• GRE tunnel configuration – DMF/BMF

 
 
Print Friendly, PDF & Email

DMF support L2-GRE tunneling, to transmit/receive encapsulated monitoring traffic over a network. This feature can be used to extend a DMF deployment across multiple data centers or branch offices over networks connected by Layer 3 networks. This supports centralization or distribution of tools and taps/spans across multiple locations when they cannot be directly connected.

 

Scenario 1: Using GRE tunnel as a core interface.

For core links, the direction of the tunnel should be bidirectional and encap loopback interface is required. Both endpoints will periodically transmit LLDP frames, and DMF will discover that the tunnel is a core link.

The most common use case is to link multiple sites, in which case the tunnel is treated as a core link. If used as a core link, DMF automatically discovers the link as if it was a physical link and determines connectivity (link-state) in the same manner. If the tunnel goes down for any reason, DMF treats the failure as it would a physical link failure

 

Traffic flow:

et10/1(loopback) Sw273-20 et30:1(192.168.100.20) <----> et1(192.168.100.1)R1<——->(1.1.1.1/24)-et3 R1<-———>et3 R2(1.1.1.2/24)<---——>R2(192.168.200.1)et1<---->et46(192.168.200.19)Sw273-19

Tunnel configuration:

switch sw273-20
  interface ethernet10:1
    loopback-mode mac
  !
  tunnel-interface tunnel-1
    destination ip 192.168.200.19
    direction bidirectional encap-loopback-interface ethernet10:1
    parent-interface ethernet30:1
    source ip 192.168.100.20 mask 255.255.255.0 gateway-ip 192.168.100.1
    gre-key-decap 7777


switch sw273-19
  interface ethernet10
    loopback-mode mac
  !
  tunnel-interface tunnel-1
    destination ip 192.168.100.20
    direction bidirectional encap-loopback-interface ethernet10
    parent-interface ethernet46
    source ip 192.168.200.19 mask 255.255.255.0 gateway-ip 192.168.200.1
    gre-key-decap 7777


Verification:

When ARP is resolved for the next hop or default gateway the tunnel interface will come up.

bmf1-c2(config-switch-tunnel-if)# show tunnel switch sw273-20 tunnel-1
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Loopback Name Gre key list
-|-----------|-----------|------------------|-------------|--------------|--------------|------------|-------------|------------|
1 sw273-20 tunnel-1 ESTABLISHED_TUNNEL bidirectional 192.168.100.20 192.168.200.19 ethernet30:1 ethernet10:1

bmf1-c2(config-switch-tunnel-if)# show tunnel switch sw273-19 tunnel-1
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Loopback Name Gre key list
-|-----------|-----------|------------------|-------------|--------------|--------------|-----------|-------------|------------|
1 sw273-19 tunnel-1 ESTABLISHED_TUNNEL bidirectional 192.168.200.19 192.168.100.20 ethernet46 ethernet10

Please ensure there is underlay connectivity between two tunnel endpoints.

R1#show arp
Address Age (sec) Hardware Addr Interface
192.168.100.20 0:04:26 5c16.c71e.7755 Ethernet1 ———> tunnel endpoint 
60.0.0.2 - 0000.0000.0001 Ethernet2
60.0.0.3 - 0000.0000.0001 Ethernet2
1.1.1.2 0:02:25 5254.00b0.c73a Ethernet3

R2#show arp
Address Age (sec) Hardware Addr Interface
192.168.200.19 0:04:47 5c16.c71c.3384 Ethernet1 ——-> tunnel endpoint 
1.1.1.1 0:02:48 5254.0081.08a1 Ethernet3

Creating a policy that will use the GRE tunnel as a core link.

! bigtap
bigtap policy Kishore_GRE_Core_Policy
  action forward
  delivery-interface Kishore-Test-Delivery-R2-et2
  description 'policy will send traffic through core links. Core links between filter and delivery switch is through GRE tunnel'
  filter-interface Kishore-Test_Filter-R1-et2
  1 match any
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Filter Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BigTap IF Switch IF Name State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time
-|-----------------------------|--------|------------|-----|---|-------|-----|--------|--------|------------------------------|
1 Kishore-Test_Filter-R1-et2 sw273-20 ethernet28:1 up rx 5 320 0 - 2021-06-26 22:14:14.215000 UTC

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Delivery Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BigTap IF Switch IF Name State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time
-|-------------------------------|--------|----------|-----|---|-------|-----|--------|--------|------------------------------|
1 Kishore-Test-Delivery-R2-et2 sw273-19 ethernet45 up tx 5 530 0 - 2021-06-26 22:14:14.215000 UTC

~ Service Interface(s) ~
None.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Core Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch IF Name State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time
-|--------|--------|-----|---|-------|-----|--------|--------|------------------------------|
1 sw273-20 tunnel-1 up tx 5 340 0 - 2021-06-26 22:14:14.215000 UTC
2 sw273-19 tunnel-1 up rx 5 530 0 - 2021-06-26 22:14:14.215000 UTC

The flow of the policy:

(Traffic generator )R1 et2<-——>switch273-20 Ethernet28:1<-——>switch273-20 tunnel-1 ( packet will get encapsulated )<-———>R1 et1<-———>R1 et3<-———>R2 et3<-——>R2 et1<-———>swicth273-19 tunnel-1 ( packet will get decapsulated )-——switch273-19 et45<-——>R2 et2 ( Tool device )

Packet capture:

From R1 et2 generating sample traffic towards the filter interface.

[admin@R1 ~]$ sudo ethxmit --ip-dst=57.250.136.12 --ip-src=20.0.0.10 -S 44:4c:a8:8d:fa:c5 -D 01:00:0c:cc:cc:cc et2 -n5

Packet capture on et1 R1 ( from switch sw273-20 et30:1 packet gets encapsulated and reaches next hop 192.168.100.1 ( R1 et1 ).

The actual packet src IP 20.0.0.1 is encapsulated and displayed in the inner header of the packet.

[admin@R1 ~]$ tcpdump -nevvvi et1 host 192.168.100.20 & 192.168.200.19
[1] 3145
bash: 192.168.200.19: command not found
[admin@R1 ~]$ tcpdump: listening on et1, link-type EN10MB (Ethernet), capture size 262144 bytes
22:31:53.908536 5c:16:c7:1e:77:55 > Broadcast, ethertype ARP (0x0806), length 68: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.1 (Broadcast) tell 192.168.100.20, length 54
22:31:53.908555 52:54:00:81:08:a1 > 5c:16:c7:1e:77:55, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.100.1 is-at 52:54:00:81:08:a1, length 28
22:31:57.827864 5c:16:c7:1e:77:55 > 52:54:00:81:08:a1, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 10, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:31:57.828641 5c:16:c7:1e:77:55 > 52:54:00:81:08:a1, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 11, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:31:57.829497 5c:16:c7:1e:77:55 > 52:54:00:81:08:a1, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 12, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:31:57.830113 5c:16:c7:1e:77:55 > 52:54:00:81:08:a1, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 13, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:31:57.831015 5c:16:c7:1e:77:55 > 52:54:00:81:08:a1, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 14, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26

Packet capture was taken on R2 et1 to sw273-19 et45 ( The packet will get decapsulated on et45 sw273-19 and the raw traffic will be sent towards the delivery interface et46 of sw273-19.

Packet before decapsulation:

[admin@R2 ~]$ tcpdump -nevvvi et1 host 192.168.100.20 & 192.168.200.19
[1] 3186
bash: 192.168.200.19: command not found
[admin@R2 ~]$ tcpdump: listening on et1, link-type EN10MB (Ethernet), capture size 262144 bytes
22:38:06.696820 52:54:00:b0:c7:3a > 5c:16:c7:1c:33:84, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 62, id 15, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.697326 52:54:00:b0:c7:3a > 5c:16:c7:1c:33:84, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 62, id 16, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.699732 52:54:00:b0:c7:3a > 5c:16:c7:1c:33:84, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 62, id 17, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.700299 52:54:00:b0:c7:3a > 5c:16:c7:1c:33:84, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 62, id 18, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.701139 52:54:00:b0:c7:3a > 5c:16:c7:1c:33:84, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 62, id 19, offset 0, flags [none], proto GRE (47), length 92)
192.168.100.20 > 192.168.200.19: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26

Packet after decapsulation:

[admin@R2 ~]$ tcpdump -nevvvi et2 host 20.0.0.10
tcpdump: listening on et2, link-type EN10MB (Ethernet), capture size 262144 bytes
22:38:06.698132 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.699102 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.701682 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.702143 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26
22:38:06.702881 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
20.0.0.10 > 57.250.136.12: ip-proto-63 26

 

Scenario 2: Using GRE tunnel as a delivery interface

A tunnel endpoint can be used as a delivery interface to encapsulate filtered monitoring traffic to send to analysis tools or to send to another DANZ Monitoring Fabric managed by a different DMF controller.

 

Traffic flow:

R1 et2<——>et28/1 sw273-20<-——>et10/4 sw273-20<-———core———>et16 sw273-19<———>delivery<-——>et46 sw273-19 (delivery-tunnel —> encapsulation takes place ) 

Tunnel and switch configuration:

switch sw273-19 
  interface delivery-tunnel
    bigtap role delivery interface-name gre-delivery-interface
  !
  tunnel-interface delivery-tunnel 
    destination ip 192.168.100.20 
    direction transmit-only encap-loopback-interface ethernet10 
    parent-interface ethernet46 
    source ip 192.168.200.19 mask 255.255.255.0 gateway-ip 192.168.200.1 
    gre-key-decap 7777


For testing purpose, sw273-20 interface ethernet30:1 is configured as the remote tunnel endpoint (i.e., tool).

switch sw273-20 
  tunnel-interface delivery-tunnel
    destination ip 192.168.200.19 
    direction receive-only 
    parent-interface ethernet30:1 
    source ip 192.168.100.20 mask 255.255.255.0 gateway-ip 192.168.100.1 
    gre-key-decap 7777

Note that this receive-only tunnel interface on sw273-20 does not require an encap loopback interface. DMF L2-GRE tunnel requires encap loopback interface configured only when the tunnel is used for transmitting traffic (i.e., bidirectional or transmit-only).

Verification:

# show tunnel switch sw273-20
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Interface name Gre key list
-|-----------|---------------|------------------|------------|--------------|--------------|------------|--------------|------------|
1 sw273-20 delivery-tunnel ESTABLISHED_TUNNEL receive-only 192.168.100.20 192.168.200.19 ethernet30:1 7777


# show tunnel switch sw273-19
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Loopback Name Gre key list
-|-----------|---------------|------------------|-------------|--------------|--------------|-----------|-------------|------------|
1 sw273-19 delivery-tunnel ESTABLISHED_TUNNEL transmit-only 192.168.200.19 192.168.100.20 ethernet46 ethernet10 7777

 

Create a policy to use GRE tunnel as a delivery interface.

bigtap policy delivery-gre 
  action forward 
  delivery-interface gre-delivery-interface 
  filter-interface Kishore-Test_Filter-R1-et2 
  1 match any

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Filter Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# BigTap IF                     Switch   IF Name      State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time

-|-----------------------------|--------|------------|-----|---|-------|-----|--------|--------|------------------------------|

1 Kishore-Test_Filter-R1-et2 sw273-20 ethernet28:1 up    rx  26      1674  0        -        2021-07-05 13:28:38.739000 PDT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Delivery Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# BigTap IF              Switch   IF Name         State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time

-|----------------------|--------|---------------|-----|---|-------|-----|--------|--------|------------------------------|

1 gre-delivery-interface sw273-19 delivery-tunnel up    tx  26      1570  0        -        2021-07-05 13:28:38.739000 PDT

~ Service Interface(s) ~

None.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Core Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Switch   IF Name      State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time

-|--------|------------|-----|---|-------|-----|--------|--------|------------------------------|

1 sw273-20 ethernet10:4 up    tx  26      1674  0        -        2021-07-05 13:28:38.739000 PDT

2 sw273-19 ethernet16   up    rx  26      1778  0        -        2021-07-05 13:28:38.739000 PDT

~ Failed Path(s) ~

None.

Policy flow:

R1 et2<-———>et 28:1 sw273-20<-——->sw273-20 et10:4<-——core———>et16 sw273-19<-——>et46 ( gre-delivery-interface ——> packet will get encapsulated and sent to the tool device ) 

Packet captures:

Raw traffic has been sent to sw273-19 et28:1 from R1 et2 ( traffic generator )

[admin@R1 ~]$ tcpdump -nevvvvi et2 host 5.5.5.5
tcpdump: listening on et2, link-type EN10MB (Ethernet), capture size 262144 bytes
20:41:14.593655 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:41:14.594187 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:41:14.594491 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:41:14.594757 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:41:14.595012 44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26

Packet capture on R2 et1 after the raw traffic gets GRE encapsulated on the delivery interface and being sent to the tool device.

20:37:15.656948 5c:16:c7:1c:33:84 > 52:54:00:b0:c7:3a, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 16, offset 0, flags [none], proto GRE (47), length 92)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 4095, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:37:15.657481 5c:16:c7:1c:33:84 > 52:54:00:b0:c7:3a, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 17, offset 0, flags [none], proto GRE (47), length 92)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 4095, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:37:15.658190 5c:16:c7:1c:33:84 > 52:54:00:b0:c7:3a, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 18, offset 0, flags [none], proto GRE (47), length 92)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 4095, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:37:15.658695 5c:16:c7:1c:33:84 > 52:54:00:b0:c7:3a, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 19, offset 0, flags [none], proto GRE (47), length 92)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 4095, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26
20:37:15.659422 5c:16:c7:1c:33:84 > 52:54:00:b0:c7:3a, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 64, id 20, offset 0, flags [none], proto GRE (47), length 92)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x0, proto TEB (0x6558), length 72
44:4c:a8:8d:fa:c5 > 01:00:0c:cc:cc:cc, ethertype 802.1Q (0x8100), length 64: vlan 4095, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto unknown (63), length 46)
5.5.5.5 > 57.250.136.12: ip-proto-63 26

 

Scenario 3: Using GRE tunnel as a filter interface.

Another use case for L2-GRE tunnel is for DMF to receive monitoring traffic encapsulated in L2-GRE tunnel and allow DMF policies to match on the monitoring traffic (i.e., inner headers onwards) to be forwarded toward configured delivery interfaces. Sender of the encapsulated monitoring traffic may be another DMF instance or may be a 3rd party switch.

For this instance, the filter interface needs to be configured as a tunnel endpoint. The GRE traffic will get decapsulated on sw273-20 et30:1. From R1 et1 GRE traffic will be initiated and sent to the filter switch sw273-20 using tcpreplay.

 

Traffic flow:

( Traffic generator )R1 et1<-——>et30:1 sw273-20( GRE traffic will get decapsulate here )<-——>et10:4 sw273-20<———core-link——->et16 sw173-19<-——>et45 sw273-19 ( delivery interface )<-——> R2 et2 ( Tool device )

Tunnel configuration:

switch sw273-20
  interface filter-tunnel 
    bigtap role filter interface-name filter-gre-interface
  !
  tunnel-interface filter-tunnel
    destination ip 192.168.200.19
    direction receive-only
    parent-interface ethernet30:1
    source ip 192.168.100.20 mask 255.255.255.0 gateway-ip 192.168.100.1
    gre-key-decap 7777


Verification:

bmf1-c2(config-switch-tunnel-if)# show tunnel switch sw273-20
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Interface name Gre key list
-|-----------|-------------|------------------|------------|--------------|--------------|------------|--------------|------------|
1 sw273-20 filter-tunnel ESTABLISHED_TUNNEL receive-only 192.168.100.20 192.168.200.19 ethernet30:1

Create a policy that uses the GRE tunnel interface as a filter interface. The traffic gets decapsulated and sent to the delivery interface as raw traffic.

bigtap policy GRE-Filter
  action forward
  delivery-interface kishore-delivery-test
  filter-interface filter-gre-interface
  1 match any


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Filter Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BigTap IF Switch IF Name State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time
-|--------------------|--------|-------------|-----|---|-------|-----|--------|--------|------------------------------|
1 filter-gre-interface sw273-20 filter-tunnel up rx 48 6921 0 - 2021-07-05 14:26:47.888000 PDT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Delivery Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BigTap IF Switch IF Name State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time
-|---------------------|--------|----------|-----|---|-------|-----|--------|--------|------------------------------|
1 kishore-delivery-test sw273-19 ethernet45 up tx 48 4905 0 - 2021-07-05 14:26:47.888000 PDT

~ Service Interface(s) ~
None.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Core Interface(s) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch IF Name State Dir Packets Bytes Pkt Rate Bit Rate Counter Reset Time
-|--------|------------|-----|---|-------|-----|--------|--------|------------------------------|
1 sw273-20 ethernet10:4 up tx 48 6921 0 - 2021-07-05 14:26:47.888000 PDT
2 sw273-19 ethernet16 up rx 48 4905 0 - 2021-07-05 14:26:47.888000 PDT

~ Failed Path(s) ~
None.

Initiating GRE traffic through tcpreplay towards the filter interface sw273-20 et 30:1

[admin@R1 ~]$ sudo tcpreplay -i et1 /mnt/flash/gre-l2-edited-dmac.pcap
sending out et1
processing file: /mnt/flash/gre-l2-edited-dmac.pcap
Actual: 24 packets (3276 bytes) sent in 12.06 seconds. Rated: 271.6 bps, 0.00 Mbps, 1.99 pps
Statistics for network device: et1
Attempted packets: 24
Successful packets: 24
Failed packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0

22:21:05.726330 74:83:ef:eb:6f:83 > 5c:16:c7:1e:77:55, ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 128, id 0, offset 0, flags [none], proto GRE (47), length 128)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x67, proto TEB (0x6558), length 108
00:00:40:01:32:5c > 45:00:00:64:ee:3a, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 cf2a 4129 0002 8183 ..-......*A)....
0x0010: e360 96c0 0700 0809 0a0b 0c0d 0e0f 1011 .`..............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 BCDEFG
22:21:05.726696 74:83:ef:eb:6f:83 > 5c:16:c7:1e:77:55, ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 128, id 0, offset 0, flags [none], proto GRE (47), length 128)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x67, proto TEB (0x6558), length 108
00:00:40:01:32:5b > 45:00:00:64:ee:3b, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 5429 4129 0003 8183 ..-.....T)A)....
0x0010: e360 11c1 0700 0809 0a0b 0c0d 0e0f 1011 .`..............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 BCDEFG
22:21:05.727018 74:83:ef:eb:6f:83 > 5c:16:c7:1e:77:55, ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 128, id 0, offset 0, flags [none], proto GRE (47), length 128)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x67, proto TEB (0x6558), length 108
00:00:40:01:32:5a > 45:00:00:64:ee:3c, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 d827 4129 0004 8183 ..-......'A)....
0x0010: e360 8dc1 0700 0809 0a0b 0c0d 0e0f 1011 .`..............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 BCDEFG
22:21:05.727334 74:83:ef:eb:6f:83 > 5c:16:c7:1e:77:55, ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 128, id 0, offset 0, flags [none], proto GRE (47), length 128)
192.168.200.19 > 192.168.100.20: GREv0, Flags [key present], key=0x67, proto TEB (0x6558), length 108
00:00:40:01:32:59 > 45:00:00:64:ee:3d, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 4c26 4129 0005 8183 ..-.....L&A)....
0x0010: e360 19c2 0700 0809 0a0b 0c0d 0e0f 1011 .`..............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 BCDEFG

Packet capture was taken on the et2 R2 tool device. The GRE traffic is decapsulated on the filter tunnel interface and sent to the tool device.

22:23:29.043602 00:00:40:01:32:5d > 45:00:00:64:ee:39, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 e72c 4129 0001 8183 ..-......,A)....
0x0010: e360 7ebf 0700 0809 0a0b 0c0d 0e0f 1011 .`~.............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 BCDEFG
22:23:29.044335 00:00:40:01:32:5c > 45:00:00:64:ee:3a, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 cf2a 4129 0002 8183 ..-......*A)....
0x0010: e360 96c0 0700 0809 0a0b 0c0d 0e0f 1011 .`..............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 BCDEFG
22:23:29.044960 00:00:40:01:32:5b > 45:00:00:64:ee:3b, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 5429 4129 0003 8183 ..-.....T)A)....
0x0010: e360 11c1 0700 0809 0a0b 0c0d 0e0f 1011 .`..............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 BCDEFG
22:23:29.045584 00:00:40:01:32:5a > 45:00:00:64:ee:3c, ethertype Unknown (0x2d00), length 100:
0x0000: 0001 2d00 0002 0800 d827 4129 0004 8183 ..-......'A)....
0x0010: e360 8dc1 0700 0809 0a0b 0c0d 0e0f 1011 .`..............
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A

 

 

Created and revised by Kishore Jothinarayanan

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: