tech-net: Re: gre encap destination = point-to-point destination

Subject: Re: gre encap destination = point-to-point destination
To: None <tech-net@netbsd.org>
From: Gert Doering <gert@greenie.muc.de>
List: tech-net
Date: 11/06/2006 23:12:02
In muc.lists.netbsd.tech.net Ignatios Souvatzis wrote:

>On Sun, Nov 05, 2006 at 02:23:11PM +0100, Gert Doering wrote:

>> [ possibly recursive tunnel routing in gre(4) and hackish workarounds ]

>I was about to recommend asking Gert Doering as he's the only gre
>user I know about; but if hi isn't, then I, too, am in favour of
>disallowing such configurations at some level.

*g* - thanks.

Actually I might be biased because I work too much with Cisco, and have
been hit on my head a number of times with the dreaded "tunnel disabled
due to recursive routing" error message.

While at it, the gre(4) man page needs serious rework - the configuration
example actually *suggests* that it might be a fairly normal thing to have 
the same IP address for "tunnel inside destination" and "tunnel outside
destination":

-------- snip ---------
     On host A (NetBSD):
        # route add default B
        # ifconfig greN create
        # ifconfig greN A D netmask 0xffffffff linkX up
        # ifconfig greN tunnel A D
        # route add E D
-------- snip ---------

- just last week someone showed up on a Cisco mailing list with a
similarily broked gre(4) configuration [on FreeBSD]...

The second IPv4 example in the man page is much more useful.


Actually it might make lots of sense to be able to run gif(4) and gre(4)
tunnels "ip unnumbered" - don't attach a transit network to the "inside", 
don't create any implicit routes, and enable setting of routes to
tunnel interfaces:

	# route add -net 1.2.3.0 -netmask 255.255.255.0 dev gif0

I'm not sure whether this is possible today - the man page examples
all require a next-hop address, as in 

        # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN

- which seems to imply that when I wrote that, just setting

        # route add -inet6 0::0/0 -ifp greN

("I don't want to know or care what the other end's inside IP address
is - this is a point-to-point tunnel, just stuff the packet it, we don't
do any sort of layer2-next-hop resolution anyway")

didn't work.  But that was quite a while ago.

gert

PS: the gif(4) man page could use some IPv6 examples :)
-- 
gert@greenie.muc.de   fax: +49-89-35655025   http://alpha.greenie.net/mgetty/

If the presence of electricity can be made visible in any part of a circuit, I
see no reason why intelligence may not be transmitted instantaneously by
electricity.  -- Samuel F. B. Morse