[Xorp-users] tunneling using IPIP (or GRE)

Ray Soucy rps at maine.edu
Wed May 23 07:40:28 PDT 2012 

Neither IPIP nor GRE tunnels provide security alone, and both are
stateless.  You might be thinking of VPNs built over these protocols.

An IPIP tunnel will not work with IPv6 (or any non-IP protocol for
that matter).  A GRE tunnel can do the job just fine.  You can also
look into using a IPv6-in-IP tunnel; in Linux this is referred to as a
SIT tunnel.

http://www.linuxfoundation.org/collaborate/workgroups/networking/tunneling

Once created, tunnel interfaces are treated like any other interface
in XORP.  Unfortunately, you need to create them outside of XORP with
a shell script unless that functionality has been added recently.

Be careful not to block ICMPv6 traffic for path MTU discovery,
otherwise you'll experience MTU issues.

FWIW I use IPIP tunnels in a few places with XORP and it works OK.

In IPv4 you want to adjust the TCP MSS (via iptables on Linux) if you
want reliable communication; if PMTUD isn't filtered for IPv6 you
shouldn't need to worry about it, but if you run into filtering
ip6tables does offer MSS adjustment as well.

A lot of people forget about and wonder why their tunnels don't perform well.

To get a feel for setting up a SIT tunnel, you might try getting a
free IPv6 tunnel from HE.net (or your tunnel broker of choice) and
following their setup instructions.




On Wed, May 23, 2012 at 4:26 AM, BILAL Mustapha <Mustapha.Bilal at imag.fr> wrote:
> Hello,
>
>  I don't know if I am in the right mailing list to ask my question.
>
>  1) I have 2 Gateways and 2 LBRs. I would like to create 4 tunnels(2
> tunnels per each Gateway of destination of the 2 different LBRs) using
> IPIP (or GRE, although I prefer IPIP for security reasons since GRE
> doesn't provide any security).
>
>  2) The packets transferred in these tunnels are IPv6, once the packet
> arrive to the LBR, it should know which tunnel was used and the source
> of each packet (was it Gateway 1 or Gateway 2?).
>
>  I would be grateful if you can provide me with complete code for the
> first part of my question (creating the tunnels) since it's my first
> experience in this topic and if you have any idea about the second part
> (recovering the source of each packet arriving to the LBR) I would be
> more than thankful as well.
>
>  Many thanks
>
> _______________________________________________
> Xorp-users mailing list
> Xorp-users at xorp.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

More information about the Xorp-users mailing list