Standard Linux-2.2 kernel supports three flavor of tunnels,
listed in the following table:
|depth 0.8ex width 0pt Mode||Description||Base device|
|ipip||IP over IP||tunl0|
|sit||IPv6 over IP||sit0|
|gre||ANY over GRE over IP||gre0|
All the kinds of tunnels are created with one command:
ip tunnel add <NAME> mode <MODE> [ local <S> ] [ remote <D> ]
This command creates new tunnel device with name
<NAME> is an arbitrary string. Particularly,
it may be even
eth0. The rest of parameters set
different tunnel characteristics.
mode <MODE>sets tunnel mode. Three modes are available now
remote <D>sets remote endpoint of the tunnel to IP address
local <S>sets fixed local address for tunneled packets. It must be an address on another interface of this host.
local may be omitted. In this case we
say that they are zero or wildcard. Two tunnels of one mode cannot
have the same
local. Particularly it means
that base device or fallback tunnel cannot be replicated.
Tunnels are divided to two classes: pointopoint tunnels, which
have some not wildcard
remote address and deliver all the packets
to this destination, and NBMA (i.e. Non-Broadcast Multi-Access) tunnels,
which have no
remote. Particularly, base devices (f.e.
are NBMA, because they have neither
After tunnel device is created you should configure it as you did it with another devices. Certainly, the configuration of tunnels has some features related to the fact that they work over existing Internet routing infrastructure and simultaneously create new virtual links, which changes this infrastructure. The danger that not enough careful tunnel setup will result in formation of tunnel loops, collapse of routing or flooding network with exponentially growing number of tunneled fragments is very real.
Protocol setup on pointopoint tunnels does not differ of configuration
of another devices. You should set a protocol address with
and add routes with
NBMA tunnels are different. To route something via NBMA tunnel you have to explain to driver, where it should deliver packets to. The only way to make it is to create special routes with gateway address pointing to desired endpoint. F.e.
ip route add 10.0.0.0/24 via <A> dev tunl0 onlinkIt is important to use option
onlink, otherwise kernel will refuse request to create route via gateway not directly reachable over device
tunl0. With IPv6 the situation is much simpler: when you start device
sit0, it automatically configures itself with all IPv4 addresses mapped to IPv6 space, so that all IPv4 Internet is really reachable via
sit0! Excellent, the command
ip route add 3FFE::/16 via ::126.96.36.199 dev sit0will route
sit0, sending all the packets destined to this prefix to 188.8.131.52.