Cisco router 和 LinuxGRE连接

Cisco router 和 LinuxGRE连接

本文说明cisco router和Linux 系统做GRE连接。Cisco 为1721。Linux为Centos.

拓扑如下：

Liunx 系统

1、检查是否加载ip_gre模块
lsmod|grep ip_gre

如没有，请加载ip_gre

insmod/lib/modules/2.6.18-194.3.1.el5/kernel/net/ipv4/ip_gre.ko

2．新增tunnel, 命名为tunnel0

[root@localhost ~]# ip tunnel add tunnel0 mode gre remote192.168.1.1 local 172.16.1.254 ttl 255

3．激活新增tunnel0,

[root@localhost ~]# ip link set tunnel0 up mtu 1500

4．添加tunnel0 IP.

[root@localhost ~]# ip addr add 10.100.2.2/30 peer 10.100.2.1/30dev tunnel0

5．添加从tunnel0 走的路由

[root@localhost ~]# ip route add 10.10.34.0/24 dev tunnel0

6．验证

[root@localhost ~]# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet127.0.0.1/8 scope host lo

    inet10.0.0.254/32 scope global lo

    inet6::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc pfifo_fast qlen 1000

   link/ether 00:d0:b7:2e:8f:21 brd ff:ff:ff:ff:ff:ff

    inet192.168.0.1/24 brd 192.168.0.255 scope global eth1

    inet6fe80::2d0:b7ff:fe2e:8f21/64 scope link

      valid_lft forever preferred_lft forever

3: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc pfifo_fast qlen 1000

   link/ether 00:17:31:09:6e:ec brd ff:ff:ff:ff:ff:ff

    inet172.16.1.254/24 brd 172.16.1.255 scope global eth0

    inet6fe80::217:31ff:fe09:6eec/64 scope link

      valid_lft forever preferred_lft forever

4: sit0: <NOARP> mtu 1480 qdiscnoop

    link/sit0.0.0.0 brd 0.0.0.0

5: virbr0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc noqueue

   link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

    inet192.168.122.1/24 brd 192.168.122.255 scope global virbr0

    inet6fe80::200:ff:fe00:0/64 scope link

      valid_lft forever preferred_lft forever

6: tunl0: <NOARP> mtu 1480 qdiscnoop

    link/ipip0.0.0.0 brd 0.0.0.0

7: gre0: <NOARP> mtu 1476 qdiscnoop

    link/gre0.0.0.0 brd 0.0.0.0

8: tunnel0@NONE:<POINTOPOINT,NOARP,UP,LOWER_UP> mtu1500 qdisc noqueue

    link/gre172.16.1.254 peer 192.168.1.1

inet 10.100.2.2 peer 10.100.2.1/30 scope global tunnel0

[root@localhost ~]# ip link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc pfifo_fast qlen 1000

   link/ether 00:d0:b7:2e:8f:21 brd ff:ff:ff:ff:ff:ff

3: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc pfifo_fast qlen 1000

   link/ether 00:17:31:09:6e:ec brd ff:ff:ff:ff:ff:ff

4: sit0: <NOARP> mtu 1480 qdiscnoop

    link/sit0.0.0.0 brd 0.0.0.0

5: virbr0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc noqueue

   link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

6: tunl0: <NOARP> mtu 1480 qdiscnoop

    link/ipip0.0.0.0 brd 0.0.0.0

7: gre0: <NOARP> mtu 1476 qdiscnoop

    link/gre0.0.0.0 brd 0.0.0.0

8: tunnel0@NONE:<POINTOPOINT,NOARP,UP,LOWER_UP> mtu1500 qdisc noqueue

    link/gre172.16.1.254 peer 192.168.1.1

[root@localhost ~]# ip link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc pfifo_fast qlen 1000

   link/ether 00:d0:b7:2e:8f:21 brd ff:ff:ff:ff:ff:ff

3: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc pfifo_fast qlen 1000

   link/ether 00:17:31:09:6e:ec brd ff:ff:ff:ff:ff:ff

4: sit0: <NOARP> mtu 1480 qdiscnoop

    link/sit0.0.0.0 brd 0.0.0.0

5: virbr0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc noqueue

   link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

6: tunl0: <NOARP> mtu 1480 qdiscnoop

    link/ipip0.0.0.0 brd 0.0.0.0

7: gre0: <NOARP> mtu 1476 qdiscnoop

    link/gre0.0.0.0 brd 0.0.0.0

8: tunnel0@NONE:<POINTOPOINT,NOARP,UP,LOWER_UP> mtu1500 qdisc noqueue

    link/gre172.16.1.254 peer 192.168.1.1

[root@localhost ~]# ip tunnel show

sit0: ipv6/ip  remote any local any  ttl 64  nopmtudisc

tunl0: ip/ip  remote any local any  ttl inherit nopmtudisc

gre0: gre/ip  remote any local any  ttl inherit nopmtudisc

tunnel0: gre/ip  remote192.168.1.1  local 172.16.1.254 ttl 255

[root@localhost ~]# ip route show

10.10.34.0/24 dev tunnel0  scope link

192.168.0.0/24 dev eth1  protokernel  scope link  src192.168.0.1

172.16.1.0/24 dev eth0  protokernel  scope link  src172.16.1.254

192.168.122.0/24 dev virbr0  protokernel  scope link  src192.168.122.1

[root@localhost ~]# ping 10.10.34.1

PING 10.10.34.1 (10.10.34.1) 56(84) bytes of data.

64 bytes from 10.10.34.1: icmp_seq=1 ttl=255 time=6.31 ms

64 bytes from 10.10.34.1: icmp_seq=2 ttl=255 time=2.47 ms

64 bytes from 10.10.34.1: icmp_seq=3 ttl=255 time=12.4 ms

64 bytes from 10.10.34.1: icmp_seq=4 ttl=255 time=11.6 ms

64 bytes from 10.10.34.1: icmp_seq=5 ttl=255 time=12.5 ms

--- 10.10.34.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time4002ms

rtt min/avg/max/mdev = 2.477/9.102/12.578/4.045 ms

Cisco

Router-11#sh run int tunnel 1

Building configuration...

Current configuration : 148 bytes

!

interface Tunnel1

 ip address 10.100.2.1 255.255.255.252

 ip tcp adjust-mss 1400

 tunnel source 192.168.1.1

 tunnel destination 172.16.1.254

end

ip route 192.168.0.0 255.255.255.0 Tunnel1

Router-11# traceroute 192.168.0.2

Type escape sequence to abort.

Tracing the route to ip-2-0-168-192.xxxx.com (192.168.0.2)

  1 10.100.2.2 [AS 65100] 0 msec

ns1.xxxx.com (172.16.1.254) [AS 65100] 0 msec *

可能会遇到MTU问题。需要调整MTU，MSS参数