Sun Jan 4 16:27:48 2009 UTC ()
 * in diagrams, name routers as such
 * enhance formatting
 * add section headers for examples


(hubertf)
diff -r1.39 -r1.40 src/share/man/man4/gre.4
cvs diff -r1.39 -r1.40 src/share/man/man4/gre.4 (expand / switch to unified diff)

--- src/share/man/man4/gre.4 2008/05/10 09:33:31 1.39
+++ src/share/man/man4/gre.4 2009/01/04 16:27:48 1.40
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1.\" $NetBSD: gre.4,v 1.39 2008/05/10 09:33:31 martin Exp $ 1.\" $NetBSD: gre.4,v 1.40 2009/01/04 16:27:48 hubertf Exp $
2.\" 2.\"
3.\" Copyright (c) 1998 The NetBSD Foundation, Inc. 3.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
4.\" All rights reserved. 4.\" All rights reserved.
5.\" 5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation 6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Heiko W.Rupp <hwr@pilhuhn.de> 7.\" by Heiko W.Rupp <hwr@pilhuhn.de>
8.\" 8.\"
9.\" Redistribution and use in source and binary forms, with or without 9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions 10.\" modification, are permitted provided that the following conditions
11.\" are met: 11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright 12.\" 1. Redistributions of source code must retain the above copyright
13.\" notice, this list of conditions and the following disclaimer. 13.\" notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" 2. Redistributions in binary form must reproduce the above copyright
@@ -17,27 +17,27 @@ @@ -17,27 +17,27 @@
17.\" 17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28.\" POSSIBILITY OF SUCH DAMAGE. 28.\" POSSIBILITY OF SUCH DAMAGE.
29.\" 29.\"
30.Dd December 4, 2006 30.Dd January 4, 2009
31.Dt GRE 4 31.Dt GRE 4
32.Os 32.Os
33.Sh NAME 33.Sh NAME
34.Nm gre 34.Nm gre
35.Nd encapsulating network device 35.Nd encapsulating network device
36.Sh SYNOPSIS 36.Sh SYNOPSIS
37.Cd pseudo-device gre 37.Cd pseudo-device gre
38.Sh DESCRIPTION 38.Sh DESCRIPTION
39The 39The
40.Nm gre 40.Nm gre
41network interface pseudo device encapsulates datagrams 41network interface pseudo device encapsulates datagrams
42into IP. 42into IP.
43These encapsulated datagrams are routed to a destination host, 43These encapsulated datagrams are routed to a destination host,
@@ -134,160 +134,174 @@ Query operation mode. @@ -134,160 +134,174 @@ Query operation mode.
134.It GRESSOCK : 134.It GRESSOCK :
135Delegate a socket from userland to a tunnel interface in UDP 135Delegate a socket from userland to a tunnel interface in UDP
136encapsulation mode. 136encapsulation mode.
137The file descriptor for the socket is passed in 137The file descriptor for the socket is passed in
138(struct ifreq)-\*[Gt]ifr_value. 138(struct ifreq)-\*[Gt]ifr_value.
139.El 139.El
140.Pp 140.Pp
141Note that the IP addresses of the tunnel endpoints may be the same as the 141Note that the IP addresses of the tunnel endpoints may be the same as the
142ones defined with 142ones defined with
143.Xr ifconfig 8 143.Xr ifconfig 8
144for the interface (as if IP is encapsulated), but need not be, as e.g. when 144for the interface (as if IP is encapsulated), but need not be, as e.g. when
145encapsulating AppleTalk. 145encapsulating AppleTalk.
146.Sh EXAMPLES 146.Sh EXAMPLES
 147.Ss Example 1: Basic GRE tunneling
147Configuration example: 148Configuration example:
148.Bd -literal 149.Bd -literal
149Host X-- Host A ----------------tunnel---------- cisco D------Host E 150Host X-- Router A --------------tunnel---------- Router D ----Host E
150 \\ | 151 | |
151 \\ / 152 \\ /
152 +------Host B----------Host C----------+ 153 +----- Router B ----- Router C --------+
153.Ed 154.Ed
154On host A 155.Pp
 156On Router A
155.Pq Nx : 157.Pq Nx :
156.Bd -literal 158.Bd -literal
157 # route add default B 159 # route add default B
158 # ifconfig greN create 160 # ifconfig greN create
159 # ifconfig greN A D netmask 0xffffffff linkX up 161 # ifconfig greN A D netmask 0xffffffff linkX up
160 # ifconfig greN tunnel A D 162 # ifconfig greN tunnel A D
161 # route add E D 163 # route add E D
162.Ed 164.Ed
163On Host D (Cisco): 165.Pp
 166On Router D (Cisco):
164.Bd -literal 167.Bd -literal
165 Interface TunnelX 168 Interface TunnelX
166 ip unnumbered D ! e.g. address from Ethernet interface 169 ip unnumbered D ! e.g. address from Ethernet interface
167 tunnel source D ! e.g. address from Ethernet interface 170 tunnel source D ! e.g. address from Ethernet interface
168 tunnel destination A 171 tunnel destination A
169 ip route C \*[Lt]some interface and mask\*[Gt] 172 ip route C \*[Lt]some interface and mask\*[Gt]
170 ip route A mask C 173 ip route A mask C
171 ip route X mask tunnelX 174 ip route X mask tunnelX
172.Ed 175.Ed
173OR 176.Pp
174On Host D 177or on Router D
175.Pq Nx : 178.Pq Nx :
176.Bd -literal 179.Bd -literal
177 # route add default C 180 # route add default C
178 # ifconfig greN create 181 # ifconfig greN create
179 # ifconfig greN D A 182 # ifconfig greN D A
180 # ifconfig tunnel greN D A 183 # ifconfig tunnel greN D A
181.Ed 184.Ed
182.Pp 185.Pp
183If all goes well, you should see packets flowing ;-) 186If all goes well, you should see packets flowing ;-)
184.Pp 187.Pp
185If you want to reach Host A over the tunnel (from Host D (Cisco)), then 188If you want to reach Router A over the tunnel (from Router D (Cisco)), then
186you have to have an alias on Host A for e.g. the Ethernet interface like: 189you have to have an alias on Router A for e.g. the Ethernet interface like:
187.Bd -literal 190.Bd -literal
188 ifconfig \*[Lt]etherif\*[Gt] alias Y 191 ifconfig \*[Lt]etherif\*[Gt] alias Y
189.Ed 192.Ed
190and on the cisco 193.Pp
 194and on the Cisco
191.Bd -literal 195.Bd -literal
192 ip route Y mask tunnelX 196 ip route Y mask tunnelX
193.Ed 197.Ed
194.Pp 198.Ss Example 2: Linking private subnets
195A similar setup can be used to create a link between two private networks 199A similar setup can be used to create a link between two private networks
196(for example in the 192.168 subnet) over the Internet: 200(for example in the 192.168 subnet) over the Internet:
197.Bd -literal 201.Bd -literal
198192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* 202192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.*
199 \\ / 203 \\ /
200 \\ / 204 \\ /
201 +----- the Internet ------+ 205 +----- the Internet ------+
202.Ed 206.Ed
203Assuming router A has the (external) IP address A and the internal address 207.Pp
204192.168.1.1, while router B has external address B and internal address 208Assuming Router A has the (external) IP address A and the internal address
 209192.168.1.1, while Router B has external address B and internal address
205192.168.2.1, the following commands will configure the tunnel: 210192.168.2.1, the following commands will configure the tunnel:
206.Pp 211.Pp
207On router A: 212On Router A:
208.Bd -literal 213.Bd -literal
209 # ifconfig greN create 214 # ifconfig greN create
210 # ifconfig greN 192.168.1.1 192.168.2.1 215 # ifconfig greN 192.168.1.1 192.168.2.1
211 # ifconfig greN tunnel A B 216 # ifconfig greN tunnel A B
212 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 217 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1
213.Ed 218.Ed
214.Pp 219.Pp
215On router B: 220On Router B:
216.Bd -literal 221.Bd -literal
217 # ifconfig greN create 222 # ifconfig greN create
218 # ifconfig greN 192.168.2.1 192.168.1.1 223 # ifconfig greN 192.168.2.1 192.168.1.1
219 # ifconfig greN tunnel B A 224 # ifconfig greN tunnel B A
220 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 225 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1
221.Ed 226.Ed
222.Pp 227.Pp
 228.Ss Example 3: Encapsulating GRE in UDP
223To setup the same tunnel as above, but using GRE in UDP encapsulation 229To setup the same tunnel as above, but using GRE in UDP encapsulation
224instead of GRE encapsulation, set flags 230instead of GRE encapsulation, set flags
225.Ar link0 231.Ar link0
226and 232and
227.Ar link2 , 233.Ar link2 ,
228and specify source and destination UDP ports. 234and specify source and destination UDP ports.
229.Pp 235.Pp
230On router A: 236On Router A:
231.Bd -literal 237.Bd -literal
232 # ifconfig greN create 238 # ifconfig greN create
233 # ifconfig greN link0 link2 239 # ifconfig greN link0 link2
234 # ifconfig greN 192.168.1.1 192.168.2.1 240 # ifconfig greN 192.168.1.1 192.168.2.1
235 # ifconfig greN tunnel A,port-A B,port-B 241 # ifconfig greN tunnel A,port-A B,port-B
236 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 242 # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1
237.Ed 243.Ed
238.Pp 244.Pp
239On router B: 245On Router B:
240.Bd -literal 246.Bd -literal
241 # ifconfig greN create 247 # ifconfig greN create
242 # ifconfig greN link0 link2 248 # ifconfig greN link0 link2
243 # ifconfig greN 192.168.2.1 192.168.1.1 249 # ifconfig greN 192.168.2.1 192.168.1.1
244 # ifconfig greN tunnel B,port-B A,port-A 250 # ifconfig greN tunnel B,port-B A,port-A
245 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 251 # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1
 252.Ed
246.Pp 253.Pp
 254.Ss Example 4: Realizing IPv6 connectivity
247Along these lines, you can use GRE tunnels to interconnect two IPv6 255Along these lines, you can use GRE tunnels to interconnect two IPv6
248networks over an IPv4 infrastructure, or to hook up to the IPv6 internet 256networks over an IPv4 infrastructure, or to hook up to the IPv6 internet
249via an IPv4 tunnel to a Cisco router. 257via an IPv4 tunnel to a Cisco router.
250.Bd -literal 258.Bd -literal
2512001:db8:1::/64 -- NetBSD A -----tunnel----- Cisco B --- IPv6 Internet 2592001:db8:1::/64 -- NetBSD A ---- Tunnel ---- Cisco B --- IPv6 Internet
252 \\ / 260 \\ /
253 \\ / 261 \\ /
254 +----- the Internet ------+ 262 +------ the Internet ------+
255 
256.Ed 263.Ed
 264.Pp
257The example will use the following addressing: 265The example will use the following addressing:
258.Nx 266.Bl -hang
259A has the IPv4 address A and the IPv6 address 2001:db8:1::1 (connects 267.It Nx A
 268has the IPv4 address A and the IPv6 address 2001:db8:1::1 (connects
260to internal network 2001:db8:1::/64). 269to internal network 2001:db8:1::/64).
261Cisco B has external IPv4 address B. 270.It Cisco B
262All the IPv6 internet world is behind B, so A wants to route 0::0/0 271has external IPv4 address B.
 272.It All the IPv6 internet world
 273is behind B, so A wants to route 0::0/0
263(the IPv6 default route) into the tunnel. 274(the IPv6 default route) into the tunnel.
264The GRE tunnel will use a transit network: 2001:db8:ffff::1/64 on 275.It The GRE tunnel
 276will use a transit network: 2001:db8:ffff::1/64 on
265the 277the
266.Nx 278.Nx
267side, and ::2/64 on the Cisco side. 279side, and ::2/64 on the Cisco side.
 280.El
 281.Pp
268Then the following commands will configure the tunnel: 282Then the following commands will configure the tunnel:
269.Pp 283.Pp
270On router A 284On Router A
271.Pq Nx : 285.Pq Nx :
272.Bd -literal 286.Bd -literal
273 # ifconfig greN create 287 # ifconfig greN create
274 # ifconfig greN inet6 2001:db8:ffff::1/64 288 # ifconfig greN inet6 2001:db8:ffff::1/64
275 # ifconfig greN tunnel A B 289 # ifconfig greN tunnel A B
276 # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN 290 # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN
277 # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN 291 # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN
278.Ed 292.Ed
279.Pp 293.Pp
280On router B (Cisco): 294On Router B (Cisco):
281.Bd -literal 295.Bd -literal
282 Interface TunnelX 296 Interface TunnelX
283 tunnel mode gre ip 297 tunnel mode gre ip
284 ipv6 address 2001:db8:ffff::2/64 ! transfer network 298 ipv6 address 2001:db8:ffff::2/64 ! transfer network
285 tunnel source B ! e.g. address from LAN interface 299 tunnel source B ! e.g. address from LAN interface
286 tunnel destination A ! where the tunnel is connected to 300 tunnel destination A ! where the tunnel is connected to
287 ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel 301 ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel
288.Ed 302.Ed
289.Ed 303.Ed
290.Sh NOTES 304.Sh NOTES
291The MTU of 305The MTU of
292.Sy gre Ns Ar X 306.Sy gre Ns Ar X
293interfaces is set to 1476 by default to match the value used by Cisco routers. 307interfaces is set to 1476 by default to match the value used by Cisco routers.