gre(4)
NAME
gre - encapsulating network device
SYNOPSIS
device gre
DESCRIPTION
- The gre network interface pseudo device encapsulates data
- grams into IP.
These encapsulated datagrams are routed to a destination - host, where they
are decapsulated and further routed to their final destina - tion. The
``tunnel'' appears to the inner datagrams as one hop. - gre interfaces are dynamically created and destroyed with
- the ifconfig(8)
create and destroy subcommands. - This driver currently supports the following modes of opera
- tion:
- GRE encapsulation (IP protocol number 47)
- Encapsulated datagrams are prepended an outer data
- gram and a GRE
header. The GRE header specifies the type of the - encapsulated
datagram and thus allows for tunneling other proto - cols than IP
like e.g. AppleTalk. GRE mode is also the default - tunnel mode on
Cisco routers. This is also the default mode of op - eration of the
gre interfaces. As part of the GRE mode, gre also - supports Cisco
WCCP protocol, both version 1 and version 2. Since - there is no
reliable way to distinguish between WCCP versions, - it should be
configured manually using the link2 flag. If the - link2 flag is
not set (default), then WCCP version 1 is selected. - MOBILE encapsulation (IP protocol number 55)
- Datagrams are encapsulated into IP, but with a
- shorter encapsulation. The original IP header is modified and the
- modifications
are inserted between the so modified header and the - original payload. Like gif(4), only for IP-in-IP encapsulation.
- The gre interfaces support a number of ioctl(2)s, such as:
- GRESADDRS Set the IP address of the local tunnel end.
- This is the
- source address set by or displayed by ifcon
- fig(8) for the
gre interface. - GRESADDRD Set the IP address of the remote tunnel end.
- This is the
- destination address set by or displayed by
- ifconfig(8) for
the gre interface. - GREGADDRS Query the IP address that is set for the lo
- cal tunnel end.
- This is the address the encapsulation header
- carries as
local address (i.e., the real address of the - tunnel start
point). - GREGADDRD Query the IP address that is set for the re
- mote tunnel
- end. This is the address the encapsulated
- packets are
sent to (i.e., the real address of the remote - tunnel endpoint).
- GRESPROTO Set the operation mode to the specified IP
- protocol value.
- The protocol is passed to the interface in
- (struct
ifreq)->ifr_flags. The operation mode can - also be given
as - link0 IPPROTO_GRE
-link0 IPPROTO_MOBILE - to ifconfig(8).
- The link1 flag is not used to choose encapsu
- lation, but to
modify the internal route search for the re - mote tunnel
endpoint, see the BUGS section below. - GREGPROTO Query operation mode.
- Note that the IP addresses of the tunnel endpoints may be
- the same as the
ones defined with ifconfig(8) for the interface (as if IP is - encapsulated), but need not be, as e.g. when encapsulating Ap
- pleTalk.
EXAMPLES
Configuration example:
- Host X-- Host A ----------------tunnel---------- Cisco
- D------Host E
/- +------Host B----------Host C----------+
- On host A (FreeBSD):
route add default B
ifconfig greN create
ifconfig greN A D netmask 0xffffffff linkX up
ifconfig greN tunnel A D
route add E D- On Host D (Cisco):
Interface TunnelXip unnumbered D ! e.g. address from Ethernet interface
tunnel source D ! e.g. address from Ethernet interface
tunnel destination A- ip route C <some interface and mask>
ip route A mask C
ip route X mask tunnelX - OR
- On Host D (FreeBSD):
route add default C
ifconfig greN create
ifconfig greN D A
ifconfig tunnel greN D A- If all goes well, you should see packets flowing ;-)
- If you want to reach Host A over the tunnel (from Host D
- (Cisco)), then
you have to have an alias on Host A for e.g. the Ethernet - interface like:
ifconfig <etherif> alias Y- and on the Cisco:
ip route Y mask tunnelX- A similar setup can be used to create a link between two
- private networks
(for example in the 192.168 subnet) over the Internet: - 192.168.1.* --- Router A -------tunnel-------- Router B --
- 192.168.2.*
- /
- /
- +------ the Internet ------+
- Assuming router A has the (external) IP address A and the
- internal
address 192.168.1.1, while router B has external address B - and internal
address 192.168.2.1, the following commands will configure - the tunnel:
- On router A:
ifconfig greN create
ifconfig greN 192.168.1.1 192.168.2.1 link1
ifconfig greN tunnel A B
route add -net 192.168.2 -netmask 255.255.255.0- 192.168.2.1
- On router B:
ifconfig greN create
ifconfig greN 192.168.2.1 192.168.1.1 link1
ifconfig greN tunnel B A
route add -net 192.168.1 -netmask 255.255.255.0- 192.168.1.1
- Note that this is a safe situation where the link1 flag (as
- discussed in
the BUGS section below) may (and probably should) be set.
NOTES
- The MTU of gre interfaces is set to 1476 by default, to
- match the value
used by Cisco routers. This may not be an optimal value, - depending on
the link between the two tunnel endpoints. It can be ad - justed via
ifconfig(8). - For correct operation, the gre device needs a route to the
- destination
that is less specific than the one over the tunnel. (Basi - cally, there
needs to be a route to the decapsulating host that does not - run over the
tunnel, as this would be a loop.) If the addresses are am - biguous, doing
the ifconfig tunnel step before the ifconfig(8) call to set - the gre IP
addresses will help to find a route outside the tunnel. - In order to tell ifconfig(8) to actually mark the interface
- as ``up'',
the keyword up must be given last on its command line. - The kernel must be set to forward datagrams by setting the
- ip.forwarding
sysctl(8) variable to non-zero.
SEE ALSO
- gif(4), inet(4), ip(4), netintro(4), protocols(5), ifcon
- fig(8), sysctl(8)
- A description of GRE encapsulation can be found in RFC 1701
- and RFC 1702.
- A description of MOBILE encapsulation can be found in RFC
- 2004.
AUTHORS
Heiko W.Rupp <hwr@pilhuhn.de>
BUGS
- The compute_route() code in if_gre.c toggles the last bit of
- the IPaddress to provoke the search for a less specific route than
- the one
directly over the tunnel to prevent loops. This is possibly - not the best
solution. - To avoid the address munging described above, turn on the
- link1 flag on
the ifconfig(8) command line. This implies that the GRE - packet destination and the ifconfig remote host are not the same IP ad
- dresses, and that
the GRE destination does not route over the gre interface - itself.
- The GRE RFCs are not yet fully implemented (no GRE options).
- BSD June 9, 2002