Advanced Routing and Traffic Control for Linux: GRE and other tunnels

Source: Internet
Author: User
Keywords Linux flow control advanced routing
Tags address advanced advanced routing configuration control default ifconfig ip

Linux has 3 kinds of tunnels. They are: IP-in-IP tunnels, GRE tunnels, and non-kernel tunnels (such as PPTP).

1. Several comments on the tunnel

Tunnels can be used to implement many very unusual and interesting features. But if you have a problem with your configuration, there will be terrible mistakes. Do not point the default route to a tunneling device unless you know exactly what you are doing. Furthermore, the tunneling increases the protocol overhead because it requires an additional IP header. Generally should be 20 bytes per packet increase, so if a network MTU is 1500 bytes, the use of tunneling technology, the actual IP packet length can only be 1480 bytes. It's not a matter of principle, but if you want to use tunneling to build a larger network, it's a good idea to take a closer look at the fragmentation and aggregation of IP packets. Oh, and the best way to dig a tunnel is, of course, to dig at both ends.

2. IP-in-IP Tunnel

This tunnel has been implemented for a long time on Linux. Requires two kernel modules: IPIP.O and NEW_TUNNEL.O.

Say you have 3 networks: Intranet A and B, intermediate network C (for example, Internet).

A network situation:
Network Address 10.0.1.0
Subnet Mask 255.255.255.0
Router 10.0.1.1
The router's address on the C network is 172.16.17.18.

B Network situation:
Network Address 10.0.2.0
Subnet Mask 255.255.255.0
Router 1

The IP address of the router on the C network is 172.19.20.21.

Given that the C network is connected, we assume that it will pass all packets from A to B and vice versa. And you can use the Internet casually.

That's all you have to do:

First, verify that the module is loaded:

Insmod IPIP.O
Insmod NEW_TUNNEL.O

Then, on the router of network A, enter:

Ifconfig tunl0 10.0.1.1 pointopoint 172.19.20.21
Route add-net 10.0.2.0 netmask 255.255.255.0 Dev tunl0

And on the B network router, enter:

Ifconfig tunl0 10.0.2.1 pointopoint 172.16.17.18
Route add-net 10.0.1.0 netmask 255.255.255.0 Dev tunl0

If you want to abort the tunnel, enter:

Ifconfig tunl0 Down

It's simple! But you cannot forward broadcasts or http://www.aliyun.com/zixun/aggregation/9485.html ">ipv6 packets" through the Ip-in-ip tunnel. You're just connecting two IPv4 networks that don't normally communicate directly. As for compatibility, this part of the code has a long history, its compatibility can be traced back to the 1.3 version of the kernel. As far as I know, Linux Ip-in-ip tunnels cannot communicate with other operating systems or routers. It's simple and effective. Use GRE if you need it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.