Fragmentation and GRE tunnels
Fragmentation and GRE tunnels :
===================================
What is Tunnel :
A tunnel is logical interface that provides a way to encapsulate passenger packet inside a transport protocol.
Tunneling has three memory components .
1 . Passenger protocol (Apple talk , CLNS,IP or IPX,DECNET)
2 . Carrier protocol – one of the encapsulation protocols
GRE ,IP in IP tunnels
3. Transport protocol – The protocol used to carry the encapsulated protocol
Original Packet :
IP-TCP-Telnet
Tunnel Encapsulated packet :
IP-GRE-Original packet
Where IP is transport protocol , GRE is the encapsulation protocol ,
IP is passenger protocol
Example :
Where IP and DECNET are passenger protocols and GRE is carrier protocol.
Why tunnelling is required here ?
Two non IP discontiguous networks are separated by IP network.
The administrator may not want to connect them together by configuring DECNET in the IP network and may not want to permit DECNET routing which affects the performance of the IP network.
So DECNET data is encapsulated into IP at one end and treated as IP packet in IP network.
At the other end , decapsulation is done to get DECNET packets.
Advantages :
1 . Endpoints are using private addresses and backbone does not support the routing of these addresses
2 . Allow VPN across internet
3 .Encapsulating multiple protocols over single protocol backbone
4 . Encrypt traffic over the backbone or internet
Consideration regarding tunnel interfaces :
1 . There are security and topology issues when tunnelling packets. Tunnels can by pass access control list and firewall.if packets are tunnelled through firewall , it is bypassed the firewall for whatever passenger protocol inside ... So it is recommended to enforce the firewall functionality at the end points of tunnels to enforce the any policy on passenger protocols
2 . Tunnels might create problems with the transport protocols that have limited
timers (for eg DECNET) and increase the latency
1 .tunnels across different speed environments introduce packet reordering
problem .Some passenger protocols function poorly in mixed media networks
2 . Routing protocol may prefer tunnels over real link because tunnel might
deceptively appear to be a one hop link with lowest cost and it can be avoided using proper routing configurations
3 . Problems with recursive route can be avoided by configuring proper static routes to tunnels.A recursive route is when the best path to tunnel destination is through Tunnel itself.this situation will cause the tunnel interface to bounce up and down .
Reasons for recursive routing :
1 . Misconfiguration that leads the tunnel to route through same tunnel itself
2 . temporary instability caused by the routing flapping elsewhere in the
network
The router as a PMTUD participant at the endpoint of the tunnel :
The router has two different roles to play when it is at the end point of tunnel.
1 . For PMTUD processing , the router needs to check the DF bit and packet size
of the original data packet and take necessary actions
2 . After the router has encapsulated the packet , the router is acting more like a host with respect to PMTU and in regards to tunnel ip packet
In first role , it checks DF bit , the size of packet . Based on these , it does the fragmentation or dropping
There are 2 ways to do the encapsulation in tunnelling. They are
1 . Encapsulate and fragment
2 . Fragment and Encapsulate
Please note that By default the routers do not do PMTD on the GRE tunnel
packets .It needs to be enabled using the command “tunnel path-mtu-
discovery”
Let us see how fragmentation handled for GRE tunnels
1 . The sender sends 1500 bytes packets (20 bytes IP header + 1480 TCP payload)
2 . Since MTU of the GRE tunnel is 1476 , the packets are divided into 1476 and 44 .
Now they become the 1500 and 68 which include 24 bytes of GRE header.
3 . GRE IP packet s are forwarded to the remote end
4 . Remote end router removes the GRE header and forwards them to host
5 . Reassembly is done at the destination
===================================
What is Tunnel :
A tunnel is logical interface that provides a way to encapsulate passenger packet inside a transport protocol.
Tunneling has three memory components .
1 . Passenger protocol (Apple talk , CLNS,IP or IPX,DECNET)
2 . Carrier protocol – one of the encapsulation protocols
GRE ,IP in IP tunnels
3. Transport protocol – The protocol used to carry the encapsulated protocol
Original Packet :
IP-TCP-Telnet
Tunnel Encapsulated packet :
IP-GRE-Original packet
Where IP is transport protocol , GRE is the encapsulation protocol ,
IP is passenger protocol
Example :
Where IP and DECNET are passenger protocols and GRE is carrier protocol.
Why tunnelling is required here ?
Two non IP discontiguous networks are separated by IP network.
The administrator may not want to connect them together by configuring DECNET in the IP network and may not want to permit DECNET routing which affects the performance of the IP network.
So DECNET data is encapsulated into IP at one end and treated as IP packet in IP network.
At the other end , decapsulation is done to get DECNET packets.
Advantages :
1 . Endpoints are using private addresses and backbone does not support the routing of these addresses
2 . Allow VPN across internet
3 .Encapsulating multiple protocols over single protocol backbone
4 . Encrypt traffic over the backbone or internet
Consideration regarding tunnel interfaces :
1 . There are security and topology issues when tunnelling packets. Tunnels can by pass access control list and firewall.if packets are tunnelled through firewall , it is bypassed the firewall for whatever passenger protocol inside ... So it is recommended to enforce the firewall functionality at the end points of tunnels to enforce the any policy on passenger protocols
2 . Tunnels might create problems with the transport protocols that have limited
timers (for eg DECNET) and increase the latency
1 .tunnels across different speed environments introduce packet reordering
problem .Some passenger protocols function poorly in mixed media networks
2 . Routing protocol may prefer tunnels over real link because tunnel might
deceptively appear to be a one hop link with lowest cost and it can be avoided using proper routing configurations
3 . Problems with recursive route can be avoided by configuring proper static routes to tunnels.A recursive route is when the best path to tunnel destination is through Tunnel itself.this situation will cause the tunnel interface to bounce up and down .
Reasons for recursive routing :
1 . Misconfiguration that leads the tunnel to route through same tunnel itself
2 . temporary instability caused by the routing flapping elsewhere in the
network
The router as a PMTUD participant at the endpoint of the tunnel :
The router has two different roles to play when it is at the end point of tunnel.
1 . For PMTUD processing , the router needs to check the DF bit and packet size
of the original data packet and take necessary actions
2 . After the router has encapsulated the packet , the router is acting more like a host with respect to PMTU and in regards to tunnel ip packet
In first role , it checks DF bit , the size of packet . Based on these , it does the fragmentation or dropping
There are 2 ways to do the encapsulation in tunnelling. They are
1 . Encapsulate and fragment
2 . Fragment and Encapsulate
Please note that By default the routers do not do PMTD on the GRE tunnel
packets .It needs to be enabled using the command “tunnel path-mtu-
discovery”
Let us see how fragmentation handled for GRE tunnels
1 . The sender sends 1500 bytes packets (20 bytes IP header + 1480 TCP payload)
2 . Since MTU of the GRE tunnel is 1476 , the packets are divided into 1476 and 44 .
Now they become the 1500 and 68 which include 24 bytes of GRE header.
3 . GRE IP packet s are forwarded to the remote end
4 . Remote end router removes the GRE header and forwards them to host
5 . Reassembly is done at the destination
Comments
Post a Comment