| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: gre.4,v 1.39 2008/05/10 09:33:31 martin Exp $ | | 1 | .\" $NetBSD: gre.4,v 1.40 2009/01/04 16:27:48 hubertf Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 1998 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 1998 The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
7 | .\" by Heiko W.Rupp <hwr@pilhuhn.de> | | 7 | .\" by Heiko W.Rupp <hwr@pilhuhn.de> |
8 | .\" | | 8 | .\" |
9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
11 | .\" are met: | | 11 | .\" are met: |
12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -17,27 +17,27 @@ | | | @@ -17,27 +17,27 @@ |
17 | .\" | | 17 | .\" |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | | 28 | .\" POSSIBILITY OF SUCH DAMAGE. |
29 | .\" | | 29 | .\" |
30 | .Dd December 4, 2006 | | 30 | .Dd January 4, 2009 |
31 | .Dt GRE 4 | | 31 | .Dt GRE 4 |
32 | .Os | | 32 | .Os |
33 | .Sh NAME | | 33 | .Sh NAME |
34 | .Nm gre | | 34 | .Nm gre |
35 | .Nd encapsulating network device | | 35 | .Nd encapsulating network device |
36 | .Sh SYNOPSIS | | 36 | .Sh SYNOPSIS |
37 | .Cd pseudo-device gre | | 37 | .Cd pseudo-device gre |
38 | .Sh DESCRIPTION | | 38 | .Sh DESCRIPTION |
39 | The | | 39 | The |
40 | .Nm gre | | 40 | .Nm gre |
41 | network interface pseudo device encapsulates datagrams | | 41 | network interface pseudo device encapsulates datagrams |
42 | into IP. | | 42 | into IP. |
43 | These encapsulated datagrams are routed to a destination host, | | 43 | These encapsulated datagrams are routed to a destination host, |
| @@ -134,160 +134,174 @@ Query operation mode. | | | @@ -134,160 +134,174 @@ Query operation mode. |
134 | .It GRESSOCK : | | 134 | .It GRESSOCK : |
135 | Delegate a socket from userland to a tunnel interface in UDP | | 135 | Delegate a socket from userland to a tunnel interface in UDP |
136 | encapsulation mode. | | 136 | encapsulation mode. |
137 | The file descriptor for the socket is passed in | | 137 | The file descriptor for the socket is passed in |
138 | (struct ifreq)-\*[Gt]ifr_value. | | 138 | (struct ifreq)-\*[Gt]ifr_value. |
139 | .El | | 139 | .El |
140 | .Pp | | 140 | .Pp |
141 | Note that the IP addresses of the tunnel endpoints may be the same as the | | 141 | Note that the IP addresses of the tunnel endpoints may be the same as the |
142 | ones defined with | | 142 | ones defined with |
143 | .Xr ifconfig 8 | | 143 | .Xr ifconfig 8 |
144 | for the interface (as if IP is encapsulated), but need not be, as e.g. when | | 144 | for the interface (as if IP is encapsulated), but need not be, as e.g. when |
145 | encapsulating AppleTalk. | | 145 | encapsulating AppleTalk. |
146 | .Sh EXAMPLES | | 146 | .Sh EXAMPLES |
| | | 147 | .Ss Example 1: Basic GRE tunneling |
147 | Configuration example: | | 148 | Configuration example: |
148 | .Bd -literal | | 149 | .Bd -literal |
149 | Host X-- Host A ----------------tunnel---------- cisco D------Host E | | 150 | Host X-- Router A --------------tunnel---------- Router D ----Host E |
150 | \\ | | | 151 | | | |
151 | \\ / | | 152 | \\ / |
152 | +------Host B----------Host C----------+ | | 153 | +----- Router B ----- Router C --------+ |
153 | .Ed | | 154 | .Ed |
154 | On host A | | 155 | .Pp |
| | | 156 | On Router A |
155 | .Pq Nx : | | 157 | .Pq Nx : |
156 | .Bd -literal | | 158 | .Bd -literal |
157 | # route add default B | | 159 | # route add default B |
158 | # ifconfig greN create | | 160 | # ifconfig greN create |
159 | # ifconfig greN A D netmask 0xffffffff linkX up | | 161 | # ifconfig greN A D netmask 0xffffffff linkX up |
160 | # ifconfig greN tunnel A D | | 162 | # ifconfig greN tunnel A D |
161 | # route add E D | | 163 | # route add E D |
162 | .Ed | | 164 | .Ed |
163 | On Host D (Cisco): | | 165 | .Pp |
| | | 166 | On Router D (Cisco): |
164 | .Bd -literal | | 167 | .Bd -literal |
165 | Interface TunnelX | | 168 | Interface TunnelX |
166 | ip unnumbered D ! e.g. address from Ethernet interface | | 169 | ip unnumbered D ! e.g. address from Ethernet interface |
167 | tunnel source D ! e.g. address from Ethernet interface | | 170 | tunnel source D ! e.g. address from Ethernet interface |
168 | tunnel destination A | | 171 | tunnel destination A |
169 | ip route C \*[Lt]some interface and mask\*[Gt] | | 172 | ip route C \*[Lt]some interface and mask\*[Gt] |
170 | ip route A mask C | | 173 | ip route A mask C |
171 | ip route X mask tunnelX | | 174 | ip route X mask tunnelX |
172 | .Ed | | 175 | .Ed |
173 | OR | | 176 | .Pp |
174 | On Host D | | 177 | or on Router D |
175 | .Pq Nx : | | 178 | .Pq Nx : |
176 | .Bd -literal | | 179 | .Bd -literal |
177 | # route add default C | | 180 | # route add default C |
178 | # ifconfig greN create | | 181 | # ifconfig greN create |
179 | # ifconfig greN D A | | 182 | # ifconfig greN D A |
180 | # ifconfig tunnel greN D A | | 183 | # ifconfig tunnel greN D A |
181 | .Ed | | 184 | .Ed |
182 | .Pp | | 185 | .Pp |
183 | If all goes well, you should see packets flowing ;-) | | 186 | If all goes well, you should see packets flowing ;-) |
184 | .Pp | | 187 | .Pp |
185 | If you want to reach Host A over the tunnel (from Host D (Cisco)), then | | 188 | If you want to reach Router A over the tunnel (from Router D (Cisco)), then |
186 | you have to have an alias on Host A for e.g. the Ethernet interface like: | | 189 | you have to have an alias on Router A for e.g. the Ethernet interface like: |
187 | .Bd -literal | | 190 | .Bd -literal |
188 | ifconfig \*[Lt]etherif\*[Gt] alias Y | | 191 | ifconfig \*[Lt]etherif\*[Gt] alias Y |
189 | .Ed | | 192 | .Ed |
190 | and on the cisco | | 193 | .Pp |
| | | 194 | and on the Cisco |
191 | .Bd -literal | | 195 | .Bd -literal |
192 | ip route Y mask tunnelX | | 196 | ip route Y mask tunnelX |
193 | .Ed | | 197 | .Ed |
194 | .Pp | | 198 | .Ss Example 2: Linking private subnets |
195 | A similar setup can be used to create a link between two private networks | | 199 | A similar setup can be used to create a link between two private networks |
196 | (for example in the 192.168 subnet) over the Internet: | | 200 | (for example in the 192.168 subnet) over the Internet: |
197 | .Bd -literal | | 201 | .Bd -literal |
198 | 192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* | | 202 | 192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* |
199 | \\ / | | 203 | \\ / |
200 | \\ / | | 204 | \\ / |
201 | +----- the Internet ------+ | | 205 | +----- the Internet ------+ |
202 | .Ed | | 206 | .Ed |
203 | Assuming router A has the (external) IP address A and the internal address | | 207 | .Pp |
204 | 192.168.1.1, while router B has external address B and internal address | | 208 | Assuming Router A has the (external) IP address A and the internal address |
| | | 209 | 192.168.1.1, while Router B has external address B and internal address |
205 | 192.168.2.1, the following commands will configure the tunnel: | | 210 | 192.168.2.1, the following commands will configure the tunnel: |
206 | .Pp | | 211 | .Pp |
207 | On router A: | | 212 | On Router A: |
208 | .Bd -literal | | 213 | .Bd -literal |
209 | # ifconfig greN create | | 214 | # ifconfig greN create |
210 | # ifconfig greN 192.168.1.1 192.168.2.1 | | 215 | # ifconfig greN 192.168.1.1 192.168.2.1 |
211 | # ifconfig greN tunnel A B | | 216 | # ifconfig greN tunnel A B |
212 | # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 | | 217 | # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 |
213 | .Ed | | 218 | .Ed |
214 | .Pp | | 219 | .Pp |
215 | On router B: | | 220 | On Router B: |
216 | .Bd -literal | | 221 | .Bd -literal |
217 | # ifconfig greN create | | 222 | # ifconfig greN create |
218 | # ifconfig greN 192.168.2.1 192.168.1.1 | | 223 | # ifconfig greN 192.168.2.1 192.168.1.1 |
219 | # ifconfig greN tunnel B A | | 224 | # ifconfig greN tunnel B A |
220 | # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 | | 225 | # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 |
221 | .Ed | | 226 | .Ed |
222 | .Pp | | 227 | .Pp |
| | | 228 | .Ss Example 3: Encapsulating GRE in UDP |
223 | To setup the same tunnel as above, but using GRE in UDP encapsulation | | 229 | To setup the same tunnel as above, but using GRE in UDP encapsulation |
224 | instead of GRE encapsulation, set flags | | 230 | instead of GRE encapsulation, set flags |
225 | .Ar link0 | | 231 | .Ar link0 |
226 | and | | 232 | and |
227 | .Ar link2 , | | 233 | .Ar link2 , |
228 | and specify source and destination UDP ports. | | 234 | and specify source and destination UDP ports. |
229 | .Pp | | 235 | .Pp |
230 | On router A: | | 236 | On Router A: |
231 | .Bd -literal | | 237 | .Bd -literal |
232 | # ifconfig greN create | | 238 | # ifconfig greN create |
233 | # ifconfig greN link0 link2 | | 239 | # ifconfig greN link0 link2 |
234 | # ifconfig greN 192.168.1.1 192.168.2.1 | | 240 | # ifconfig greN 192.168.1.1 192.168.2.1 |
235 | # ifconfig greN tunnel A,port-A B,port-B | | 241 | # ifconfig greN tunnel A,port-A B,port-B |
236 | # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 | | 242 | # route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 |
237 | .Ed | | 243 | .Ed |
238 | .Pp | | 244 | .Pp |
239 | On router B: | | 245 | On Router B: |
240 | .Bd -literal | | 246 | .Bd -literal |
241 | # ifconfig greN create | | 247 | # ifconfig greN create |
242 | # ifconfig greN link0 link2 | | 248 | # ifconfig greN link0 link2 |
243 | # ifconfig greN 192.168.2.1 192.168.1.1 | | 249 | # ifconfig greN 192.168.2.1 192.168.1.1 |
244 | # ifconfig greN tunnel B,port-B A,port-A | | 250 | # ifconfig greN tunnel B,port-B A,port-A |
245 | # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 | | 251 | # route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 |
| | | 252 | .Ed |
246 | .Pp | | 253 | .Pp |
| | | 254 | .Ss Example 4: Realizing IPv6 connectivity |
247 | Along these lines, you can use GRE tunnels to interconnect two IPv6 | | 255 | Along these lines, you can use GRE tunnels to interconnect two IPv6 |
248 | networks over an IPv4 infrastructure, or to hook up to the IPv6 internet | | 256 | networks over an IPv4 infrastructure, or to hook up to the IPv6 internet |
249 | via an IPv4 tunnel to a Cisco router. | | 257 | via an IPv4 tunnel to a Cisco router. |
250 | .Bd -literal | | 258 | .Bd -literal |
251 | 2001:db8:1::/64 -- NetBSD A -----tunnel----- Cisco B --- IPv6 Internet | | 259 | 2001:db8:1::/64 -- NetBSD A ---- Tunnel ---- Cisco B --- IPv6 Internet |
252 | \\ / | | 260 | \\ / |
253 | \\ / | | 261 | \\ / |
254 | +----- the Internet ------+ | | 262 | +------ the Internet ------+ |
255 | | | | |
256 | .Ed | | 263 | .Ed |
| | | 264 | .Pp |
257 | The example will use the following addressing: | | 265 | The example will use the following addressing: |
258 | .Nx | | 266 | .Bl -hang |
259 | A has the IPv4 address A and the IPv6 address 2001:db8:1::1 (connects | | 267 | .It Nx A |
| | | 268 | has the IPv4 address A and the IPv6 address 2001:db8:1::1 (connects |
260 | to internal network 2001:db8:1::/64). | | 269 | to internal network 2001:db8:1::/64). |
261 | Cisco B has external IPv4 address B. | | 270 | .It Cisco B |
262 | All the IPv6 internet world is behind B, so A wants to route 0::0/0 | | 271 | has external IPv4 address B. |
| | | 272 | .It All the IPv6 internet world |
| | | 273 | is behind B, so A wants to route 0::0/0 |
263 | (the IPv6 default route) into the tunnel. | | 274 | (the IPv6 default route) into the tunnel. |
264 | The GRE tunnel will use a transit network: 2001:db8:ffff::1/64 on | | 275 | .It The GRE tunnel |
| | | 276 | will use a transit network: 2001:db8:ffff::1/64 on |
265 | the | | 277 | the |
266 | .Nx | | 278 | .Nx |
267 | side, and ::2/64 on the Cisco side. | | 279 | side, and ::2/64 on the Cisco side. |
| | | 280 | .El |
| | | 281 | .Pp |
268 | Then the following commands will configure the tunnel: | | 282 | Then the following commands will configure the tunnel: |
269 | .Pp | | 283 | .Pp |
270 | On router A | | 284 | On Router A |
271 | .Pq Nx : | | 285 | .Pq Nx : |
272 | .Bd -literal | | 286 | .Bd -literal |
273 | # ifconfig greN create | | 287 | # ifconfig greN create |
274 | # ifconfig greN inet6 2001:db8:ffff::1/64 | | 288 | # ifconfig greN inet6 2001:db8:ffff::1/64 |
275 | # ifconfig greN tunnel A B | | 289 | # ifconfig greN tunnel A B |
276 | # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN | | 290 | # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN |
277 | # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN | | 291 | # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN |
278 | .Ed | | 292 | .Ed |
279 | .Pp | | 293 | .Pp |
280 | On router B (Cisco): | | 294 | On Router B (Cisco): |
281 | .Bd -literal | | 295 | .Bd -literal |
282 | Interface TunnelX | | 296 | Interface TunnelX |
283 | tunnel mode gre ip | | 297 | tunnel mode gre ip |
284 | ipv6 address 2001:db8:ffff::2/64 ! transfer network | | 298 | ipv6 address 2001:db8:ffff::2/64 ! transfer network |
285 | tunnel source B ! e.g. address from LAN interface | | 299 | tunnel source B ! e.g. address from LAN interface |
286 | tunnel destination A ! where the tunnel is connected to | | 300 | tunnel destination A ! where the tunnel is connected to |
287 | ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel | | 301 | ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel |
288 | .Ed | | 302 | .Ed |
289 | .Ed | | 303 | .Ed |
290 | .Sh NOTES | | 304 | .Sh NOTES |
291 | The MTU of | | 305 | The MTU of |
292 | .Sy gre Ns Ar X | | 306 | .Sy gre Ns Ar X |
293 | interfaces is set to 1476 by default to match the value used by Cisco routers. | | 307 | interfaces is set to 1476 by default to match the value used by Cisco routers. |