Advanced Routing and Traffic Control for Linux: GRE and other tunnels

Linux has 3 kinds of tunnels. They are: IP-in-IP tunnels, GRE tunnels, and non-kernel tunnels (such as PPTP).

1. Several comments on the tunnel

Tunnels can be used to implement many very unusual and interesting features. But if you have a problem with your configuration, there will be terrible mistakes. Do not point the default route to a tunneling device unless you know exactly what you are doing. Furthermore, the tunneling increases the protocol overhead because it requires an additional IP header. Generally should be 20 bytes per packet increase, so if a network MTU is 1500 bytes, the use of tunneling technology, the actual IP packet length can only be 1480 bytes. It's not a matter of principle, but if you want to use tunneling to build a larger network, it's a good idea to take a closer look at the fragmentation and aggregation of IP packets. Oh, and the best way to dig a tunnel is, of course, to dig at both ends.

2. IP-in-IP Tunnel

This tunnel has been implemented for a long time on Linux. Requires two kernel modules: IPIP.O and NEW_TUNNEL.O.

Say you have 3 networks: Intranet A and B, intermediate network C (for example, Internet).

A network situation:
Network Address 10.0.1.0
Subnet Mask 255.255.255.0
Router 10.0.1.1
The router's address on the C network is 172.16.17.18.

B Network situation:
Network Address 10.0.2.0
Subnet Mask 255.255.255.0
Router 1

The IP address of the router on the C network is 172.19.20.21.

Given that the C network is connected, we assume that it will pass all packets from A to B and vice versa. And you can use the Internet casually.

That's all you have to do:

First, verify that the module is loaded:

Insmod IPIP.O
Insmod NEW_TUNNEL.O

Then, on the router of network A, enter:

Ifconfig tunl0 10.0.1.1 pointopoint 172.19.20.21
Route add-net 10.0.2.0 netmask 255.255.255.0 Dev tunl0

And on the B network router, enter:

Ifconfig tunl0 10.0.2.1 pointopoint 172.16.17.18
Route add-net 10.0.1.0 netmask 255.255.255.0 Dev tunl0

If you want to abort the tunnel, enter:

Ifconfig tunl0 Down

It's simple! But you cannot forward broadcasts or http://www.aliyun.com/zixun/aggregation/9485.html ">ipv6 packets" through the Ip-in-ip tunnel. You're just connecting two IPv4 networks that don't normally communicate directly. As for compatibility, this part of the code has a long history, its compatibility can be traced back to the 1.3 version of the kernel. As far as I know, Linux Ip-in-ip tunnels cannot communicate with other operating systems or routers. It's simple and effective. Use GRE if you need it.