Standard Linux-2.2 kernel supports three flavor of tunnels,
listed in the following table:
depth 0.8ex width 0pt Mode | Description | Base device |
ipip | IP over IP | tunl0 |
sit | IPv6 over IP | sit0 |
gre | ANY over GRE over IP | gre0 |
All the kinds of tunnels are created with one command:
ip tunnel add <NAME> mode <MODE> [ local <S> ] [ remote <D> ]
This command creates new tunnel device with name <NAME>
.
The <NAME>
is an arbitrary string. Particularly,
it may be even eth0
. The rest of parameters set
different tunnel characteristics.
mode <MODE>
sets tunnel mode. Three modes are available now
ipip
, sit
and gre
.
remote <D>
sets remote endpoint of the tunnel to IP
address <D>
.
local <S>
sets fixed local address for tunneled
packets. It must be an address on another interface of this host.
Both remote
and local
may be omitted. In this case we
say that they are zero or wildcard. Two tunnels of one mode cannot
have the same remote
and local
. Particularly it means
that base device or fallback tunnel cannot be replicated.
Tunnels are divided to two classes: pointopoint tunnels, which
have some not wildcard remote
address and deliver all the packets
to this destination, and NBMA (i.e. Non-Broadcast Multi-Access) tunnels,
which have no remote
. Particularly, base devices (f.e. tunl0
)
are NBMA, because they have neither remote
nor
local
addresses.
After tunnel device is created you should configure it as you did it with another devices. Certainly, the configuration of tunnels has some features related to the fact that they work over existing Internet routing infrastructure and simultaneously create new virtual links, which changes this infrastructure. The danger that not enough careful tunnel setup will result in formation of tunnel loops, collapse of routing or flooding network with exponentially growing number of tunneled fragments is very real.
Protocol setup on pointopoint tunnels does not differ of configuration
of another devices. You should set a protocol address with ifconfig
and add routes with route
utility.
NBMA tunnels are different. To route something via NBMA tunnel you have to explain to driver, where it should deliver packets to. The only way to make it is to create special routes with gateway address pointing to desired endpoint. F.e.
ip route add 10.0.0.0/24 via <A> dev tunl0 onlinkIt is important to use option
onlink
, otherwise
kernel will refuse request to create route via gateway not directly
reachable over device tunl0
. With IPv6 the situation is much simpler:
when you start device sit0
, it automatically configures itself
with all IPv4 addresses mapped to IPv6 space, so that all IPv4
Internet is really reachable via sit0
! Excellent, the command
ip route add 3FFE::/16 via ::193.233.7.65 dev sit0will route
3FFE::/16
via sit0
, sending all the packets
destined to this prefix to 193.233.7.65.