GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Frame-relay switching -- GRE Tunnels posted 08/02/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Fanglo,

To learn about GRE tunnels, someone on Groupstudy recommended Adam Quiggley's VPN book, then someone else also recommended it, so it must be good. I've read some of the papers about GRE on CCO, but don't have a specific one to recommend. I haven't tested the config I posted, so let me know if there is a problem; but I'm confident it will work. The concept is simple:

(1) You need a physical path between the source router and the destination router. Our example is really easy ... they're connected back-to-back. It would be okay for R1 and R2 to be several hops away from each other, but you'd need to be sure R1 and R2 know how to reach each other (i.e., run some IGP such as OSPF and make sure the address you want to anchor the tunnel to is known to the remote router).

(2) Create tunnel interfaces on R1 and R2 (the tunnel interface number doesn't need to match, but the source and destination IP addresses do):

R1
interface tunnel 5
tunnel source 132.173.15.2
tunnel destination 205.41.75.7

R2
interface tunnel 8
tunnel source 205.41.75.7
tunnel destination 132.173.15.2

(3) Now you can use "show cdp neighbor detail" and see the remote router through the tunnel interface even though you have not given the tunnel interface an IP address yet (because CDP works at layer 2; IP works at layer 3). This is pretty cool when the destination router is several physical hops away; it behaves just as if the tunnel connection is a physical connection.

(4) Apply whatever routing you want to happen on the tunnel (IP addresses or IPX addresses or both, multicast, etc. or frame-relay route commands).

(5) Whatever goes into the tunnel on R1 will come out the same tunnel on R2, so match up your DLCI traffic. If you want several connections between R1 and R2, then you need several tunnels (each anchored to different Serial, Ethernet, or Loopback interfaces) because you cannot have tunnel subinterfaces. DLCIs are local, so their numbers don't have to match, but for your own sanity you should match the DLCI numbers.

Recommend you draw my sample config on paper and see where each DLCI connects between a serial interface to a tunnel interface, and out the other side to a serial interface; and see that each tunnel is anchored to a different loopback. All of the loopbacks must be reachable by the remote router (via a routing protocol, or in our example, via the default-gateway).

In a routing environment, the main problem you find with GRE tunnels is that initially R1 and R2 know how to find each other's IP address via some physical link, thus allowing the GRE tunnel to form. Then the routing protocol decides the shortest path between R1 and R2 is over the one-hop tunnel connection, and all the routes show the tunnel interface as the preferred path. That's fine for all the routes except the route to the loopback that the tunnel is anchored to; i.e., the way to the tunnel destination cannot be over the tunnel! So the tunnel collapses. A moment later, the routing protocol finds a physical path to the destination IP and the tunnel reforms. Then it collapses again. Over and over. Solution is to filter the advertisement of the tunnel destination from being advertised between R1 and R2 via the tunnel.

Hope this is not too long and confusing.  Regards,  Kym
------------------------------------------------------------------

From: Fanglo MA <fangloma@xxxxxxxxxxxxxx>
Reply-To: Fanglo MA <fangloma@xxxxxxxxxxxxxx>
To: kym blair <kymblair@xxxxxxxxxxx>
CC: <harbir.kohli@xxxxxxxxxxxxxx>, <ccielab@xxxxxxxxxxxxxx>
Subject: RE: Frame-relay switching
Date: Fri, 2 Aug 2002 19:49:50 +0800 (HKT)

Wow! How you reach it!!? You are really best on how to apply tunnel. Any
source/reference would you recommend?

Regards,
Fanglo

On Fri, 2 Aug 2002, kym blair wrote:

> Harbir, try this method of building a frame-relay switch from two 2501
> routers (assuming FRS1 and FRS2 are connected S0-to-S0 as in your first
> attempt, and routers are connected to S1 on each FRS):
>
> FRS1
> _____
>
> frame-relay switching
> !
> interface Tunnel12
> no ip address
> tunnel source Serial0
> tunnel destination 12.12.12.2
> !
> interface Serial0
> ip address 12.12.12.1 255.255.255.0
> !
> interface Serial1
> no ip address
> encapsulation frame-relay
> clockrate 2000000
> frame-relay intf-type dce
> frame-relay route 104 interface Tunnel12 401
>
>
>
> FRS2
> ---------
> frame-relay switching
> !
> interface Tunnel12
> no ip address
> tunnel source Serial0
> tunnel destination 12.12.12.1
> !
> interface Serial0
> ip address 12.12.12.2 255.255.255.0
> !
> interface Serial1
> no ip address
> encapsulation frame-relay
> clockrate 2000000
> frame-relay intf-type dce
> frame-relay route 104 interface Tunnel12 401
>
> --------------------------------------------------------------
> --------------------------------------------------------------
> Or E0-E0 back-to-back with full-mesh DLCIs would allow you to connect up to
> 4 routers with any combination of point-to-point or multipoint:
>
> FRS1
> _____
>
> frame-relay switching
> !
> Ethernet 0
> ip address 192.168.1.1 255.255.255.0
> !
> ip classless
> ip subnet-zero
> ip route 0.0.0.0 0.0.0.0 192.168.1.2
> !
> interface Loopback13
> ip address 132.173.13.1 255.255.255.0
> !
> interface Tunnel13
> no ip address
> tunnel source Loopback13
> tunnel destination 132.173.13.2
> !
> interface Loopback14
> ip address 132.173.14.1 255.255.255.0
> !
> interface Tunnel14
> no ip address
> tunnel source Loopback14
> tunnel destination 132.173.14.2
> !
> interface Loopback23
> ip address 132.173.23.1 255.255.255.0
> !
> interface Tunnel23
> no ip address
> tunnel source Loopback23
> tunnel destination 132.173.23.2
> !
> interface Loopback24
> ip address 132.173.24.1 255.255.255.0
> !
> interface Tunnel24
> no ip address
> tunnel source Loopback24
> tunnel destination 132.173.24.2
> !
> !
> interface Serial0
> no ip address
> encapsulation frame-relay
> clockrate 2000000
> frame-relay intf-type dce
> frame-relay route 102 interface serial1 201
> frame-relay route 103 interface Tunnel13 111
> frame-relay route 104 interface Tunnel14 444
> !
> interface Serial1
> no ip address
> encapsulation frame-relay
> clockrate 2000000
> frame-relay intf-type dce
> frame-relay route 201 interface Serial0 102
> frame-relay route 203 interface Tunnel23 333
> frame-relay route 204 interface Tunnel24 222
>
>
> FRS2
> ---------
> frame-relay switching
> !
> Ethernet 0
> ip address 192.168.1.2 255.255.255.0
> !
> ip classless
> ip subnet-zero
> ip route 0.0.0.0 0.0.0.0 192.168.1.1
> !
> interface Loopback13
> ip address 132.173.13.2 255.255.255.0
> !
> interface Tunnel13
> no ip address
> tunnel source Loopback13
> tunnel destination 132.173.13.1
> !
> interface Loopback14
> ip address 132.173.14.2 255.255.255.0
> !
> interface Tunnel14
> no ip address
> tunnel source Loopback14
> tunnel destination 132.173.14.1
> !
> interface Loopback23
> ip address 132.173.23.2 255.255.255.0
> !
> interface Tunnel23
> no ip address
> tunnel source Loopback23
> tunnel destination 132.173.23.1
> !
> interface Loopback24
> ip address 132.173.24.2 255.255.255.0
> !
> interface Tunnel24
> no ip address
> tunnel source Loopback24
> tunnel destination 132.173.24.1
> !
> interface Serial0
> no ip address
> encapsulation frame-relay
> clockrate 2000000
> frame-relay intf-type dce
> frame-relay route 401 interface Tunnel14 444
> frame-relay route 402 interface Tunnel24 222
> frame-relay route 403 interface Serial1 304
> !
> interface Serial1
> no ip address
> encapsulation frame-relay
> clockrate 2000000
> frame-relay intf-type dce
> frame-relay route 301 interface Tunnel13 111
> frame-relay route 302 interface Tunnel23 333
> frame-relay route 304 interface Serial0 403
>
>
> That's it for the frame-relay switch. Now you have to config the routers.
> This is a good drill, but really recommend you buy a router with 4 or more
> serial ports to be your frame-relay switch.
>
> HTH, Kym
>
>
>
>
> >From: "Fanglo MA \(E-mail\)" <fangloma@xxxxxxxxxxxxxx>
> >Reply-To: "Fanglo MA \(E-mail\)" <fangloma@xxxxxxxxxxxxxx>
> >To: "'Kohli, Harbir'" <harbir.kohli@xxxxxxxxxxxxxx>,
> ><ccielab@xxxxxxxxxxxxxx>
> >Subject: RE: Frame-relay switching
> >Date: Fri, 2 Aug 2002 08:53:29 +0800
> >
> >Try no keepalive. May be it can be help.
> >
> >http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
> >t/120t5/frkeep.htm
> >
> >Regards,
> >Fanglo
> >
> >-----Original Message-----
> >From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf Of
> >Kohli, Harbir
> >Sent: Thursday, August 01, 2002 9:16 PM
> >To: 'ccielab@xxxxxxxxxxxxxx'
> >Subject: RE: Frame-relay switching
> >
> >
> >Hi,
> >
> >I am trying to create a frame-relay cloud by using 2 routers (FRS1 and
> >FRS2)
> >
> >
> >I am not able to get frame-relay switching to work over the cloud.
> >
> >I have 2 routers connected one to FRS1 and another to FRS2).
> >FRS1
> >_____
> >
> >...
> >frame-relay switching
> >!
> >interface Tunnel12
> >no ip address
> >tunnel source Serial0
> >tunnel destination 12.12.12.2
> >!
> >interface Serial0
> >ip address 12.12.12.1 255.255.255.0
> >!
> >interface Serial1
> >no ip address
> >encapsulation frame-relay
> >frame-relay intf-type dce
> >frame-relay route 104 interface Tunnel12 401
> >!
> >FRS2
> >---------
> >
> >..
> >frame-relay switching
> >interface Serial0
> >ip address 23.23.23.2 255.255.255.0
> >interface Serial1
> >no ip address
> >encapsulation frame-relay
> >clockrate 2000000
> >frame-relay intf-type dce
> >frame-relay route 401 interface Tunnel12 104
> >
> >FRS2#sh frame pvc
> >
> >PVC Statistics for interface Serial1 (Frame Relay DCE)
> >
> >DLCI = 401, DLCI USAGE = SWITCHED, PVC STATUS = INACTIVE, INTERFACE =
> >Serial1
> >
> >What is it that I am missing?
> >_________________________________________________________________
> >Commercial lab list: http://www.groupstudy.com/list/commercial.html
> >Please discuss commercial lab solutions on this list.
> >_________________________________________________________________
> >Commercial lab list: http://www.groupstudy.com/list/commercial.html
> >Please discuss commercial lab solutions on this list.
> H
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
_________________________________________________________________
Commercial lab list: http://www.groupstudy.com/list/commercial.html
Please discuss commercial lab solutions on this list.
_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
_________________________________________________________________
Commercial lab list: http://www.groupstudy.com/list/commercial.html
Please discuss commercial lab solutions on this list.
__________________________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab