Difference between revisions of "Manual:Interface/Gre"

From MikroTik Wiki
Jump to: navigation, search
(Properties)
 
(10 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
{{Versions|v5+}}
 
{{Versions|v5+}}
 
__TOC__
 
__TOC__
 
  
 
==Summary==
 
==Summary==
Line 9: Line 8:
 
<br />
 
<br />
  
GRE (generic routing encapsulation) is a tunneling protocol that was originally developed by Cisco. It can encapsulate wide variety of protocols creating virtual point-to-point link.
+
GRE (Generic Routing Encapsulation) is a tunnelling protocol that was originally developed by Cisco. It can encapsulate a wide variety of protocols creating a virtual point-to-point link.
  
GRE the same as [[M:Interface/IPIP | IPIP]] and [[M:Interface/EoIP | EoIP]] were originally developed as stateless tunnels. Meaning that if remote end of the tunnels goes down all traffic that was routed over the tunnels gets blackholed.  To solve this problem RouterOS have added keepalive feature for GRE tunnels.
+
GRE is the same as [[M:Interface/IPIP | IPIP]] and [[M:Interface/EoIP | EoIP]] which were originally developed as stateless tunnels. Which means that if the remote end of the tunnel goes down, all traffic that was routed over the tunnels will gets blackholed.  To solve this problem, RouterOS have added 'keepalive' feature for GRE tunnels.
  
GRE tunnel adds 24 byte overhead (4-byte gre header + 20-byte IP header).
+
GRE tunnel adds a 24 byte overhead (4-byte gre header + 20-byte IP header).
  
  
{{Note | Gre tunnel can forward only IP and IPv6 packets (ethernet type 800 and 86dd)}}
+
{{Note | GRE tunnel can forward only IP and IPv6 packets (ethernet type 800 and 86dd).  Do not use "Check gateway" option "arp" when GRE tunnel is used as route gateway. }}
  
 
==Properties==
 
==Properties==
Line 24: Line 23:
 
|desc=Description
 
|desc=Description
 
}}
 
}}
 +
 +
  
 
{{Mr-arg-table
 
{{Mr-arg-table
|arg=arp
+
|arg=clamp-tcp-mss
|type=disabled {{!}} enabled {{!}} proxy-arp {{!}} reply-only
+
|type=yes {{!}} no
|default=
+
|default=yes
|desc=Address Resolution Protocol mode
+
|desc=Controls whether to change MSS size for received TCP SYN packets. When enabled, a router will change the MSS size for received TCP SYN packets if the current MSS size exceeds the tunnel interface MTU (taking into account the TCP/IP overhead).The received encapsulated packet will still contain the original MSS, and only after decapsulation the MSS is changed.
 
}}
 
}}
  
Line 43: Line 44:
 
|type=yes {{!}} no
 
|type=yes {{!}} no
 
|default=no
 
|default=no
|desc=Whether tunnel is enabled.
+
|desc=Enables/disables tunnel.
 +
}}
 +
 
 +
{{Mr-arg-table
 +
|arg=dont-fragment
 +
|type=inherit {{!}}  no
 +
|default=no
 +
|desc=
 +
}}
 +
 
 +
{{Mr-arg-table
 +
|arg=dscp
 +
|type=inherit {{!}}  integer [0-63]
 +
|default=
 +
|desc=Set dscp value in Gre header to a fixed value or inherit from dscp value taken from tunnelled traffic
 +
}}
 +
 
 +
{{Mr-arg-table
 +
|arg=ipsec-secret
 +
|type=string
 +
|default=
 +
|desc=When secret is specified, router adds dynamic ipsec peer to remote-address with pre-shared key and policy with default values (by default phase2 uses sha1/aes128cbc).
 
}}
 
}}
  
 
{{Mr-arg-table
 
{{Mr-arg-table
 
|arg=keepalive
 
|arg=keepalive
|type=integer [1..4294967295]
+
|type=integer[/time],integer 0..4294967295
|default=
+
|default=10s,10
|desc=Tunnel keepalive timeout in seconds. By default keepalive is disabled.
+
|desc=Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed.
 +
Parameters are written in following format: <code>KeepaliveInterval,KeepaliveRetries</code> where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries.
 
}}
 
}}
  
Line 64: Line 87:
 
|type=IP
 
|type=IP
 
|default=0.0.0.0
 
|default=0.0.0.0
|desc=Ip addres that will be used as local tunnel end. If set to 0.0.0.0 then ip address of outgoing interface will be taken.
+
|desc=IP address that will be used for local tunnel end. If set to 0.0.0.0 then IP address of outgoing interface will be used.
 
}}
 
}}
  
Line 90: Line 113:
 
==Setup examples==
 
==Setup examples==
  
The goal of example is to get Layer 3 connectivity between two remote sites over the internet.
+
The goal of this example is to get Layer 3 connectivity between two remote sites over the internet.
 
[[File:site-to-site-gre-example.png]]
 
[[File:site-to-site-gre-example.png]]
  
We two sites '''Site1''' with local network range 10.1.101.0/24 and '''Site2''' with local network range 10.1.202.0/24.
+
We have two sites, '''Site1''' with local network range 10.1.101.0/24 and '''Site2''' with local network range 10.1.202.0/24.
  
 
First step is to create GRE tunnels.
 
First step is to create GRE tunnels.
Line 129: Line 152:
 
</pre>
 
</pre>
  
At this point sites have Layer 3 connectivity over GRE tunnel.
+
At this point both sites have Layer 3 connectivity over GRE tunnel.
  
 
{{Cont}}
 
{{Cont}}

Latest revision as of 15:42, 10 November 2020

Version.png

Applies to RouterOS: v5+

Summary

Sub-menu: /interface gre
Standards: GRE RFC 1701


GRE (Generic Routing Encapsulation) is a tunnelling protocol that was originally developed by Cisco. It can encapsulate a wide variety of protocols creating a virtual point-to-point link.

GRE is the same as IPIP and EoIP which were originally developed as stateless tunnels. Which means that if the remote end of the tunnel goes down, all traffic that was routed over the tunnels will gets blackholed. To solve this problem, RouterOS have added 'keepalive' feature for GRE tunnels.

GRE tunnel adds a 24 byte overhead (4-byte gre header + 20-byte IP header).


Icon-note.png

Note: GRE tunnel can forward only IP and IPv6 packets (ethernet type 800 and 86dd). Do not use "Check gateway" option "arp" when GRE tunnel is used as route gateway.


Properties

Property Description
clamp-tcp-mss (yes | no; Default: yes) Controls whether to change MSS size for received TCP SYN packets. When enabled, a router will change the MSS size for received TCP SYN packets if the current MSS size exceeds the tunnel interface MTU (taking into account the TCP/IP overhead).The received encapsulated packet will still contain the original MSS, and only after decapsulation the MSS is changed.
comment (string; Default: ) Short description of the tunnel.
disabled (yes | no; Default: no) Enables/disables tunnel.
dont-fragment (inherit | no; Default: no)
dscp (inherit | integer [0-63]; Default: ) Set dscp value in Gre header to a fixed value or inherit from dscp value taken from tunnelled traffic
ipsec-secret (string; Default: ) When secret is specified, router adds dynamic ipsec peer to remote-address with pre-shared key and policy with default values (by default phase2 uses sha1/aes128cbc).
keepalive (integer[/time],integer 0..4294967295; Default: 10s,10) Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries.
l2mtu (integer [0..65536]; Default: 65535) Layer2 Maximum transmission unit.
local-address (IP; Default: 0.0.0.0) IP address that will be used for local tunnel end. If set to 0.0.0.0 then IP address of outgoing interface will be used.
mtu (integer [0..65536]; Default: 1476) Layer3 Maximum transmission unit.
name (string; Default: ) Name of the tunnel.
remote-address (IP; Default: ) IP address of remote tunnel end.

Setup examples

The goal of this example is to get Layer 3 connectivity between two remote sites over the internet. Site-to-site-gre-example.png

We have two sites, Site1 with local network range 10.1.101.0/24 and Site2 with local network range 10.1.202.0/24.

First step is to create GRE tunnels. Router on site 1:

/interface gre add name=myGre remote-address=192.168.90.1 local-address=192.168.80.1

Router on site 2:

/interface gre add name=myGre remote-address=192.168.80.1 local-address=192.168.90.1

As you can see tunnel configuration is quite simple.

Icon-note.png

Note: In this example keepalive is not configured, so tunnel interface will have running flag even if remote tunnel end is not reachable



Now we just need to set up tunnel addresses and proper routing. Router on site 1:

/ip address 
  add address=172.16.1.1/30 interface=myGre

/ip route 
  add dst-address=10.1.202.0/24 gateway=172.16.1.2

Router on site 2:

/ip address 
  add address=172.16.1.2/30 interface=myGre

/ip route 
  add dst-address=10.1.101.0/24 gateway=172.16.1.1

At this point both sites have Layer 3 connectivity over GRE tunnel.

[ Top | Back to Content ]