Expand all | Collapse all

Required routes for a GRE tunnel

Jump to Best Answer
  • 1.  Required routes for a GRE tunnel

    Posted 06-28-2019 03:52

    See the graphic from an old JNCIS-ENT Routing study guide:


    Can somebody explain me how the routing tables of the intermediate routers should look like to route to the 192.168.x.x (private) addres? How can you route over the internet to private IP addresses?


    With regards,

  • 2.  RE: Required routes for a GRE tunnel
    Best Answer

    Posted 06-28-2019 04:12

    of course in real life the tunnel endpoints for a tunnel going over the Internet must have global and global reachable internet-addresses.

    Otherwise intermediate routers in teh Internet cannot forward the tunneled packets.

    Unfortunately the example uses private addresses





  • 3.  RE: Required routes for a GRE tunnel

    Posted 06-28-2019 04:19

    IP addresses used in this case study are all in Private ranges (LAN,WAN, lo0). It is used for demo purpose only and I believe they cannot use Public range as that ip range may be registered by someone in the internet (legal issue).

    As you thought, if you want to build a gre tunnel over internet the tunnel end point IP address should be Public range so that it can be routed by the intermediate devices.





  • 4.  RE: Required routes for a GRE tunnel

    Posted 06-28-2019 04:33

    Hello Jean,


    Below static route is created towards the ISP router from R1 in your picture, same static created from the R2 ruoter as well.

    set routing-options static route next-hop


    But you need to have a public ip to transport you GRE packet in a real time scenario.


    Below is a operation happens during the GRE tunneling.


    Encapsulation—A router operating as a tunnel source router encapsulates and forwards GRE packets as follows:

    1. When a router receives a data packet (payload) to be tunneled, it sends the packet to the tunnel interface.
    2. The tunnel interface encapsulates the data in a GRE packet and adds an outer IP header.
    3. The IP packet is forwarded on the basis of the destination address in the outer IP header.

    De-encapsulation—A router operating as a tunnel remote router handles GRE packets as follows:

    1. When the destination router receives the IP packet from the tunnel interface, the outer IP header and GRE header are removed.
    2. The packet is routed based on the inner IP header.



    'Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!'


  • 5.  RE: Required routes for a GRE tunnel

    Posted 06-28-2019 05:10

    Thank you gentlemen,


    I really thought I was missing something. Indeed Nellikka, it could have something to do with privacy (somebody owns such an public ip-address).


    Nevertheless, careless of Juniper not to mention that the ip-address should be public. Especially because, in het cloud, the word "Internet" is stated. Because tunneling can be used for traffic with non routable ip addresses I thought I was misunderstanding something, but now it's clear. Smiley Happy


    With regards,