20
2019
04
23:52:03

tunneling

tunneling

Contents

Introduction

Tunneling is a way to transform data frames to allow them pass networks with incompatible address spaces or even incompatible protocols. There are different kinds of tunnels: some process only IPv4 packets and some can carry any type of frame. Linux kernel supports 3 tunnel types: IPIP (IPv4 in IPv4), GRE (IPv4/IPv6 over IPv4) and SIT (IPv6 over IPv4). Tunnels are managed with ip program, part of Iproute2:

 $ /sbin/ip tunnel help
 Usage: ip tunnel { add | change | del | show } [ NAME ]
           [ mode { ipip | gre | sit } ] [ remote ADDR ] [ local ADDR ]
           [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
           [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]
 
 Where: NAME := STRING
        ADDR := { IP_ADDRESS | any }
        TOS  := { NUMBER | inherit }
        TTL  := { 1..255 | inherit }
        KEY  := { DOTTED_QUAD | NUMBER }

Iproute2 is usually shipped with documentation, of which you need the file ip-tunnels.ps to learn about tunnel management. In Fedora Core 4 it is /usr/share/doc/iproute-2.6.11/ip-tunnels.ps.

IPIP tunnels

IPIP kind of tunnels is the simplest one. It has the lowest overhead, but can incapsulate only IPv4 unicast traffic, so you will not be able to setup OSPF, RIP or any other multicast-based protocol. You can setup only one tunnel for unique tunnel endpoints pair. It can work with FreeBSD and cisco IOS. Kernel module is 'ipip'. The following example demonstrates configuration of IPIP tunnel with four IPv4 routes, manually or via /etc/net.

Manual configuration example

 # modprobe ipip
 # ip tu ad ipiptun mode ipip local 10.3.3.3 remote 10.4.4.4 ttl 64 dev eth0
 # ip ad ad dev ipiptun 10.0.0.1 peer 10.0.0.2/32
 # ip li se dev ipiptun up
 # ip ro ad 10.4.10.0/24 via 10.0.0.2
 # ip ro ad 10.4.20.0/24 via 10.0.0.2
 # ip ro ad 10.4.30.0/24 via 10.0.0.2
 # ip ro ad 10.4.40.0/24 via 10.0.0.2

/etc/net configuration example

 # mkdir /etc/net/ifaces/ipiptun
 # cat > /etc/net/ifaces/ipiptun/options
 TYPE=iptun
 TUNTYPE=ipip
 TUNLOCAL=10.3.3.3
 TUNREMOTE=10.4.4.4
 TUNOPTIONS='ttl 64'
 HOST=eth0
 ^D
 # cat > /etc/net/ifaces/ipiptun/ipv4address
 10.0.0.1 peer 10.0.0.2/32
 ^D
 # cat > /etc/net/ifaces/ipiptun/ipv4route
 10.4.10.0/24 via 10.0.0.2
 10.4.20.0/24 via 10.0.0.2
 10.4.30.0/24 via 10.0.0.2
 10.4.40.0/24 via 10.0.0.2
 ^D
 # ifup ipiptun

GRE tunnels

GRE tunnels can incapsulate IPv4/IPv6 unicast/multicast traffic, so it is de-facto tunnel standard for dynamic routed networks. You can setup up to 64K tunnels for an unique tunnel endpoints pair. It can work with FreeBSD and cisco IOS. Kernel module is 'ip_gre'. The following example demonstrates configuration of GRE tunnel with two IPv4 routes.

Manual configuration example

 # modprobe ip_gre
 # ip tu ad gretun mode gre local 10.5.5.5 remote 10.6.6.6 ttl 64 dev eth0
 # ip ad ad dev gretun 10.0.0.3 peer 10.0.0.4/32
 # ip li se dev gretun up
 # ip ro ad 10.6.10.0/24 via 10.0.0.4
 # ip ro ad 10.6.20.0/24 via 10.0.0.4

/etc/net configuration example

 # mkdir /etc/net/ifaces/gretun
 # cat > /etc/net/ifaces/gretun/options
 TYPE=iptun
 TUNTYPE=gre
 TUNLOCAL=10.5.5.5
 TUNREMOTE=10.6.6.6
 TUNOPTIONS='ttl 64'
 HOST=eth0
 ^D
 # cat > /etc/net/ifaces/gretun/ipv4address
 10.0.0.3 peer 10.0.0.4/32
 ^D
 # cat > /etc/net/ifaces/gretun/ipv4route
 10.6.10.0/24 via 10.0.0.4
 10.6.20.0/24 via 10.0.0.4
 ^D
 # ifup gretun

SIT tunnels

SIT stands for Simple Internet Transition. Its main purpose is to interconnect isolated IPv6 networks, located in global IPv4 Internet. SIT works like IPIP. It can work with FreeBSD and cisco IOS. Kernel module is 'ipv6'. Once loaded, ipv6 module can't be unloaded. You can get your own IPv6 prefix and a SIT tunnel from a tunnel broker. The following example demonstrates configuration of SIT tunnel with three IPv6 routes.

Manual configuration example

 # modprobe ipv6
 # ip tu ad sittun mode sit local 10.7.7.7 remote 10.8.8.8 ttl 64 dev eth0
 # ip ad ad dev sittun 2001:0DB8:1234::000e/127
 # ip li se dev sittun up
 # ip -6 ro ad 2001:0DB8:5678::/48 via 2001:0DB8:1234::000f
 # ip -6 ro ad 2001:0DB8:5679::/48 via 2001:0DB8:1234::000f
 # ip -6 ro ad 2001:0DB8:567a::/48 via 2001:0DB8:1234::000f

/etc/net configuration example

 # mkdir /etc/net/ifaces/sittun
 # cat > /etc/net/ifaces/sittun/options
 TYPE=iptun
 TUNTYPE=sit
 CONFIG_IPV6=yes
 TUNLOCAL=10.7.7.7
 TUNREMOTE=10.8.8.8
 TUNOPTIONS='ttl 64'
 HOST=eth0
 ^D
 # cat > /etc/net/ifaces/sittun/ipv4address
 2001:0DB8:1234::000e/127
 ^D
 # cat > /etc/net/ifaces/sittun/ipv4route
 2001:0DB8:5678::/48 via 2001:0DB8:1234::000f
 2001:0DB8:5679::/48 via 2001:0DB8:1234::000f
 2001:0DB8:567a::/48 via 2001:0DB8:1234::000f
 ^D
 # ifup sittun




推荐本站淘宝优惠价购买喜欢的宝贝:

image.png

本文链接:https://hqyman.cn/post/609.html 非本站原创文章欢迎转载,原创文章需保留本站地址!

分享到:
打赏





休息一下~~


« 上一篇 下一篇 »

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

请先 登录 再评论,若不是会员请先 注册

您的IP地址是: