Layer 2 over GRE

Posted by

I had an interesting situation come up where I needed to connect the same layer 2 domain between two remote sites (and only had really cheap routers to do it with).  These two sites were separated by the Internet so just running a VLAN trunk between the routers wasn’t an option.  See the example topology below.   All the routers in the topology are 3725 routers.  (As a side note, it would be more reliable to get a dedicated point-to-point or MPLS circuit if possible.)

 

L2GRE_topology

 

R1,R2, and R3 are connected together using /30 point-to-point links and using OSPF to simulate a routed Internet core.  A GRE tunnel was built between the loopbacks of R1 and R3.

On R1:

interface Tunnel0
  description GRE tunnel to R3
  no ip address
  tunnel source Loopback0
  tunnel destination 3.3.3.3
  bridge-group 1
  bridge-group 1 spanning-disabled

On R3:

interface Tunnel0
  description GRE tunnel to R1
  no ip address
  tunnel source Loopback0
  tunnel destination 1.1.1.1
  bridge-group 1
  bridge-group 1 spanning-disabled 

A unique configuration in this case was to tie the Tunnel interfaces to a layer 2 bridge group.  When entering these commands the router displays a warning message that this configuration is not supported. Each of the routers was also configured with a physical interface in the bridge group.  This tied the two interfaces together into a single bridge domain.

On R1:

interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
  bridge-group 1
  bridge-group 1 spanning-disabled

On R3:

interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  bridge-group 1
  bridge-group 1 spanning-disabled

 

These physical interfaces connect to R4 and R5, which are acting as the clients for this test.  R4 and R5 are configured with VLAN trunks to demonstrate that it is a truly bridged connection.

On R4:

interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
 !
 interface FastEthernet0/0.100
  encapsulation dot1Q 100
  ip address 10.10.1.4 255.255.255.0
 !
 interface FastEthernet0/0.200
  encapsulation dot1Q 200
  ip address 10.10.2.4 255.255.255.0

On R5:

interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
 !
 interface FastEthernet0/0.100
  encapsulation dot1Q 100
  ip address 10.10.1.5 255.255.255.0
 !
 interface FastEthernet0/0.200
  encapsulation dot1Q 200
  ip address 10.10.2.5 255.255.255.0

With this configuration complete, the last step was to verify communication across the VLAN trunk and GRE tunnel.

R4#ping 10.10.1.5
 
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 10.10.1.5, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 72/82/88 ms
 R4#ping 10.10.2.5
 
 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 10.10.2.5, timeout is 2 seconds:
 .!!!!
 Success rate is 80 percent (4/5), round-trip min/avg/max = 64/80/88 ms

Success!!! A good follow-up would be verify the amount of throughput this can support.  In a pinch though, this an option for connecting the same LAN at two different sites.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s