A tunnel is used to encapsulate or transport one protocol over another.
A tunnel is a virtual point-to-point link and must be configured at two endpoints.
The tunnel endpoints define a source and destination address for the tunnel transport. Other network addresses can be assigned to the tunnel interfaces for the transported or passenger traffic.
Tunneling requires CPU overhead and introduces increased latency at each end when encapsulating and unencapsulating traffic.
NOTE
Routing protocols for the tunnel transport should not intermingle with routing protocols for the passenger or transported traffic. Otherwise, recursive routing can result, causing the tunnel interface to shut down.
Create a tunnel interface on each endpoint router:
(global) interface tunnel number
The tunnel interface number can be arbitrarily chosen .
Configure the tunnel source address:
(interface) tunnel source { ip-addr type number }
The source address used for encapsulated or tunneled packets is defined. Either a specific IP address or a physical interface can be given.
Configure the tunnel destination address:
(interface) tunnel destination { hostname ip-addr }
The destination address used for encapsulated or tunneled packets is defined. Either a host name or a specific IP address for the far end can be given.
NOTE
For a given tunnel mode, source and destination address pairs must be unique. If you need to define more than one tunnel, create a loopback interface for each tunnel, and use the loopback as the tunnel source.
(Optional) Set the tunnel mode:
(interface) tunnel mode { aurp cayman dvmrp eon gre ip nos mpls traffic-eng }
The tunnel encapsulation can be set to AppleTalk Update Routing Protocol ( aurp ), Cayman TunnelTalk AppleTalk ( cayman ), Distance-Vector Multicast Routing Protocol ( dvmrp ), EON-compatible CLNS ( eon ), Generic Routing Encapsulation over IP ( gre ip, the default), or KA9Q/NOS-compatible IP over IP ( nos ), and traffic engineering with Multiprotocol Label Switching ( mpls traffic-eng ).
NOTE
GRE encapsulation uses IP protocol number 47.
(Optional) Drop out-of-order packets:
(interface) tunnel sequence-datagrams
To support transported protocols that require packets to arrive in order, the tunnel can be configured to drop packets that are out of order.
(Optional) Perform end-to-end checksums:
(interface) tunnel checksum
By default, no data integrity check is performed on the tunnel. Checksums can be computed for tunnel packets. If the checksum is incorrect, the packet is dropped.
Assign network addresses or bridging parameters to the tunnel.
Network addresses and other protocol parameters can be assigned to a tunnel interface. These addresses configure the tunnel for transported or passenger protocols, allowing those protocols to be routed to the tunnel interface.
A tunnel interface is used to tunnel IP traffic between private address spaces in a company's internal networks over a public-service provider network. One side of the tunnel is shown in the router configuration. Internal network 10.1.0.0 connects to a Fast Ethernet interface. The serial interface connects to public service provider network 17.8.4.0. No private address space is routed over this link. However, a tunnel interface is configured for private network 10.2.0.0. The tunnel source is the serial interface, and the destination is the far-end router at 17.8.4.92. IP traffic destined for private network 10.2.0.0 is routed over the tunnel. Figure 2-3 shows a network diagram.
interface fastethernet 2/1 description Company's internal LAN ip address 10.1.1.1 255.255.0.0 interface serial 0 description WAN link to Service Provider (public network) ip address 17.8.4.91 255.255.255.0 interface tunnel 1 tunnel source serial 0 tunnel destination 17.8.4.92 tunnel mode gre ip ip address 10.2.1.1 255.255.0.0 router eigrp 101 network 10.0.0.0 network 17.8.4.0 passive-interface serial 0