2-6 Tunnel Interfaces

• A tunnel is used to encapsulate or transport one protocol over another.

• A tunnel is a virtual point-to-point link and must be configured at two endpoints.

• The tunnel endpoints define a source and destination address for the tunnel transport. Other network addresses can be assigned to the tunnel interfaces for the transported or passenger traffic.

• Tunneling requires CPU overhead and introduces increased latency at each end when encapsulating and unencapsulating traffic.

Configuration

1. Create a tunnel interface on each endpoint router:

    (global)  interface tunnel   number  

   The tunnel interface number can be arbitrarily chosen .

2. Configure the tunnel source address:

    (interface)  tunnel source  {  ip-addr   type number  } 

   The source address used for encapsulated or tunneled packets is defined. Either a specific IP address or a physical interface can be given.

3. Configure the tunnel destination address:

    (interface)  tunnel destination  {  hostname   ip-addr  } 

   The destination address used for encapsulated or tunneled packets is defined. Either a host name or a specific IP address for the far end can be given.

   NOTE

   For a given tunnel mode, source and destination address pairs must be unique. If you need to define more than one tunnel, create a loopback interface for each tunnel, and use the loopback as the tunnel source.

4. (Optional) Set the tunnel mode:

    (interface)  tunnel mode  {  aurp   cayman   dvmrp   eon   gre ip   nos   mpls   traffic-eng  } 

   The tunnel encapsulation can be set to AppleTalk Update Routing Protocol ( aurp ), Cayman TunnelTalk AppleTalk ( cayman ), Distance-Vector Multicast Routing Protocol ( dvmrp ), EON-compatible CLNS ( eon ), Generic Routing Encapsulation over IP ( gre ip, the default), or KA9Q/NOS-compatible IP over IP ( nos ), and traffic engineering with Multiprotocol Label Switching ( mpls traffic-eng ).

   NOTE

   GRE encapsulation uses IP protocol number 47.

5. (Optional) Drop out-of-order packets:

    (interface)  tunnel sequence-datagrams  

   To support transported protocols that require packets to arrive in order, the tunnel can be configured to drop packets that are out of order.

6. (Optional) Perform end-to-end checksums:

    (interface)  tunnel checksum  

   By default, no data integrity check is performed on the tunnel. Checksums can be computed for tunnel packets. If the checksum is incorrect, the packet is dropped.

7. Assign network addresses or bridging parameters to the tunnel.

   Network addresses and other protocol parameters can be assigned to a tunnel interface. These addresses configure the tunnel for transported or passenger protocols, allowing those protocols to be routed to the tunnel interface.

Example

A tunnel interface is used to tunnel IP traffic between private address spaces in a company's internal networks over a public-service provider network. One side of the tunnel is shown in the router configuration. Internal network 10.1.0.0 connects to a Fast Ethernet interface. The serial interface connects to public service provider network 17.8.4.0. No private address space is routed over this link. However, a tunnel interface is configured for private network 10.2.0.0. The tunnel source is the serial interface, and the destination is the far-end router at 17.8.4.92. IP traffic destined for private network 10.2.0.0 is routed over the tunnel. Figure 2-3 shows a network diagram.

  interface fastethernet 2/1   description Company's internal LAN   ip address 10.1.1.1 255.255.0.0   interface serial 0   description WAN link to Service Provider (public network)   ip address 17.8.4.91 255.255.255.0   interface tunnel 1   tunnel source serial 0   tunnel destination 17.8.4.92   tunnel mode gre ip   ip address 10.2.1.1 255.255.0.0   router eigrp 101   network 10.0.0.0   network 17.8.4.0   passive-interface serial 0