tunneling
Contents
Introduction
Tunneling is a way to transform data frames to allow them pass networks with incompatible address spaces or even incompatible protocols. There are different kinds of tunnels: some process only IPv4 packets and some can carry any type of frame. Linux kernel supports 3 tunnel types: IPIP (IPv4 in IPv4), GRE (IPv4/IPv6 over IPv4) and SIT (IPv6 over IPv4). Tunnels are managed with ip program, part of Iproute2:
$ /sbin/ip tunnel help Usage: ip tunnel { add | change | del | show } [ NAME ] [ mode { ipip | gre | sit } ] [ remote ADDR ] [ local ADDR ] [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ] Where: NAME := STRING ADDR := { IP_ADDRESS | any } TOS := { NUMBER | inherit } TTL := { 1..255 | inherit } KEY := { DOTTED_QUAD | NUMBER }
Iproute2 is usually shipped with documentation, of which you need the file ip-tunnels.ps to learn about tunnel management. In Fedora Core 4 it is /usr/share/doc/iproute-2.6.11/ip-tunnels.ps.
IPIP tunnels
IPIP kind of tunnels is the simplest one. It has the lowest overhead, but can incapsulate only IPv4 unicast traffic, so you will not be able to setup OSPF, RIP or any other multicast-based protocol. You can setup only one tunnel for unique tunnel endpoints pair. It can work with FreeBSD and cisco IOS. Kernel module is 'ipip'. The following example demonstrates configuration of IPIP tunnel with four IPv4 routes, manually or via /etc/net.
Manual configuration example
# modprobe ipip # ip tu ad ipiptun mode ipip local 10.3.3.3 remote 10.4.4.4 ttl 64 dev eth0 # ip ad ad dev ipiptun 10.0.0.1 peer 10.0.0.2/32 # ip li se dev ipiptun up # ip ro ad 10.4.10.0/24 via 10.0.0.2 # ip ro ad 10.4.20.0/24 via 10.0.0.2 # ip ro ad 10.4.30.0/24 via 10.0.0.2 # ip ro ad 10.4.40.0/24 via 10.0.0.2
/etc/net configuration example
# mkdir /etc/net/ifaces/ipiptun # cat > /etc/net/ifaces/ipiptun/options TYPE=iptun TUNTYPE=ipip TUNLOCAL=10.3.3.3 TUNREMOTE=10.4.4.4 TUNOPTIONS='ttl 64' HOST=eth0 ^D # cat > /etc/net/ifaces/ipiptun/ipv4address 10.0.0.1 peer 10.0.0.2/32 ^D # cat > /etc/net/ifaces/ipiptun/ipv4route 10.4.10.0/24 via 10.0.0.2 10.4.20.0/24 via 10.0.0.2 10.4.30.0/24 via 10.0.0.2 10.4.40.0/24 via 10.0.0.2 ^D # ifup ipiptun
GRE tunnels
GRE tunnels can incapsulate IPv4/IPv6 unicast/multicast traffic, so it is de-facto tunnel standard for dynamic routed networks. You can setup up to 64K tunnels for an unique tunnel endpoints pair. It can work with FreeBSD and cisco IOS. Kernel module is 'ip_gre'. The following example demonstrates configuration of GRE tunnel with two IPv4 routes.
Manual configuration example
# modprobe ip_gre # ip tu ad gretun mode gre local 10.5.5.5 remote 10.6.6.6 ttl 64 dev eth0 # ip ad ad dev gretun 10.0.0.3 peer 10.0.0.4/32 # ip li se dev gretun up # ip ro ad 10.6.10.0/24 via 10.0.0.4 # ip ro ad 10.6.20.0/24 via 10.0.0.4
/etc/net configuration example
# mkdir /etc/net/ifaces/gretun # cat > /etc/net/ifaces/gretun/options TYPE=iptun TUNTYPE=gre TUNLOCAL=10.5.5.5 TUNREMOTE=10.6.6.6 TUNOPTIONS='ttl 64' HOST=eth0 ^D # cat > /etc/net/ifaces/gretun/ipv4address 10.0.0.3 peer 10.0.0.4/32 ^D # cat > /etc/net/ifaces/gretun/ipv4route 10.6.10.0/24 via 10.0.0.4 10.6.20.0/24 via 10.0.0.4 ^D # ifup gretun
SIT tunnels
SIT stands for Simple Internet Transition. Its main purpose is to interconnect isolated IPv6 networks, located in global IPv4 Internet. SIT works like IPIP. It can work with FreeBSD and cisco IOS. Kernel module is 'ipv6'. Once loaded, ipv6 module can't be unloaded. You can get your own IPv6 prefix and a SIT tunnel from a tunnel broker. The following example demonstrates configuration of SIT tunnel with three IPv6 routes.
Manual configuration example
# modprobe ipv6 # ip tu ad sittun mode sit local 10.7.7.7 remote 10.8.8.8 ttl 64 dev eth0 # ip ad ad dev sittun 2001:0DB8:1234::000e/127 # ip li se dev sittun up # ip -6 ro ad 2001:0DB8:5678::/48 via 2001:0DB8:1234::000f # ip -6 ro ad 2001:0DB8:5679::/48 via 2001:0DB8:1234::000f # ip -6 ro ad 2001:0DB8:567a::/48 via 2001:0DB8:1234::000f
/etc/net configuration example
# mkdir /etc/net/ifaces/sittun # cat > /etc/net/ifaces/sittun/options TYPE=iptun TUNTYPE=sit CONFIG_IPV6=yes TUNLOCAL=10.7.7.7 TUNREMOTE=10.8.8.8 TUNOPTIONS='ttl 64' HOST=eth0 ^D # cat > /etc/net/ifaces/sittun/ipv4address 2001:0DB8:1234::000e/127 ^D # cat > /etc/net/ifaces/sittun/ipv4route 2001:0DB8:5678::/48 via 2001:0DB8:1234::000f 2001:0DB8:5679::/48 via 2001:0DB8:1234::000f 2001:0DB8:567a::/48 via 2001:0DB8:1234::000f ^D # ifup sittun
Links
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/609.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
休息一下~~