Wireless Access

Reply
LL
Occasional Contributor II
Posts: 10
Registered: ‎05-29-2015

L2 GRE Tunnel between two controllers

[ Edited ]

Hello,

 

I'm looking to familiarise myself with GRE tunnels ahead of some work I'm doing for a customer next month. What I'm looking to tunnel a L2 VLAN carrying guest traffic from one site to another across the WAN as a temporary measure.

 

In order to test this in the lab I've created an arbitrary VLAN (207) on two controllers in my lab, and am attempting to pass traffic between them. I have the following configuration:

 

Controller 1:

interface tunnel 2071
        description "Tunnel Interface"
        tunnel mode gre 1
        tunnel source 192.168.38.10
        tunnel destination 192.168.38.11
        tunnel keepalive
        trusted
        tunnel vlan 207
!

 Controller 2: 

interface tunnel 2071
        description "Tunnel Interface"
        tunnel mode gre 1
        tunnel source 192.168.38.11
        tunnel destination 192.168.38.10
        tunnel keepalive
        trusted
        tunnel vlan 207
!

 As these are both arbitrary VLANs I've done operstate up on both to bring them online, and the tunnel is showing as up. However I can't see anything matching it in the datapath tunnel table, and I can't ping the VLAN 207 interface on the other controller through the tunnel.

 

Have I missed something here?

 

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: L2 GRE Tunnel between two controllers

You typically cannot ping the ip address on tunnel endpoints.  Type "show ip route" on the commandline to see if there is a route to that ip address.  You can also trying to add a static route that points to the tunnel interface for the ip address on the other side of the VLAN.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

LL
Occasional Contributor II
Posts: 10
Registered: ‎05-29-2015

Re: L2 GRE Tunnel between two controllers

Thanks Colin. I wondered if it was the case that you couldn't ping the IP address on the tunnel endpoints as it looks to be working other than that. I will get something physically connected to one of the controllers in VLAN 207 and see if I can ping that.

 

I had a look in the routing table and I've got the following entries pertaining to VLAN 207 and the tunnel:

 

C    172.16.207.0/24 is directly connected, VLAN207
C    0.0.0.0 is directly connected, Tunnel 2071

Is that what you'd expect to see for a L2 tunnel?

 

 

Many thanks

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: L2 GRE Tunnel between two controllers

An L2 tunnel typically does not have an ip address, so I don't expect the routing table to change, as a result.  If there is something on the other side of the tunnel that you cannot reach, you might have to create a static route to it.  A layer 2 tunnel is typically just to bridge traffic from one endpoint to another or to allow two devices to share a single VLAN.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

LL
Occasional Contributor II
Posts: 10
Registered: ‎05-29-2015

Re: L2 GRE Tunnel between two controllers

Hi Colin,

 

Thanks for your help on this one. That makes sense. As soon as I get a chance I'll lab this up with a device connected at one end and make sure it works like that.

 

I have a follow-up question. Can I achieve the following with L2 tunnels and tunnel-groups, without looping the network?

 

L2 GRE failover

 

If not, we are running GRE at each site anyway. How reliable is GRE termination on VIPs? I was advised it was very flaky, but that was some time ago. The code version is 6.4.2.5, if that helps.

 

Many thanks,

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: L2 GRE Tunnel between two controllers

GRE tunneling and termination is very good.  Quite a few large customers use this to put guest traffic into a DMZ.  Your design looks fine.  http://community.arubanetworks.com/t5/Controller-Based-WLANs/Create-GRE-tunnel-between-VRRP/ta-p/180486



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: