90 minutes; session 3 of 5
Creating GRE Tunnels with ip tunnel add
The ip tunnel add
command allows creating GRE tunnels in Linux. GRE tunnels encapsulate traffic over an underlying network. Let’s look at setting up a basic GRE tunnel.
Introduction
GRE tunnels enable connecting separate networks over the internet or other transit networks. The tunnel encapsulates traffic, hiding the contents from intermediary hops.
Steps
Open Terminal
First, open a terminal window on your system.
Create GRE Tunnel
Use this command to create a GRE tunnel:
sudo ip tunnel add <name> mode gre remote <remote_ip> local <local_ip> ttl <ttl>
Where:
-
<name>
is the tunnel name -
<remote_ip>
is the remote endpoint’s IP -
<local_ip>
is your endpoint’s IP -
<ttl>
limits max hops
For example:
sudo ip tunnel add gre_tunnel mode gre remote 203.0.113.5 local 198.51.100.2 ttl 64
Verify Tunnel
Check that the tunnel was created:
ip tunnel show
The new tunnel should be listed.
Delete and Recreate Tunnel
Tunnels can be temporarily brought down and restored like:
sudo ip tunnel del gre_tunnel
sudo ip tunnel add gre_tunnel mode gre remote 203.0.113.5 local 198.51.100.2 ttl 64
Test Connectivity
Try pinging remote side when tunnel is up. This validates encapsulated connectivity.
Summary
The ip tunnel add
command allows creating GRE tunnels to bridge networks over transit networks. Tunnels encapsulate traffic, providing private connections.
Configuring IPIP Tunnels with ip tunnel add
The ip tunnel add
command can create IPIP tunnels in Linux. IPIP tunnels encapsulate IP packets over IP networks. Let’s look at a basic example.
Introduction
IPIP tunnels allow you to encapsulate IP traffic over an IP network, such as the internet. This obscures the inner contents from intermediaries.
Steps
Open Terminal
First, open a terminal window on your system.
Create IPIP Tunnel
Use this command to create an IPIP tunnel:
sudo ip tunnel add <name> mode ipip <ipsec_params>
Where <name>
is the desired tunnel name, and <ipsec_params>
are optional IPsec params.
For example:
sudo ip tunnel add ipip_tunnel mode ipip
Verify Tunnel
Check that the new tunnel was created:
ip tunnel show
The IPIP tunnel should be listed.
Configure Routing
To enable connectivity, route traffic destined for the remote network over the tunnel interface.
For example:
sudo ip route add 192.168.2.0/24 dev ipip_tunnel
Test Connectivity
Ping remote network through the tunnel to validate encapsulated connectivity.
Summary
The ip tunnel add
command allows creating IPIP tunnels to bridge network segments over IP networks. Proper routing configuration is essential for tunnel functionality.
Adding Neighbors with ip neigh add
The ip neigh add
command manually inserts entries into the ARP cache in Linux. This publishes connections between IP and MAC addresses.
Introduction
Populating the ARP cache with static entries can be useful for testing or forcing traffic over specific interfaces.
Steps
Open Terminal
First, open a terminal window on your system.
Add Neighbor
Use this command to add a neighbor:
sudo ip neigh add <ip> lladdr <mac> dev <interface>
Where:
-
<ip>
is the neighbor’s IP address -
<mac>
is their MAC address -
<interface>
is the interface they are connected to
For example:
sudo ip neigh add 192.168.1.10 lladdr 00:11:22:33:44:55 dev eth0
Verify Entry
Check that the entry exists in the ARP table:
ip neigh show
The static neighbor should be listed.
Delete Entry
To remove the static neighbor:
sudo ip neigh del <ip> dev <interface>
Summary
The ip neigh add
command manually inserts static ARP entries, publishing IP to MAC mappings. This can direct traffic over specific interfaces.
Adding IPv6 Neighbors with ip -6 neigh add
The ip -6 neigh add
command inserts IPv6 neighbor entries into the neighbor cache in Linux. This establishes mappings between IPv6 and MAC addresses.
Introduction
Populating the neighbor cache statically can be useful for testing or debugging IPv6 connectivity issues.
Steps
Open Terminal
First, open a terminal window on your system.
Add IPv6 Neighbor
Use this command to add an IPv6 neighbor:
sudo ip -6 neigh add <ipv6> lladdr <mac> dev <interface>
Where:
-
<ipv6>
is the neighbor’s IPv6 address -
<mac>
is their MAC address -
<interface>
is the connecting interface
For example:
sudo ip -6 neigh add 2001:db8::1 lladdr 00:11:22:33:44:55 dev eth0
Verify Entry
Check that the entry exists:
ip -6 neigh show
The added static neighbor should appear.
Delete Entry
To remove the static neighbor:
sudo ip -6 neigh del <ipv6> dev <interface>
Summary
The ip -6 neigh add
command inserts static IPv6 neighbor entries, mapping IPv6 addresses to MAC addresses. This can help debug IPv6 network connectivity.