Manual:Interface/Gre: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
m Arp note
Line 22: Line 22:
|prop=Property
|prop=Property
|desc=Description
|desc=Description
}}
{{Mr-arg-table
|arg=clamp-tcp-mss
|type=yes {{!}}  no
|default=yes
|desc=
}}
}}


Line 36: Line 45:
|default=no
|default=no
|desc=Enables/disables tunnel.
|desc=Enables/disables tunnel.
}}
{{Mr-arg-table
|arg=dont-fragment
|type=inherit {{!}}  no
|default=no
|desc=
}}
}}


Line 42: Line 58:
|type=inherit {{!}}  integer [0-63]
|type=inherit {{!}}  integer [0-63]
|default=
|default=
|desc=Since v5.6, set dscp value in GRE header to a fixed value or inherit from dscp value taken from tunnelled traffic
|desc=Set dscp value in Gre header to a fixed value or inherit from dscp value taken from tunnelled traffic
}}
 
{{Mr-arg-table
|arg=ipsec-secret
|type=string
|default=
|desc=When secret is specified, router adds dynamic ipsec peer to remote-address with pre-shared key and policy with default values (by default phase2 uses sha1/aes128cbc). Both local-address and remote-address of the tunnel must be specified for router to create valid ipsec policy.
}}
}}



Revision as of 12:23, 9 June 2015

Applies to RouterOS: v5+

Summary

Sub-menu: /interface gre
Standards: GRE RFC 1701


GRE (Generic Routing Encapsulation) is a tunnelling protocol that was originally developed by Cisco. It can encapsulate a wide variety of protocols creating a virtual point-to-point link.

GRE is the same as IPIP and EoIP which were originally developed as stateless tunnels. Which means that if the remote end of the tunnel goes down, all traffic that was routed over the tunnels will gets blackholed. To solve this problem, RouterOS have added 'keepalive' feature for GRE tunnels.

GRE tunnel adds a 24 byte overhead (4-byte gre header + 20-byte IP header).


Note: GRE tunnel can forward only IP and IPv6 packets (ethernet type 800 and 86dd). Do not use "Check gateway" option "arp" when GRE tunnel is used as route gateway.


Properties

Property Description
clamp-tcp-mss (yes | no; Default: yes)
comment (string; Default: ) Short description of the tunnel.
disabled (yes | no; Default: no) Enables/disables tunnel.
dont-fragment (inherit | no; Default: no)
dscp (inherit | integer [0-63]; Default: ) Set dscp value in Gre header to a fixed value or inherit from dscp value taken from tunnelled traffic
ipsec-secret (string; Default: ) When secret is specified, router adds dynamic ipsec peer to remote-address with pre-shared key and policy with default values (by default phase2 uses sha1/aes128cbc). Both local-address and remote-address of the tunnel must be specified for router to create valid ipsec policy.
keepalive (integer [1..4294967295]; Default: ) Tunnel keepalive timeout in seconds. By default keepalive is disabled.
l2mtu (integer [0..65536]; Default: 65535) Layer2 Maximum transmission unit.
local-address (IP; Default: 0.0.0.0) IP address that will be used for local tunnel end. If set to 0.0.0.0 then IP address of outgoing interface will be used.
mtu (integer [0..65536]; Default: 1476) Layer3 Maximum transmission unit.
name (string; Default: ) Name of the tunnel.
remote-address (IP; Default: ) IP address of remote tunnel end.

Setup examples

The goal of this example is to get Layer 3 connectivity between two remote sites over the internet.

We have two sites, Site1 with local network range 10.1.101.0/24 and Site2 with local network range 10.1.202.0/24.

First step is to create GRE tunnels. Router on site 1:

/interface gre add name=myGre remote-address=192.168.90.1 local-address=192.168.80.1

Router on site 2:

/interface gre add name=myGre remote-address=192.168.80.1 local-address=192.168.90.1

As you can see tunnel configuration is quite simple.

Note: In this example keepalive is not configured, so tunnel interface will have running flag even if remote tunnel end is not reachable



Now we just need to set up tunnel addresses and proper routing. Router on site 1:

/ip address 
  add address=172.16.1.1/30 interface=myGre

/ip route 
  add dst-address=10.1.202.0/24 gateway=172.16.1.2

Router on site 2:

/ip address 
  add address=172.16.1.2/30 interface=myGre

/ip route 
  add dst-address=10.1.101.0/24 gateway=172.16.1.1

At this point both sites have Layer 3 connectivity over GRE tunnel.

[ Top | Back to Content ]