info_i_25x25.png Due to unforeseen weather conditions we are experiencing higher chat wait times. Remember you can also submit a ticket and one of our support representatives will get back to you as soon as possible. We apologize for the inconvenience.

EdgeMAX - camada-2 ponte sobre túnel GRE

Visão geral


Os leitores aprenderão como configurar um túnel GRE (encapsulamento de roteamento genérico) de camada-2 entre dois roteadores separados.

 

LANs de amostra em ponte sobre túnel GRE usando dois EdgeRouters.

 

O diagrama acima mostra o túnel GRE através da Internet, mas GRE fornece sem criptografia assim se fosse por uma rede pública, que você provavelmente deseja proteger seu túnel GRE com um encapsulamento IPsec. Para fins de ilustração, nós assumimos o seguinte:

 

R1's WAN interface is eth1 and the address is 15.0.0.1/24 and the LAN interfaces is eth0 subnet being bridged is 100.0.0.0/24.
R2's WAN interface is eth1 and the address is 15.0.0.2/24 and the LAN interface is eth0

Primeiro vamos criar o túnel GRE:

 

[email protected]:~$ configure 
[edit]
[email protected]# set interfaces tunnel tun0 encapsulation gre-bridge 
[edit]
[email protected]# set interfaces tunnel tun0 local-ip 15.0.0.1        
[edit]
[email protected]# set interfaces tunnel tun0 remote-ip 15.0.0.2
[edit]
[email protected]# commit
[edit]

Nota: o encapsulamento de túnel é gre-ponte não gre .

Então vamos criar uma ponte interfaces e adicionar eth0 e tun0 ao grupo ponte.

 

[email protected]:~$ configure 
[edit]
[email protected]# set interfaces bridge br0 
[edit]
[email protected]# set interfaces ethernet eth0 bridge-group bridge br0
[edit]
[email protected]# set interfaces tunnel tun0 bridge-group bridge br0
[edit]
[email protected]# commit
[ interfaces ethernet eth0 bridge-group ]  
Adding interface eth0 to bridge br0
[edit]
[email protected]# exit; save 
Warning: configuration changes have not been saved.
exit

Agora se nós ping de uma estação de trabalho na LAN do R1 100.0.0.100 para uma estação de trabalho na LAN do R2 100.0.0.100, vamos olhar para o que parece o pacote como folhas R2:

Um nível elevado, o pacote tem o seguinte encaps - eth: ip:gre:eth:ip:icmp:data.

Ethernet II, Src: dc:9f:db:17:12:35 (dc:9f:db:17:12:35), Dst: dc:9f:db:29:05:f6 (dc:9f:db:29:05:f6)
   Destination: dc:9f:db:29:05:f6 (dc:9f:db:29:05:f6)
       Address: dc:9f:db:29:05:f6 (dc:9f:db:29:05:f6)
   Source: dc:9f:db:17:12:35 (dc:9f:db:17:12:35)
   Type: IP (0x0800)
Internet Protocol, Src: 15.0.0.2 (15.0.0.2), Dst: 15.0.0.1 (15.0.0.1)
   Version: 4
   Header length: 20 bytes
   Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
   Total Length: 1500
   Identification: 0x0000 (0)
   Flags: 0x02 (Don't Fragment)
   Fragment offset: 0
   Time to live: 64
   Protocol: GRE (0x2f)
   Header checksum: 0x16f1 [correct]
   Source: 15.0.0.2 (15.0.0.2)
   Destination: 15.0.0.1 (15.0.0.1)
Generic Routing Encapsulation (Transparent Ethernet bridging)
   Flags and version: 0000
   Protocol Type: Transparent Ethernet bridging (0x6558)
Ethernet II, Src: Ubiquiti_07:07:21 (00:15:6d:07:07:21), Dst: dc:9f:db:17:13:8e (dc:9f:db:17:13:8e)
   Destination: dc:9f:db:17:13:8e (dc:9f:db:17:13:8e)
       Address: dc:9f:db:17:13:8e (dc:9f:db:17:13:8e)
   Source: Ubiquiti_07:07:21 (00:15:6d:07:07:21)
       Address: Ubiquiti_07:07:21 (00:15:6d:07:07:21)
   Type: IP (0x0800)
Internet Protocol, Src: 100.0.0.101 (100.0.0.101), Dst: 100.0.0.100 (100.0.0.100)
   Version: 4
   Header length: 20 bytes
   Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
   Total Length: 1462
   Identification: 0x0000 (0)
   Flags: 0x02 (Don't Fragment)
   Fragment offset: 0
   Time to live: 64
   Protocol: ICMP (0x01)
   Header checksum: 0x6c7e [correct]
   Source: 100.0.0.101 (100.0.0.101)
   Destination: 100.0.0.100 (100.0.0.100)
Internet Control Message Protocol
   Type: 8 (Echo (ping) request)
   Code: 0 ()
   Checksum: 0xe7da [correct]
   Identifier: 0x0e90
   Sequence number: 1 (0x0001)
   Data (1434 bytes)

A interface de gre-ponte sabe que vai estar adicionando 38 bytes de cabeçalhos (gre 4, eth 14, ip 20), então a interface de túnel reduziu automaticamente é mtu de 1500 para 1462:

[email protected]:~$ show interfaces tunnel tun0   
[email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1462 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 12:5b:3a:c1:4a:f1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::105b:3aff:fec1:4af1/64 scope link 
       valid_lft forever preferred_lft forever

    RX:  bytes    packets     errors    dropped    overrun      mcast
          3186         34          0          0          0          0
    TX:  bytes    packets     errors    dropped    carrier collisions
          3166         34          0          0          0          0

L2 Ponte sobre Openvpn

O mesmo conceito pode ser usado para ponte sobre um túnel de site para site do openvpn.

[email protected]:~$ configure 
[edit]
[email protected]# delete interfaces tunnel 
[edit]
[email protected]# commit
[edit]
[email protected]# set interfaces openvpn vtun0 mode site-to-site 
[edit]
[email protected]# set interfaces openvpn vtun0 remote-host 15.0.0.2
[edit]
[email protected]# set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
[edit]
[email protected]# set interfaces openvpn vtun0 bridge-group bridge br0  
[edit]
[email protected]# commit
[edit]
[email protected]# save  
Saving configuration to '/config/config.boot'...
Done
[edit]
[email protected]# exit
exit

Com openvpn mtu redução depende se usando openvpn com UDP (8 bytes) ou TCP (20 bytes) Além de éter 14 e ip 20.