Sunday, September 7, 2014

CCIE Route/Switch v5 GNS3 Lab: GRE P2P Tunneling and DMVPN over GRE

Hey all!

GRE tunneling is a fascinating topic. To a host traversing a GRE tunnel, the hops are transparent. A router that doesn't support a protocol can be made to route it with no changes to the older router - just encapsulate it in something the older router understands and you're good to go. And the commands for a DMVPN and P2P GRE tunnel can be written in such a way that they can be simply copy and pasted to a new router to have it dial in, peer with your IGP, and start injecting routes. It's an incredibly simple and powerful tool which allows for good security.

With the way corporate hacks are becoming bigger news items every day, I'd think any network engineer worth their salt is going to want to know how to encrypt traffic between controlled routers for just about everything. Even on private networks we now know the government is listening and copying data for analysis, and I'm just not cool with that. Call me a liberal, but I think our right to freedom from illegal search and seizure means something. And here's a way you can enforce it.

In the following topology I had a few different technologies to setup, so I created a clover-leaf type topology, where each leaf is a different tech, and you bridge them in the middle for seamless routing. I wrote out hopefully good instructions and requirements, as well as validation steps that should help those of you working the 'Unsolved' version, which you can download below.

Here's the topology:

Download the solved and unsolved versions here:

Good luck!

No comments:

Post a Comment