Wireless Access

Reply
LL
Occasional Contributor II

L2 GRE Tunnel between two controllers

Hello,

 

I'm looking to familiarise myself with GRE tunnels ahead of some work I'm doing for a customer next month. What I'm looking to tunnel a L2 VLAN carrying guest traffic from one site to another across the WAN as a temporary measure.

 

In order to test this in the lab I've created an arbitrary VLAN (207) on two controllers in my lab, and am attempting to pass traffic between them. I have the following configuration:

 

Controller 1:

interface tunnel 2071
        description "Tunnel Interface"
        tunnel mode gre 1
        tunnel source 192.168.38.10
        tunnel destination 192.168.38.11
        tunnel keepalive
        trusted
        tunnel vlan 207
!

 Controller 2: 

interface tunnel 2071
        description "Tunnel Interface"
        tunnel mode gre 1
        tunnel source 192.168.38.11
        tunnel destination 192.168.38.10
        tunnel keepalive
        trusted
        tunnel vlan 207
!

 As these are both arbitrary VLANs I've done operstate up on both to bring them online, and the tunnel is showing as up. However I can't see anything matching it in the datapath tunnel table, and I can't ping the VLAN 207 interface on the other controller through the tunnel.

 

Have I missed something here?

 


Accepted Solutions
Highlighted
Guru Elite

Re: L2 GRE Tunnel between two controllers

GRE tunneling and termination is very good.  Quite a few large customers use this to put guest traffic into a DMZ.  Your design looks fine.  http://community.arubanetworks.com/t5/Controller-Based-WLANs/Create-GRE-tunnel-between-VRRP/ta-p/180486


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars

View solution in original post


All Replies
Highlighted
Guru Elite

Re: L2 GRE Tunnel between two controllers

You typically cannot ping the ip address on tunnel endpoints.  Type "show ip route" on the commandline to see if there is a route to that ip address.  You can also trying to add a static route that points to the tunnel interface for the ip address on the other side of the VLAN.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
LL
Occasional Contributor II

Re: L2 GRE Tunnel between two controllers

Thanks Colin. I wondered if it was the case that you couldn't ping the IP address on the tunnel endpoints as it looks to be working other than that. I will get something physically connected to one of the controllers in VLAN 207 and see if I can ping that.

 

I had a look in the routing table and I've got the following entries pertaining to VLAN 207 and the tunnel:

 

C    172.16.207.0/24 is directly connected, VLAN207
C    0.0.0.0 is directly connected, Tunnel 2071

Is that what you'd expect to see for a L2 tunnel?

 

 

Many thanks

Highlighted
Guru Elite

Re: L2 GRE Tunnel between two controllers

An L2 tunnel typically does not have an ip address, so I don't expect the routing table to change, as a result.  If there is something on the other side of the tunnel that you cannot reach, you might have to create a static route to it.  A layer 2 tunnel is typically just to bridge traffic from one endpoint to another or to allow two devices to share a single VLAN.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Highlighted
LL
Occasional Contributor II

Re: L2 GRE Tunnel between two controllers

Hi Colin,

 

Thanks for your help on this one. That makes sense. As soon as I get a chance I'll lab this up with a device connected at one end and make sure it works like that.

 

I have a follow-up question. Can I achieve the following with L2 tunnels and tunnel-groups, without looping the network?

 

L2 GRE failover

 

If not, we are running GRE at each site anyway. How reliable is GRE termination on VIPs? I was advised it was very flaky, but that was some time ago. The code version is 6.4.2.5, if that helps.

 

Many thanks,

Highlighted
Guru Elite

Re: L2 GRE Tunnel between two controllers

GRE tunneling and termination is very good.  Quite a few large customers use this to put guest traffic into a DMZ.  Your design looks fine.  http://community.arubanetworks.com/t5/Controller-Based-WLANs/Create-GRE-tunnel-between-VRRP/ta-p/180486


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: