Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
GRE(4)			 BSD Kernel Interfaces Manual			GRE(4)

NAME
     gre -- encapsulating network device

SYNOPSIS
     To	compile	the driver into	the kernel, place the following	line in	the
     kernel configuration file:

	   device gre

     Alternatively, to load the	driver as a module at boot time, place the
     following line in loader.conf(5):

	   if_gre_load="YES"

DESCRIPTION
     The gre network interface pseudo device encapsulates datagrams into IP.
     These encapsulated	datagrams are routed to	a destination host, where they
     are decapsulated and further routed to their final	destination.  The
     "tunnel" appears to the inner datagrams as	one hop.

     gre interfaces are	dynamically created and	destroyed with the ifconfig(8)
     create and	destroy	subcommands.

     This driver corresponds to	RFC 2784.  Encapsulated	datagrams are
     prepended an outer	datagram and a GRE header.  The	GRE header specifies
     the type of the encapsulated datagram and thus allows for tunneling other
     protocols than IP.	 GRE mode is also the default tunnel mode on Cisco
     routers.  gre also	supports Cisco WCCP protocol, both version 1 and ver-
     sion 2.

     The gre interfaces	support	a number of additional parameters to the
     ifconfig(8):

     grekey	  Set the GRE key used for outgoing packets.  A	value of 0
		  disables the key option.

     enable_csum  Enables checksum calculation for outgoing packets.

     enable_seq	  Enables use of sequence number field in the GRE header for
		  outgoing packets.

     udpencap	  Enables UDP-in-GRE encapsulation (see	the GRE-IN-UDP
		  ENCAPSULATION	Section	below for details).

     udpport	  Set the source UDP port for outgoing packets.	 A value of 0
		  disables the persistence of source UDP port for outgoing
		  packets.  See	the GRE-IN-UDP ENCAPSULATION Section below for
		  details.

GRE-IN-UDP ENCAPSULATION
     The gre supports GRE in UDP encapsulation as defined in RFC 8086.	A GRE
     in	UDP tunnel offers the possibility of better performance	for load-bal-
     ancing GRE	traffic	in transit networks.  Encapsulating GRE	in UDP enables
     use of the	UDP source port	to provide entropy to ECMP hashing.

     The GRE in	UDP tunnel uses	single value 4754 as UDP destination port.
     The UDP source port contains a 14-bit entropy value that is generated by
     the encapsulator to identify a flow for the encapsulated packet.  The
     udpport option can	be used	to disable this	behaviour and use single
     source UDP	port value.  The value of udpport should be within the
     ephemeral port range, i.e., 49152 to 65535	by default.

     Note that a GRE in	UDP tunnel is unidirectional; the tunnel traffic is
     not expected to be	returned back to the UDP source	port values used to
     generate entropy.	This may impact	NAPT (Network Address Port Translator)
     middleboxes.  If such tunnels are expected	to be used on a	path with a
     middlebox,	the tunnel can be configured either to disable use of the UDP
     source port for entropy or	to enable middleboxes to pass packets with UDP
     source port entropy.

EXAMPLES
     192.168.1.* --- Router A  -------tunnel-------- Router B --- 192.168.2.*
			\			       /
			 \			      /
			  +------ the Internet ------+

     Assuming router A has the (external) IP address A and the internal	ad-
     dress 192.168.1.1,	while router B has external address B and internal ad-
     dress 192.168.2.1,	the following commands will configure the tunnel:

     On	router A:

	   ifconfig greN create
	   ifconfig greN inet 192.168.1.1 192.168.2.1
	   ifconfig greN inet tunnel A B
	   route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1

     On	router B:

	   ifconfig greN create
	   ifconfig greN inet 192.168.2.1 192.168.1.1
	   ifconfig greN inet tunnel B A
	   route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1

     In	case when internal and external	IP addresses are the same, different
     routing tables (FIB) should be used.  The default FIB will	be applied to
     IP	packets	before GRE encapsulation.  After encapsulation GRE interface
     should set	different FIB number to	outgoing packet.  Then different FIB
     will be applied to	such encapsulated packets.  According to this FIB
     packet should be routed to	tunnel endpoint.

     Host X -- Host A (198.51.100.1) ---tunnel--- Cisco	D (203.0.113.1)	-- Host	E
			\				    /
			 \				   /
			  +----- Host B	----- Host C -----+
			    (198.51.100.254)

     On	Host A (FreeBSD):

     First of multiple FIBs should be configured via loader.conf:

	   net.fibs=2
	   net.add_addr_allfibs=0

     Then routes to the	gateway	and remote tunnel endpoint via this gateway
     should be added to	the second FIB:

	   route add -net 198.51.100.0 -netmask	255.255.255.0 -fib 1 -iface em0
	   route add -host 203.0.113.1 -fib 1 198.51.100.254

     And GRE tunnel should be configured to change FIB for encapsulated	pack-
     ets:

	   ifconfig greN create
	   ifconfig greN inet 198.51.100.1 203.0.113.1
	   ifconfig greN inet tunnel 198.51.100.1 203.0.113.1 tunnelfib	1

NOTES
     The MTU of	gre interfaces is set to 1476 by default, to match the value
     used by Cisco routers.  This may not be an	optimal	value, depending on
     the link between the two tunnel endpoints.	 It can	be adjusted via
     ifconfig(8).

     For correct operation, the	gre device needs a route to the	decapsulating
     host that does not	run over the tunnel, as	this would be a	loop.

     The kernel	must be	set to forward datagrams by setting the
     net.inet.ip.forwarding sysctl(8) variable to non-zero.

SEE ALSO
     gif(4), inet(4), ip(4), me(4), netintro(4), protocols(5), ifconfig(8),
     sysctl(8)

     A description of GRE encapsulation	can be found in	RFC 2784 and RFC 2890.

AUTHORS
     Andrey V. Elsukov <ae@FreeBSD.org>
     Heiko W.Rupp <hwr@pilhuhn.de>

BUGS
     The current implementation	uses the key only for outgoing packets.	 In-
     coming packets with a different key or without a key will be treated as
     if	they would belong to this interface.

     The sequence number field also used only for outgoing packets.

BSD				April 24, 2019				   BSD

NAME | SYNOPSIS | DESCRIPTION | GRE-IN-UDP ENCAPSULATION | EXAMPLES | NOTES | SEE ALSO | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=gre&sektion=4&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help