next up previous contents
Next: Tunnel setup: options Up: ip-tunnels Previous: Summary of differences between   Contents

Tunnel setup: basics

Standard Linux-2.2 kernel supports three flavor of tunnels, listed in the following table:

depth 0.8ex width 0pt Mode Description Base device
ipip IP over IP tunl0
sit IPv6 over IP sit0
gre ANY over GRE over IP gre0

All the kinds of tunnels are created with one command:

  ip tunnel add <NAME> mode <MODE> [ local <S> ] [ remote <D> ]

This command creates new tunnel device with name <NAME>. The <NAME> is an arbitrary string. Particularly, it may be even eth0. The rest of parameters set different tunnel characteristics.

Both remote and local may be omitted. In this case we say that they are zero or wildcard. Two tunnels of one mode cannot have the same remote and local. Particularly it means that base device or fallback tunnel cannot be replicated.

Tunnels are divided to two classes: pointopoint tunnels, which have some not wildcard remote address and deliver all the packets to this destination, and NBMA (i.e. Non-Broadcast Multi-Access) tunnels, which have no remote. Particularly, base devices (f.e. tunl0) are NBMA, because they have neither remote nor local addresses.

After tunnel device is created you should configure it as you did it with another devices. Certainly, the configuration of tunnels has some features related to the fact that they work over existing Internet routing infrastructure and simultaneously create new virtual links, which changes this infrastructure. The danger that not enough careful tunnel setup will result in formation of tunnel loops, collapse of routing or flooding network with exponentially growing number of tunneled fragments is very real.

Protocol setup on pointopoint tunnels does not differ of configuration of another devices. You should set a protocol address with ifconfig and add routes with route utility.

NBMA tunnels are different. To route something via NBMA tunnel you have to explain to driver, where it should deliver packets to. The only way to make it is to create special routes with gateway address pointing to desired endpoint. F.e.

    ip route add via <A> dev tunl0 onlink
It is important to use option onlink, otherwise kernel will refuse request to create route via gateway not directly reachable over device tunl0. With IPv6 the situation is much simpler: when you start device sit0, it automatically configures itself with all IPv4 addresses mapped to IPv6 space, so that all IPv4 Internet is really reachable via sit0! Excellent, the command
    ip route add 3FFE::/16 via :: dev sit0
will route 3FFE::/16 via sit0, sending all the packets destined to this prefix to

next up previous contents
Next: Tunnel setup: options Up: ip-tunnels Previous: Summary of differences between   Contents
Martin A. Brown 2003-03-14