两台linux建立GRE隧道-阿里云开发者社区

两台linux建立GRE隧道

2017-11-27 2075

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介：

1.拓扑图：

备注：因为应用原因，需要在linux2上添加一个公网地址，并且在中间路由设备不受控制的情况下，Linux1能访问到linux2上面的公网地址。

2.基本接口配置：

linux1:192.168.10.1/24

linux2:192.168.20.2/24

R1:

interface FastEthernet0/0
ip address 192.168.10.10 255.255.255.0
no shutdown
!
interface FastEthernet0/1
ip address 192.168.20.10 255.255.255.0
no shutdown

3.路由配置：

linux1网关:192.168.10.10
linux2网关:192.168.20.10
R1：只有直连路由

4.Linux2单网卡多地址配置：

[root@Linux1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
[root@Linux1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0:0
BOOTPROTO=none
ONBOOT=yes
HWADDR=00:0c:29:08:48:63
NETMASK=255.255.255.252
IPADDR=202.100.2.2
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes

[root@Linux1 ~]# service network restart
[root@Linux1 ~]# ping 202.100.2.2
PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data.
64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=0.124 ms

--- 202.100.2.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.124/0.124/0.124/0.000 ms
[root@ams ~]# ping 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=255 time=70.6 ms

--- 192.168.10.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 70.629/70.629/70.629/0.000 ms

5.GRE tunnel配置：

A.确定是否加载了GRE模块
[root@Linux1 ~]# lsmod |grep ip_gre
[root@Linux2 ~]# lsmod |grep ip_gre
B.加载GRE模块

[root@linux1 ~]# uname -an
Linux linux1 2.6.9-78.EL #1 Wed Jul 9 15:27:01 EDT 2008 i686 i686 i386 GNU/Linux
[root@linux1 ~]# insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko
[root@linux2 ~]# uname -an
Linux linux2 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux
[root@linux2 ~]# insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.ko

C.GRE tunnel接口配置

Linux1:
ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255
ip link set tunnel0 up mtu 1400
ip addr add 172.16.1.1/30 dev tunnel0
ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0
ip route add 202.100.2.2/32 dev tunnel0
Linux2:
ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255
ip link set tunnel0 up mtu 1400
ip addr add 172.16.1.2/30 dev tunnel0
ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0
D.将tunnel配置开机运行：

linux1:
vi /etc/init.d/gre.sh ##内容如下：
insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko
ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255
ip link set tunnel0 up mtu 1400
ip addr add 172.16.1.1/30 dev tunnel0
ip addr del 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0
ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0
ip route add 202.100.2.2/32 dev tunnel0

chmod +x /etc/init.d/gre.sh
echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.local

linux2:
vi /etc/init.d/gre.sh ##内容如下：
insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.ko
ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255
ip link set tunnel0 up mtu 1400
ip addr add 172.16.1.2/30 dev tunnel0
ip addr del 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0
ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0

chmod +x /etc/init.d/gre.sh
echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.local

D.验证GRE接口

[root@Linux1 ~]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0c:29:e4:65:78 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.1/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::20c:29ff:fee4:6578/64 scope link
       valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
4: gre0: <NOARP> mtu 1476 qdisc noop
    link/gre 0.0.0.0 brd 0.0.0.0
5: tunnel0@NONE: <POINTOPOINT,NOARP,UP> mtu 1400 qdisc noqueue
    link/gre 192.168.10.1 peer 192.168.20.2
    inet 172.16.1.1 peer 172.16.1.2/30 scope global tunnel0
[root@Linux2 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0c:29:08:48:63 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.2/24 brd 192.168.20.255 scope global eth0
    inet 202.100.2.2/30 brd 202.100.2.3 scope global eth0:0
    inet6 fe80::20c:29ff:fe08:4863/64 scope link
       valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
4: gre0: <NOARP> mtu 1476 qdisc noop
    link/gre 0.0.0.0 brd 0.0.0.0
5: tunnel0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue
    link/gre 192.168.20.2 peer 192.168.10.1
    inet 172.16.1.2 peer 172.16.1.1/30 scope global tunnel0

5.效果测试：

[root@linux1 ~]# ping 202.100.2.2
PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data.
64 bytes from 202.100.2.2: icmp_seq=0 ttl=64 time=82.4 ms
64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=48.7 ms

--- 202.100.2.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 48.784/65.633/82.482/16.849 ms, pipe 2

本文转自碧云天 51CTO博客，原文链接：http://blog.51cto.com/333234/931805，如需转载请自行联系原作者

两台linux建立GRE隧道

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像