Creating GRE Tunnels on LANforge

Overview of GRE

GRE stands for Generic Routing Encapsulation. This is an unencrypted manner of nesting packets destined for a separate network. GRE tunnelling is intended to construct overlay networks without the computational burden of encryption. The GRE client needs to know the local IP it will bind to, and the remote IP of its peer providing GRE access.

In LANforge, GRE ports are treated as any other VLAN ports, such as MAC-VLANs or QVLANs, but they are a Layer 3 device: they do not have MAC addresses. These GRE tunnels expect an already existing port with an IP.

⚠ This cookbook purposely avoids the phrase GRE endpoint because LANforge refers to endpoints in the context of traffic connections (Layer 3 or Layer 4-7 endpoints).

Example

• The client gains a normal DHCP lease and is granted 192.168.0.234/24.
• A GRE provider is at the DHCP server address: 192.168.0.1.
• The client creates a GRE instance with the outer tunnel IPs 192.168.0.234 and 192.168.0.1.
• The client sets an overlay address of 10.0.0.5/24 on the GRE port.
• The client may then send tunneled traffic into the 10.0.0.0/24 network.

GRE Driver Devices

ⓘ When the GRE kernel module is loaded, you will see three GRE devices:

• gre0
• gretap0
• erspan0

Creating a GRE port

1. In the LANforge Manager -> Port Mgr tab, click the Create button.
2. Select GRE tunnel.
3. Enter the local IP of an existing port on the LANforge (EG 10.40.0.100)
4. Enter the remote IP of the port acting as a GRE gateway (EG 10.40.0.1)
5. (Optional) Enter the overlay IP for the GRE port in the IP Address field. (EG 10.39.0.100/24)

It is possible to create multiple GRE ports. Those port names should be different though.

Sending Traffic over GRE

To send traffic over GRE ports, the GRE port must be selected as an endpoint of a connection. It is not valid to select the associated local port to send traffic from (it would be coming from the wrong network).

Layer 4-7 Traffic

1. In the LANforge Manager -> Layer 4-7 tab, click the Create button.
2. Select the source port (EG 1.1.07 gre0)
3. Add the URL to query (EG http://10.39.0.1/)

See more in the Layer 4-7 Cookbook.

Layer 3 Traffic

Layer 3 traffic is possible so long as you have two different ports to transmit to. These could both be GRE tunnel ports with different IPs, or one GRE tunnel port and one upstream port on the overlay network itself. Please see: Generating Traffic to a Switch.

Linux Commands

For some versions of LANforge, the GUI might not create the GRE tunnel that you want, and you will want to alter the details of the GRE port. When restoring a test configuration from the Status tab->Saved Test Configurations->Configuration dropdown, the IPs of the tunnel might be missing.

To perform these commands, you will required to open a terminal on the LANforge and become root:

1. Click on the MATE Terminal icon in the toolbar
2. Use the command: sudo -s Enter

Listing GRE details

• Show the tunnel IPs: ip link show gre0
  

  [root@ct522-jedway3 lanforge]# ip tunnel show
  gre0: gre/ip remote any local any ttl inherit nopmtudisc
  gre2p0001: gre/ip remote 10.40.0.239 local 10.40.0.2 ttl 255

• Show the tunnel overlay IP: ip addr show gre0

  [root@ct522-jedway3 lanforge]# ip addr show gre0
  55: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
  [root@ct522-jedway3 lanforge]# ip addr show gre2p0001
  58: gre2p0001@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue master vrf10001 state UNKNOWN group default qlen 1000
    link/gre 10.40.0.2 peer 10.40.0.239
    inet 10.39.0.2/32 scope global gre2p0001
       valid_lft forever preferred_lft forever
    inet6 fe80::a28:2/64 scope link 
       valid_lft forever preferred_lft forever

Changing the IPs

To change the overlay IP you will first add a new IP and then delete the old IP (if necessary). You might find that the IPs are missing when the tunnel is restored from a saved configuration.

ip addr add 10.39.0.123/24 dev gre0
ip addr del 10.39.0.100/24 dev gre0

To change the tunnel IPs: ip tunnel change gre0 local 10.40.0.111 remove 10.40.0.2

Deleting the GRE tunnel

If you wish to delete all the GRE tunnels, it involves unloading the ip_gre kernel module. Just removing the module is insufficient because LANforge will attempt to re-load the module any time it finds a GRE referenced in a saved scenario.

⚠ This GRE tunnel then might show up in a scenario inadvertently when switching to a new scenario.

1. (Optional) If you want save the scenario with the GRE tunnel, Use the Status tab->Saved Test Configurations->Save DB Name and click the Save button.
2. Open a terminal, because root with sudo -s
3. Stop the LANforge service: cd /home/lanforge; ./serverctl.bash stop
4. Erase the present database: rm -f /home/lanforge/DB/DFLT/*
5. Remove the modules: rmmod ip_gre gre
6. Start the LANforge service: ./systemctl.bash start

You might have to connect the GUI again. You will notice that this starts LANforge with a blank database. Use the Status tab->Saved Test Configurations->Configuration dropdown to load a previous scenario.

Adding a GRE Tunnel Port

These are the commands for adding a tunnel:

ip tunnel add gre1001 mode gre local 10.40.0.100 remote 10.40.0.1
ip link set up dev gre1001
ip addr add 10.39.0.100/24 dev gre1001

Sniffing a Tunnel

GRE ports can be sniffed with Wireshark or tcpdump, and can be performed on the GRE port or the port with the local ip. Examples of tcpdump commands:

• On the GRE port: tcpdump -ni gre0
• On the local port: tcpdump -ni eth1 proto gre or icmp