Shulou(Shulou.com)06/03 Report--

Background:

Background:

Our company's intranet and computer room server use the IP gre tunnel of linux in order to realize the function of communicating with intranet IP. So that the company can directly access the server in the computer room by routing the direct connection.

The topology diagram is as follows:

Note: the extranet IP in the topology is a fictional IP.

As you can see, there is an intranet IP and an external IP on the servers of the company and the computer room. The principle of gre tunnel is to bind the external network IP of two servers and directly establish a tunnel tunnel2 in the two external network IP. Tunnel2 looks to the server like a network port, directly connected to the other side of the tunnel.

Here configure tunnel with a new IP segment: 172.16.33.1 prime 2

Specific configuration:

218.188.152.11:

Enable routing forwarding and load gre protocol module # echo 1 > / proc/sys/net/ipv4/ip_forward# modprobe ip_gre to create tunnel tunnel2 Add a virtual network segment 172.16.33.0 ip tunnel add tunnel2 mode gre local 218.188.152.11 remote 144.22.1.176 ttl 255dev eth2# ip addr add 172.16.33.2 dev tunnel2 peer 172.16.33.1 dev tunnel2 peer 172.16.33.1 ip link set dev tunnel2 up add a route to the route # ip route add 10.65.3.0U24 through the tunnel to the intranet in the computer room

144.22.1.176:

Enable routing forwarding and load gre protocol module # echo 1 > / proc/sys/net/ipv4/ip_forward# modprobe ip_gre to create tunnel tunnel2 Add a virtual network segment 172.16.33.0 remote 218.188.152.11 ttl 255dev em1# ip addr add 172.16.33.1 dev tunnel2 peer 172.16.33.2 ip link set dev tunnel2 up add a route to the route through the tunnel to the company intranet # ip route add 192.168.1.0 dev tunnel2 24 dev tunnel2

View rout

218.188.152.11:

# netstat-nrKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface172.16.33.1 0.0.0.0 255.255.255.255 UH 000 tunnel2192.168.1.0 0.0.0.0 255.255.255.0 U 000 eth010.65.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tunnel20.0.0.0 xx.xx.xx.xx 0.0.0.0 UG 0 0 0 eth0

The intranet server has two more routes of 172.16.33.1 and 10.65.3.0. The gateway is a gre tunnel and reaches the server in the computer room through the tunnel.

144.22.1.176:

# netstat-nrKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface172.16.33.2 0.0.0.0 255.255.255.255 UH 000 tunnel2192.168.1.0 0.0.0.0 255.255.255.0 U 000 tunnel210.65.3.0 0.0.0.0 255.255.255.0 U 0 0 0 em20.0.0.0 xx.xx.xx.xx 0.0.0.0 UG 0 0 0 em1

The server in the computer room has two more routes of 172.16.33.2192.168.1.0 to 24. The gateway is a gre tunnel, and the server in the computer room is reached through the tunnel.

Test network connectivity:

218.188.152.11:

# ping 172.16.33.2PING 172.16.33.2 (172.16.33.2) 56 (84) bytes of data.64 bytes from 172.16.33.2: icmp_seq=1 ttl=64 time=0.048 ms64 bytes from 172.16.33.2: icmp_seq=2 ttl=64 time=0.059 ms--- 172.16.33.2 ping statistics-2 packets transmitted, 2 received, 0 packet loss Time 1021msrtt min/avg/max/mdev = 0.048 received 0.053 received 0.059 received 0.009 ms# ping 10.65.3.194PING 10.65.3.194 (10.65.3.194) 56 (84) bytes of data.64 bytes from 10.65.3.194: icmp_seq=1 ttl=64 time=7.96 ms64 bytes from 10.65.3.194: icmp_seq=2 ttl=64 time=7.63 ms--- 10.65.3.194 ping statistics-2 packets transmitted, 0 packet loss Time 1100msrtt min/avg/max/mdev = 7.638 ms 7.799 ms

The company server can directly ping the gre ip of the opposite server in the computer room as well as the intranet IP.

144.22.1.176:

# ping 172.16.33.1PING 172.16.33.1 (172.16.33.1) 56 (84) bytes of data.64 bytes from 172.16.33.1: icmp_seq=1 ttl=64 time=0.018 ms64 bytes from 172.16.33.1: icmp_seq=2 ttl=64 time=0.016 ms--- 172.16.33.1 ping statistics-2 packets transmitted, 2 received, 0 packet loss Time 1274msrtt min/avg/max/mdev = 0.0168.1.254 (192.168.1.254) 56 (84) bytes of data.64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=7.81 ms64 bytes from 192.168.1.254 ping statistics: icmp_seq=2 ttl=64 time=7.97 ms--- 192.168.1.254 ping statistics-- 2 packets transmitted, 2 received, 0 packet loss Time 1232msrtt min/avg/max/mdev = 7.810 ms 7.894 ms

Conversely, the server in the computer room can also directly ping the gre ip of the opposite company's server as well as the private network IP.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.