Simple GRE-Tunnel on vMX

As part of my JNCIE-ENT study, GRE-Tunnels are also a topic.
Turns out, that GRE-Tunnels are quite simple to set up and give you a lot of Flexibility.

GRE-Tunnel Topology

In this Topology, the network 172.16.1.x/24 is behind vMX-VFP6 (VPC8) and the network 172.16.2.x/24 is behind vMX-VFP4 (VPC7). Our middle Router, vMX-VFP5/ vMX-VCP2 is not aware of the 172 networks and has no route at all towards the networks. VCP1 and VCP3 are out Tunnel-Endpoints and are configured like this:

First you configure a gr-Interface with a tunnel source and destination.
You also should have a static route to reach the other side of your endpoint!

As you can see in the routing table, VCP2 is not aware of the 172 networks and still VPC7 and VPC8 can issue a ping towards each other, with vPC7 having 172.16.2.100/24 and VPC8 having 172.16.1.100/24 as the host addresses.

Setting up GRE-Tunnels is extremely easy. This allows you to tunnel your networks through your Provider network. But be careful – GRE is not IPsec – especially in terms of security.

Although GRE is able to carry other protocols as well as IP packets in an IP network while IPSec is not, IPsec offers more security than GRE because of its authentication feature.

But do you know the best part? This Lab was done in 6 Minutes (5.5 minutes boot time and the rest configuring) with EVE-NG. As you may have heard, I will soon present a short session about how to use EVE for prepping and labbing – if any of you attend the #NXTWORK2019 you need to check out the Ambassadors Masterclass – especially if you currently use ESX for labbing…

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha * Time limit is exhausted. Please reload CAPTCHA.