配置GRE Keepalive-VPN完整版

Posted CCIE马拉松

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了配置GRE Keepalive-VPN完整版相关的知识,希望对你有一定的参考价值。

配置GRE Keepalive-VPN完整版(6)

06

第06篇:配置GRE keepalive



导读:

★本文旨在努力使用最简单明了的语言与实验向您解述当前最常用的几乎所有类型的VPN,通读本文,您将熟练掌握几乎所有类型VPN的理论与配置。

★本文旨在成为您学习VPN的最佳教材、最佳笔记、最佳实验手册。


上一节学习了,本节学习配置GRE keepalive跟着我一起往下看吧。


配置GRE keepalive


说明:延续上一小节的实验环境,继续测试GRE keepalive。

1.检测当前GRE隧道状态

(1)查看R1当前的隧道接口状态:

r1#show interfaces tunnel 1

Tunnel1 is up, line protocol is up

  Hardware is Tunnel

  Internet address is 1.1.1.1/24

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source 100.1.1.1, destination 200.1.1.1

  Tunnel protocol/transport GRE/IP

    Key disabled, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 01:16:00, output 01:12:27, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     54 packets input, 6476 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     70 packets output, 8248 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

r1#


(2)清除去往隧道终点200.1.1.1的路由:

r1(config)#no ip route 0.0.0.0 0.0.0.0 100.1.1.5


r1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static

route

       o - ODR, P - periodic downloaded static route


Gateway of last resort is not set


     100.0.0.0/24 is subnetted, 1 subnets

C       100.1.1.0 is directly connected, FastEthernet0/1

     10.0.0.0/24 is subnetted, 1 subnets

C       10.1.1.0 is directly connected, FastEthernet0/0

r1#

说明:R1上已经没有了去往隧道终点200.1.1.1的路由。


(3)查看R1上清除去往隧道终点200.1.1.1的路由后,隧道接口的状态:

r1#show interfaces tunnel 1

Tunnel1 is up, line protocol is down

  Hardware is Tunnel

  Internet address is 1.1.1.1/24

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source 100.1.1.1, destination 200.1.1.1

  Tunnel protocol/transport GRE/IP

    Key disabled, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 01:19:18, output 01:15:45, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     54 packets input, 6476 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     70 packets output, 8248 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

r1#

说明:R1上没有了去往隧道终点200.1.1.1的路由后,隧道接口状态变为down。


2.配置GRE keepalive

(1)恢复R1上去往隧道终点200.1.1.1的路由后,再查看隧道接口状态:


r1(config)#ip route 0.0.0.0 0.0.0.0 100.1.1.5  



r1#show interfaces tunnel 1

Tunnel1 is up, line protocol is up

  Hardware is Tunnel

  Internet address is 1.1.1.1/24

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source 100.1.1.1, destination 200.1.1.1

  Tunnel protocol/transport GRE/IP

    Key disabled, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 01:19:57, output 01:16:23, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     54 packets input, 6476 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     70 packets output, 8248 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

r1#

说明:恢复R1上去往隧道终点200.1.1.1的路由后,隧道接口状态变成up。


(2)在R1的隧道接口上配置GRE keepalive:

r1(config)#int tunnel 1

r1(config-if)#keepalive 5 3

说明:配置了keepalive的发送间隔为5秒,连续3个包,即15秒没有收到回应但认为对端失效,默认配置参数为10秒,连续3个包,即30秒没有收到回应但认为对端失效。


(3)中断对端路由器R3的GRE隧道接口,观察R1本端的隧道接口状态:


中断R3隧道接口:

r3(config)#int tunnel 3

r3(config-if)#shutdown


R1上弹出log:

r1#

*Mar  1 01:59:44.419: %LINEPROTO-5-UPDOWN: Line protocol on Interface

Tunnel1, changed state to down

r1#


R1当前隧道接口状态:

r1#show interfaces tunnel 1

Tunnel1 is up, line protocol is down

  Hardware is Tunnel

  Internet address is 1.1.1.1/24

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive set (5 sec), retries 3

  Tunnel source 100.1.1.1, destination 200.1.1.1

  Tunnel protocol/transport GRE/IP

    Key disabled, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 00:04:48, output 00:00:03, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     67 packets input, 8088 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     105 packets output, 10992 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

r1#

说明:当对端隧道接口中断后,R1在本端弹出的log显示隧道接口已变为down,并查看当前隧道接口确定为down状态。


(4)恢复R3的隧道接口,并开启GRE keepalive:

r3(config)#int tunnel 3

r3(config-if)#no shutdown

r3(config-if)#keepalive

说明:R3隧道接口上配置了默认的GRE keepalive参数。


(5)再次查看R1的隧道接口状态:

r1#show interfaces tunnel 1

Tunnel1 is up, line protocol is up

  Hardware is Tunnel

  Internet address is 1.1.1.1/24

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive set (5 sec), retries 3

  Tunnel source 100.1.1.1, destination 200.1.1.1

  Tunnel protocol/transport GRE/IP

    Key disabled, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 00:06:01, output 00:00:01, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     71 packets input, 8280 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     120 packets output, 11712 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

r1#

说明:由于对端路由器R3的隧道接口已经up,所以本端隧道接口状态也变为up;接口参数显示了Keepalive发送间隔为5秒,连续3个包,即15秒没有收到回应但认为对端失效。


(6)查看R3路由器上的GRE隧道状态:

r3#show interfaces tunnel 3

Tunnel3 is up, line protocol is up

  Hardware is Tunnel

  Internet address is 1.1.1.2/24

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive set (10 sec), retries 3

  Tunnel source 200.1.1.1, destination 100.1.1.1

  Tunnel protocol/transport GRE/IP

    Key disabled, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 00:06:21, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     111 packets input, 11280 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     74 packets output, 8424 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

r3#

说明:因为接口配置了默认参数,所以发送间隔10秒,连续3个包,即30秒没有收到回应但认为对端失效,虽然双方时间间隔不一致,但不影响正常工作。


好了,本节到此结束,下一节我们将学习加密技术


更多推荐阅读


以上是关于配置GRE Keepalive-VPN完整版的主要内容,如果未能解决你的问题,请参考以下文章

Jenkins 安装和配置完整版

docker下gitlab安装配置使用(完整版)

监控宝服务性能监控配置(完整版)

Spring-Security完整版配置

springboot application.properties 常用完整版配置信息

rip路由协议 细节分析及实例配置完整版