Preface

     Both branches and headquarters of enterprises are in their own intranet , Connect through the exit firewall and router , If they want to communicate , So here's the problem , Private network packets cannot be transmitted on the public network , What is the way to make two hosts in the Intranet environment communicate across the public network ？
     The answer is to use GRE Communication protocol , This chapter describes GRE The basic principle and basic configuration of , I believe you will gain a lot after reading it .

One 、GRE summary

• GRE It's like a train , Messages can be compared to passengers , After the message is loaded on the train ,GRE It will carry messages across the public network to the desired network through the established tunnel .
• After the device receives the message from the interface connected to the private network , Check the purpose in the message header IP Address field , Look up the interface in the routing table , If the outgoing interface is found to be a tunnel interface , Then send the message to the tunnel module for processing , Add IP Message header , The source address is the tunnel address , The destination address is the tunnel destination address .
• After the message reaches its destination , Check the protocol type field , If it is GRE, Just remove IP Header and GRE Message header , Give the load to the protocol in the private network , Passengers arrive at their destination safely .
• GRE Use Keepalive The detection function detects whether the opposite end of the tunnel can reach . If the opposite end is not reachable , The tunnel connection will be closed in time , Avoid data holes .

Two 、GRE To configure

• The figure shows today's experimental topology ,192.168.1.0 Network segment simulates enterprise branch , Through the exit router AR1 Connect to operator network ;172.16.1.0 Network segment simulates enterprise headquarters , Through the exit router AR2 Connect to operator network ;ISP Router simulates operator network , The loopback port simulates an address in the public network .

Basic network configuration

AR1：
interface GigabitEthernet0/0/0
 ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/0/1
 ip address 10.1.1.1 255.255.255.0 
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 // Configure the default route , All routes that need to access the public network in the enterprise point to ISP Router 

// To configure Easy-IP address translation , Convert the source address of the message from the private network address to the public network , Because the private address cannot be forwarded on the public network 
acl number 2000  
 rule 5 permit source 192.168.1.0 0.0.0.255
interface GigabitEthernet0/0/1
 nat outbound 2000 

AR2：
interface GigabitEthernet0/0/0
 ip address 20.1.1.1 255.255.255.0
interface GigabitEthernet0/0/1
 ip address 172.16.1.254 255.255.255.0 
ip route-static 0.0.0.0 0.0.0.0 20.1.1.2

acl number 2000  
 rule 5 permit source 172.16.1.0 0.0.0.255
interface GigabitEthernet0/0/0
 nat outbound 2000

ISP：
interface GigabitEthernet0/0/0
 ip address 10.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
 ip address 20.1.1.2 255.255.255.0
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255

• Verify that the intranet host can connect to the public address
  

GRE Tunnel configuration

• stay AR1 and AR2 Create a GRE Tunnel , Realize the communication between two internal networks across the public network .

AR1：
interface Tunnel0/0/1 // Create a tunnel interface 
 ip address 40.1.1.1 255.255.255.0 // Configure the tunnel interface address 
 tunnel-protocol gre // Configure the tunnel protocol to gre
 source 10.1.1.1 // Configure the source address of the exit router 
 destination 20.1.1.1  // Configure the address of the peer exit router 
ip route-static 172.16.1.0 255.255.255.0 Tunnel0/0/1 // Configure static routing , Let all the routes leading to the peer intranet go through this tunnel 

AR2：
interface Tunnel0/0/1
 ip address 40.1.1.2 255.255.255.0 
 tunnel-protocol gre
 source 20.1.1.1
 destination 10.1.1.1
ip route-static 192.168.1.0 255.255.255.0 Tunnel0/0/1

• verification GRE Tunnel created successfully

To configure Keepalive testing

 Routers at both ends need to be configured ：
interface Tunnel0/0/1
 keepalive period 3 retry-times 3// Appoint Keepalive Detect the sending cycle of the message , The default value is 5 second , retry-times Parameter assignment Keepalive Detect the number of retransmissions of the message , The default value is 3

summary

Use GRE The method of creating tunnel can realize the communication between two intranet , There is no need to add a lot of costs , Is a good solution .