and standards
•
RFC 1701, Generic Routing Encapsulation (GRE)
•
RFC 1702, Generic Routing Encapsulation over IPv4 networks
•
RFC 2784, Generic Routing Encapsulation (GRE)
•
RFC 2890, Key and Sequence Number Extensions to GRE
Configuring a GRE/IPv4 tunnel
Perform this task to configure a GRE tunnel on an IPv4 network.
Configuration guidelines
Follow these guidelines when you configure a GRE/IPv4 tunnel:
•
You must configure the tunnel source address and destination address at both ends of a tunnel.
The tunnel source or destination address at one end must be the tunnel destination or source
address at the other end.
•
As a best practice, do not configure the same tunnel source and destination addresses for local
tunnel interfaces that use the same tunnel mode.
•
To ensure correct packet forwarding, identify whether the destination network of packets and
the IP address of the local tunnel interface are on the same subnet. If they are not, configure a
route reaching the destination network through the tunnel interface. You can configure the route
by using one of the following methods:
Configure a static route, using the local tunnel interface as the outgoing interface of the
route.
Enable a dynamic routing protocol on both the tunnel interface and the interface connecting
the private network. This allows the dynamic routing protocol to establish a routing entry
with the tunnel interface as the outgoing interface.
•
The IP address of the tunnel interface and the tunnel destination address configured on the
tunnel interface must be in different subnets.
•
You must create a service loopback group, specify its service type as tunnel, and add an
unused Layer 2 Ethernet interface to the service Loopback group. For more information about
service loopback groups, see Layer 2—LAN Switching Configuration Guide.
For information about tunnel interfaces, and the interface tunnel, source, destination, tunnel
dfbit enable, and tunnel discard ipv4-compatible-packet commands, see
tunneling."
273
"Configuring
Advertisement
Table of Contents
Troubleshooting
