GRE Tunnel Over Linux VRF

GRE Tunnel Over Linux VRF

[לירן אודיז]

Hi, i am trying to create GRE tunnel over vrf.
after binding  the GRE tunnel interface (also the LAN & WAN
interfaces) to VRF, the traffic didn't forwarded via the WAN
interface,  the path is LAN(VRx)----->GRE--x-->WAN(VRx) .
only while the WAN interface is binding to the default router, the
traffic forwarded correctly via the WAN interface, the path is
LAN(VRx)----->GRE----->WAN(VRx).

used configuration:
ifconfig lan1 80.80.80.1/24 up
ifconfig wan2 50.50.50.1/24 up
ip link add VR2 type vrf table 2
ip link set dev VR2 up
ip route add table 2 unreachable default metric 4278198272
ip tunnel add greT2 mode gre local 50.50.50.1 remote 50.50.50.2
ip addr add 55.55.55.1/24 dev greT2
ip link set greT2 up
ip link set dev greT2 master VR2
ip link set dev lan1 master VR2
ip link set dev wan2 master VR2
ip route add vrf VR2 90.90.90.0/24 via 55.55.55.2

what is the correct way to create GRE tunnel over VRF.
Thank for support.

BR, Liran

Re: GRE Tunnel Over Linux VRF

[Alarig Le Lay]

Hi,

On Mon 19 Oct 2020 17:59:56 GMT, לירן אודיז wrote:
> Hi, i am trying to create GRE tunnel over vrf.
> after binding  the GRE tunnel interface (also the LAN & WAN
> interfaces) to VRF, the traffic didn't forwarded via the WAN
> interface,  the path is LAN(VRx)----->GRE--x-->WAN(VRx) .
> only while the WAN interface is binding to the default router, the
> traffic forwarded correctly via the WAN interface, the path is
> LAN(VRx)----->GRE----->WAN(VRx).
> 
> used configuration:
> ifconfig lan1 80.80.80.1/24 up
> ifconfig wan2 50.50.50.1/24 up
> ip link add VR2 type vrf table 2
> ip link set dev VR2 up
> ip route add table 2 unreachable default metric 4278198272
> ip tunnel add greT2 mode gre local 50.50.50.1 remote 50.50.50.2
> ip addr add 55.55.55.1/24 dev greT2
> ip link set greT2 up
> ip link set dev greT2 master VR2
> ip link set dev lan1 master VR2
> ip link set dev wan2 master VR2
> ip route add vrf VR2 90.90.90.0/24 via 55.55.55.2
> 
> what is the correct way to create GRE tunnel over VRF.
> Thank for support.
> 
> BR, Liran

The IPs used as tunnel endpoints must be reachable via the GRT (and not
on the tunnel).

Here is an example of how I set it up here:
core01-arendal ~ # ip link show gre2
17: gre2@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue master as208627 state UNKNOWN mode DEFAULT group default qlen 1000
    link/gre 85.166.254.210 peer 45.134.89.103
    alias Core: edge03
core01-arendal ~ # ip r g 85.166.254.210
local 85.166.254.210 dev lo table local src 85.166.254.210 uid 0
    cache <local>
core01-arendal ~ # ip r g 45.134.89.103
45.134.89.103 via 85.166.252.1 dev enp2s0 src 85.166.254.210 uid 0
    cache
core01-arendal ~ # ip addr show gre2
17: gre2@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue master as208627 state UNKNOWN group default qlen 1000
    link/gre 85.166.254.210 peer 45.134.89.103
    inet 45.91.126.224/31 scope global gre2
       valid_lft forever preferred_lft forever
    inet6 2a0e:f42:fffe:1::1a/127 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::200:5efe:55a6:fed2/64 scope link
       valid_lft forever preferred_lft forever
core01-arendal ~ # ip link show as208627
6: as208627: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 4e:82:77:cd:dd:b7 brd ff:ff:ff:ff:ff:ff
core01-arendal ~ # ip vrf sh
Name              Table
-----------------------
as208627         208627

-- 
Alarig