Implementation of site-to-site GRE tunnel

Implementation of site-to-site GRE tunnel ORDER NOW FOR CUSTOMIZED AND ORIGINAL ESSAY PAPERS ON Implementation of site-to-site GRE tunnel Assessment Topic: Implementation of site-to-site GRE tunnel need to add analysis part after ((Operation of site to site GRE tunnel)) the analysis should contain: Analysis: -analyze the operation and performance of the selected technology/ies. Implementation of site-to-site GRE tunnel -evaluate their advantages and disadvantages. -include summary of the analysis (((please no similarity!!!!!!!))) report is below please write the analysis part in different word file attachment_1 Introduction Through site to site GRE, the user can enjoy internet technology as well as another management mechanism. The user as a result of this is able to utilize existing public internet securely and undisturbed internal internet resources (Patel, 2009). When compared to traditional private networks, the GRE connection significantly reduces cost. GRE provides encapsulated datagram transmit data in another IP. GRE tunnels do not support data encryption but offers low overhead tunnel. Such tunnels are defined by destination and source IP at both tunnels ends supporting multiple routing protocols. Those routers utilize virtual interfaces referred to as tunnel interfaces. GRE tunnel is used when two devices need to be connected through the tunnel interface, which is configured with IP address at the same subnet. This makes the router configured between the tunnels encapsulated to the original packet in tunnel header and a new IP header. This paper analyzes the operation of point to point GRE tunnels. The assessment of the GRE tunnels would be focused on its properties advantages and disadvantages. GRE (Generic routing encapsulating) refers to a message protocol utilized to create a point to point connectivity over network nodes (Norton, 2015). GRE is an effective and straightforward method used to pass data in an insecure network; it permits two peers to share data that could not be shared over a public network. When transmitting the encapsulated packet, a GRE tunnel is first established to provide a safe passage of direct door-to-door delivery. When using Tunnels, the GRE packet travels directly through the two endpoints such that there is no contact with its payload. In that way, GRE is utilized when one wants to create a site to site VPN tunnel. GRE provides a solution to problems such as affordable and safe access to remote enterprises. Implementation of site-to-site GRE tunnel This paper presents GRE as a method that is used to tunnel IP packet across two points; where it encapsulates the original IP packet with another IP header. The paper will present how GRE tunnel creates a point to point connection between two routers that are not connected directly to each other. Operation of site-to-site GRE tunnel The site to site GRE tunnel is utilized when creating a site to site VPN tunnel. GRE tunneling protocol was developed originally by Cisco to create a virtual point to point link (Peterson, 2017). When the tunnel remote goes down, all traffics Routed over the tunnels are blackholed. In solving this issue, RouterOS is incorporated to develop a GRE tunnel feature. GRE provides an outer header mentioning source and destination IP keeping the inner packet unmodified. GRE tunnels would only encapsulate IP packets rather than providing encryption and authentication. The utilization of IPsec would ensure that packets are not only secure but also work slowly due to extra encryption and authentication process. As an example, office router in this network is linked to the internet using the interface with 192.168.70.2/30 IP address (Rouse, et.al 2018). In an actual network, this IP address is substituted by public IP address offered by ISP. Office ‘Router 2’ interface is linked to a local network with IP network10.10.11.0/24. After the GRE tunnel has been configured, a GRE tunnel interface is then created in office 1 Router with 172.22.22.1/30 IP address. Similarly, the Router in Office 2 is linked to the internet via the interface with 192.168.80.2/30 IP address. This IP address in a real network would be substituted with a public IP address. ‘Router 2’ interface in office two would be linked to a local network that has 10.10.12.0/24 IP network. Subsequently to performing the GRE alignment, a GRE tunnel interface would be formed in office 2 Router with 172.22.22.2/30 IP address. The site to site GRE tunnel will then be configured between the two routers to ensure the local network communicates through the VPN tunnel across the public network. GRE functions by compressing a payload, which is an inner packet that requires delivery to target network in an external IP packet (Stewart, 2018). The endpoints in the GRE tunnel would send payloads via GRE tunnels in routing compressed packets over overriding IP networks. Other routers would not parse the inner packet but the outer IP packets when moving towards the endpoint of the GRE tunnel. When they reach the parameter of the tunnel, GRE encapsulation is eliminated, and payload accelerated to its final destination. GRE tunneling is able to move IPV6 and multicast between networks. The GRE tunnel command allows the configuration of point-point GRE tunnels. GRE tunnels offer a method of encapsulating arbitrary packet in a transport protocol. They provide an architecture design to offer the services that require implementation of any standard point to point encapsulation scheme. Implementation of site-to-site GRE tunnel When two devices are connected using the GRE tunnels, the interface is configured through IP addresses that are in the same subnet (Stojchevski, 2016). The router in the tunnels is configured so that it may encapsulate the original packet found inside a tunnel header. The diagram shows the ingress in the tunnel interface. The static routes are configured over the tunnel interface as they are turned over the tunnel interface. The tunnel interface behaves as point-point interfaces. When the GRE tunnels are created over the internet, the firewall might be utilized in the middle to drop the GRE packet restricting traffic between source and tunnels destination’s IP address. The site to site GRE tunnels encapsulates data packets as it directs it to the final destination. This enables the destination and source switches to function as they contain a virtual point to point connection. Since the outer header used by GRE is transparent to the data packet, for instance, the scenario of GRE tunnels allowing routing protocols to send data packets from a switch to another on the internet (Support, 2017). GRE tunnels can encapsulate multicast data streams over the internet for transmissions. The switch operates as a source tunnel router as it encapsulates a packet payload for transport via a tunnel to destination. The switch performs the function of a remote tunnel router by extracting the data packet and sends it to its destination. Data can be routed to the GRE endpoint above routers. The point to point endpoints in the tunnel’s sources and destination would communicate with each other. In that way, there will be a direct movement between the two endpoints via the tunnel (Wang and Chen, 2014). When packets travel through routers, there is no associated interaction with payload; routers only parse the external IP packet. As the packet arrives at the GRE tunnel endpoints, the outer packet is encapsulated, making the payload parsed and forwarded to the final destination. After that GRE would utilize numerous protocols across a sole protocol making it less demanding compared to alternative solutions. GRE transport a protocol that underlies the network and does not enhance work around networks with partial hops that connects non-contiguous subnets allowing VPNs across WAN. Discussion The challenges experienced are that Point to point GRE tunnels is made entirely stateless; hence, the tunnel endpoint does not retain any information concerning the availability of remote tunnel endpoint. The outcome of it is that by default, endpoint router’s local tunnel cannot convey the line protocol if the tunnel’s remote end is unreachable. If the interface’s line protocol is altered to ‘down’, then the static routes directs making the interface eliminated from the routing table. This permits the floating installation of the static course to select an alternate interface. In solving the problem, the two routers were configured together. Traffic in the two routers was encapsulated in the tunnel packet, sent through the second router in the network to the destination (Stojchevski, 2016). In it would configure a static route at every layer which moves through the interface tunnel to the targeted network. Implementation of site-to-site GRE tunnel Implementation Network requirements: Routing to the destination is required on both tunnel’s sides. The number of tunnels can be different, but they should be the same (Williams, 2013). The two ends of the tunnels should have the same subnet and route to tunnel destination is mandatory. The tunnel IP address should also be incorporated into the routing protocol in the router. Moreover, a tunnel needs to be established to permit communication between the LANs. The tunnels should not be encrypted, and they should not utilize the standard GRE encapsulation. The routes instructing routers through the tunnel should also be put into consideration; in that way, the static route should be the ones being utilized. The peer address is also required, not to mention an interface type to be configured with one LAN port. Design of the network topology Addressing Table The design above shows router east and west, which having a point to point GRE tunnel interface being configured. After router ‘east’ collects GRE packet from router ‘west’, it creates tunnel access, which takes the source address in the IPv4 header serving as tunnel destination and the source address in IPV4 as the packet endpoint address. When the packet is forced through the GRE tunnel, the device searches the entry tunnel for endpoint destination address based on the packet’s terminus address, and the packet is then encapsulated with GRE and IPv4 through tunnel destination address in the passage protocol header. After the mask length of the packet destination address is configured, the west node creates the tunnel entry only for the private IP address in the similar network segment. This decreases the number of tunnel entries at the west node; hence, it allows branches to initiate a tunnel establishment by sending emulated information at the node located at the center. When the GRE tunnel is created at the gateway’s east, the GRE key can be configured. In that way, the router located at the west will translate the GRE key coming from the packet and record the value in the tunnel’s entry in the corresponding tunnel. According to the GRE key’s value, the gadget at the west will determine the priority of tunnel entry based on the worth of the GRE key, which utilizes the corresponding tunnel to the entrance with maximum priority to advance packet’s destination as it uses other channels for backup. For network reliability, it is vital to position multiple gateways located at the west and then stipulate the backup interfaces for the key tunnel of the core gateway. When the connection in the east gateway goes down, the critical tunnel interface will soon lose the matching entry’s tunnel for east forwarding packet in this scenario, the primary tunnel interface will advance the packets to a backup interface, which will ultimately send the packets to the east. When matching the entry’s tunnel on the main gateway, a backup interface participates in tunnel selection based on a priority tunnel. When a GRE key is not specified on the backup interface, then as compared to tunnel entry, it will have lower priority. The east and the west would be connected through router 1 and 2. Router 1 being the east gateway and Router 2 west gateway, Router 1 and 2 will communicate through the public network. On the live network, the east would send signals through the GRE tunnel to the west. The intention is protecting traffic without multicast data between the east and west. Implementation of the technology (GRE tunnel): part 1:default routes configuring into ISP. part 2: configuring GRE tunnel between EAST TO WEST. Step 1: Configuring interface tunnel on the west. S0/0/0 west the source and the 10.2.2.1 the east destination. Step 2: Configuring interface tunnel on the east. S0/0/1 west the source and the 10.1.1.1 the east destination. Step 3: showing if the GRE tunnel is functional for both routers. Step 4: verifying the tunnel source, protocol and destination for east and west. part 3: GRE tunnel “enable routing”. Step1: Routing over tunnel using OSPF area 0. Step 2: conforming OSPF Route. Step 3: Pinging the PCs. Conclusion: This study has presented GRE tunnels effective when in data traffic. With point to point GRE tunnels, one can route multiple subnets without numerous tunnels (Williams, 2013). It also develops a routable interface, not to mention the routing protocols can function across it. In order to provide security without experiencing any VPNs limitation, the point to point GRE tunnels can be merged together with the VPNs. This method offers the traffic in the GRE tunnels traverse across the VPN tunnel to only create a single IPSEC association. GRE tunnels can route multiple subnets with numerous tunnels. It also builds routing protocols and routable interfaces to function across it. GRE tunnels can be merged together so as to provide VPN security without running VPNs’ limitations. Recommendation This paper presents an analysis of the GRE tunnel in a context that involves real deployment (Wang and Chen, 2014). GRE being the most common tunneling protocol utilized in reality, it is imperative to determine the best configuration. Point to point GRE support many protocols as well as packet types that make it appropriate to solve the problems related to VPNs across the internet. GRE solves the problem by encapsulating the IP header through private address in another packet that utilizes another IP header using public addressing. GRE tunnel is also significant in transmitting data from one network to another when crossing an insecure network. Although GRE effectively works when providing connectivity over sites, it does not work well with data encryption passed through them. That is the reason why GRE is normally used with the IPsec to provide data security through encryption. When they are used together, the entire GRE packet is encrypted, encapsulated, and protected in the IPsec packet. There is need for further research to determine how GRE tunnel can operate when used to forward bind internet traffic from the corporate network (Zecca, 2017). It needs to be determined how it works like a VPN without any encryption; and how it sends packets from one point to another across a public network. Moreover how GRE uses ‘keepalive’ packets when determining a used up tunnel needs to be determined further. This would include how GRE tunnel basis generates the ‘keepalive’ response and request packet which are typically encapsulated and collectively sends them to the tunnel destination. This reason for the further is to understand how when GRE tunnels are used along, they consume internal forwarding VLAN resources. Reference ? Rouse, M., Parmenter, T., Phifer, L., Rouse, M., & Rouse, M. (2018). What is Generic Routing Encapsulation (GRE)? – Definition from WhatIs.com. Retrieved from https://searchnetworking.techtarget.com/definition/Generic-Routing-Encapsulation-GRE. ? Stewart, G. (2018). Tunnel Interface. Retrieved from https://www.sciencedirect.com/topics/computer-science/tunnel-interface. ? Stojchevski, T., Dimovski, T., & Rendevski, N. (2016). Virtual Private Network Implementation with GRE Tunnels and EIGRP Protocol. Proccedings of the ICAIIT2016. doi: 10.20544/aiit2016.25 ? Support, E. D. T. (2017). GRE Configuration. Avalible from: http/www.ggit.org Tunnel_Point_Point/.htm. ? Wang, C., & Chen, J.-Y. (2014). GRE Over IPsec Implementation VPN Enterprise Network Based. Communication Technology Soft Computing in Information. doi: 10.2991/scict-14.2014.34 ? Patel, L. (2009, November 24). What is the point of a GRE Tunnel? Retrieved from https://learningnetwork.cisco.com/thread/9238. ? Williams, D. (2013, October 14). GRE Point-to-Point Guide – Retrieved from https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/P2P_GRE/2_p2pGRE_Phase2.html. ? Norton, D. (2015, May 28). Cisco GRE Tunnels. Retrieved from http://resources.intenseschool.com/cisco-gre-tunnels/. ? Zecca, G. (2017, May 25). How GRE Keepalives Work. Retrieved from https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/63760-gre-keepalives-63760.html. ? Support, E. (2019). 06-VPN Volume – Technical Support – H3C. [online] H3c.com.hk. Retrieved from: http://www.h3c.com.hk/Technical_Support___Documents/Technical_Documents/Security_Products/H3C_SecPath_F1000-E/Configuration/Operation_Manual/H3C_SecPath_High-End_OM(F3169_F3207)-5PW106/06/201109/725905_1285_0.htm [Accessed 19 Dec. 2019]. Get a 10 % discount on an order above $ 100 Use the following coupon code : NURSING10