5. GRE ¤Î¨ä¥¦³q¹D§Þ³N (GRE and other tunnels)

¦b Linux ¸Ì­±ªº tunnel ¦@¤À¤TÃþ¡M§Y IP in IP tunneling¡N GRE tunneling¡N¥H¤Î®Ö¤ß¥H¥ ªº tunnels (¨Ò¦p¡RPPTP)¡C

5.1 Ãö©ó tunnels ªº´X¶µª`·N (A few general remarks about tunnels):

Tunnels ¥i¥H¥Î¨Ó°µ¤@¨Ç«D¤ñ´M±`ªº»Åª±·N¡C¤£¹L¡M¦pªG³]©w¤£·V¡M¤]·|±N¨Æ±¡§Ë±o¤@¶ò½kÒ\¡C¦pªG±z¨Ã«D ¯Ý¦³¦¨¦Ë¡M¨º´N¤d¸U¤£­n±N±zªº¹w³]ºôÃö«ü¦V tunnel ³]³Æ¡CÁÙ¦³¡Mtunneling ¤]·|¼W¥[ÃB¥ ªº overhead¡M¦]¬°¥¦»Ý­nÃB¥ ªº IP ¼ÐÀY(header)¡C¤@¯ë¦Ó¨¥¡M¨C¤@­Ó«Ê¥]¤j·§ 20 byte ¥ª¥k¡M³o¼Ë¡M¤@­Ó¥¿±`ªººô¸ô«Ê¥]Åé¿n (MTU) ·|¬O 1500 bytes¡M¦ý¦p«Ê¥]ªG¸g tunnel ¶Ç°e¡M«o¥u¦³ 1480 byte ¦Ó¤w¡C³o¨ä¹ê¤]¤£ºâ¬O¤°»ò°ÝÃD¡M¦ý¬O·í±z¦³¾÷·|¥Î tunnels ¨Ó³s±µ¤j«¬ºô¸ôªº®É­Ô¡M½Ð°È¥²Àˬd IP «Ê¥]ªº¸H¤ù©M­«²Õ(fragmentation/reassembly)²Ó¸`¡C·íµMÅo¡M«Ø¥ß tunnel ªº¸Ü¡M³Ì¦n¬O±q tunnel ªº¨âºÝ¦P®ÉµÛ¤â¡MÂùºÞ»ô¤U¡C

5.2 IP in IP tunneling

¦¹Ãþ tunneling §Þ³N¨ä¹ê¦b Linux ¸Ì¤w¦æ¤§¦³¦ ¤F¡C¥¦»Ý­n¨â­Ó®Ö¤ß¼Ò²Õ¡Ripip.o ©M new_tunnel.o¡C

¤ñ¤è»¡¡M±z¦³ 3 ­Óºô¸ô¡RA ©M B ¬Ò¬°¤º³¡ºô¸ô¡M¦Ó³z¹Lºô¸ô C (©Î¤ê Internet) ±N¨âªÌ³s±µ°_¨Ó¡C³o¼Ë¡M§Ú­Ìªººô¸ô A ·|¬O¦p¦¹¡R

network 10.0.1.0
netmask 255.255.255.0
router  10.0.1.1

¦Óºô¸ô B «h³o¯ë¡R

network 10.0.2.0
netmask 255.255.255.0
router  10.0.2.1

¹ïºô¸ô C ¦Ó¨¥¡M§Ú­Ì°²³]¥¦¯à°÷Âù¦Vªº±Nºô¸ô A ©M B ¤§¶¡ªº«Ê¥]°e»¼¹ï¤è¡C±z¬Æ¦Ü¥i¥H¥Î Internet °Õ¡C

¦n¤F¡MµM«á±z­n°µªº¨Æ±¡¬O¡R

­º¥ý¡M½T©w©Ò¦³¼Ò²Õ³£¸Ë¦n¤F¡R

insmod ipip.o
insmod new_tunnel.o

ifconfig tunl0 10.0.1.1 pointopoint 172.19.20.21
route add -net 10.0.2.0 netmask 255.255.255.0 dev tunl0

ifconfig tunl0 10.0.2.1 pointopoint 172.16.17.18
route add -net 10.0.1.0 netmask 255.255.255.0 dev tunl0

ifconfig tunl0 down

5.3 GRE tunneling

GRE ¬O¤@­Ó­ì¥»¥Ñ Cisco ¶}µoªº tunneling ¨ó©w¡M¸û©ó IP-in-IP tunneling¡M¥¦²¤¬°¯à­@¤@¨Ç¡C¨Ò¦p¡M±z¯à°÷³z¹L GRE tunnel ¶Ç°e multicast ©M IPv6 ¸ê°T¡C

¦b Linux ¸Ì¡M±z±o­É§U ip_gre.o ¼Ò²Õ¡C

IPv4 Tunneling

¤£¦p¥ýÅý§Ú­Ì±N IPv4 tunneling °µ°_¨Ó§a¡R

¤ñ¤è»¡¡M±z¦³ 3 ­Óºô¸ô¡RA ©M B ¬Ò¬°¤º³¡ºô¸ô¡M¦Ó³z¹Lºô¸ô C (©Î¤ê Internet) ±N¨âªÌ³s±µ°_¨Ó¡C

Ãö©óºô¸ô A ¡M¦p¤U¡R

network 10.0.1.0
netmask 255.255.255.0
router  10.0.1.1

µM«á¡MÃö©óºô¸ô B¡R

network 10.0.2.0
netmask 255.255.255.0
router  10.0.2.1

¹ïºô¸ô C ¦Ó¨¥¡M§Ú­Ì°²³]¥¦¯à°÷Âù¦Vªº±Nºô¸ô A ©M B ¤§¶¡ªº«Ê¥]°e»¼¹ï¤è¡C¦Ü©ó¦ó¥HµM¤Î¦ó©Ò¥HµM¡M«h«D§Ú­Ì©Ò­n¾Þ¤ßªº¡C

±µ¤U¨Ó¡M¦bºô¸ô A ªº router ¤W¡M±z¦p¦¹°µ¡R

ip tunnel add netb mode gre remote 172.19.20.21 local 172.16.17.18 ttl 255
ip link set netb up
ip addr add 10.0.1.1 dev netb
ip route add 10.0.2.0/24 dev netb

³o¸Ì¡M§Ú­Ì¤£§«¬ã¨s¤@¤U¡C¦b²Ä¤@¦æ¸Ì­±¡M§Ú­Ì·s¼W¤F¤@­Ó tunnel ³]³Æ¡MºÙ¤§¬° netb (Åã¦Ó©ö¨£¡M¦]¬°³o¥¿¬O§^¤§©Ò±ý¤])¡C¦A¨Ó¡M§Ú­ÌÅý¥¦¨Ï¥Î GRE ¨ó©w(mode gre)¡M¨ä»·ºÝ¦ì§}¬° 172.19.20.21 (©ó¥t¤@ºÝªº router)¡M³o¼Ë§Ú­Ìªº tunneling «Ê¥]±N±q 172.16.17.18 ±q¥X(±zªº router ¦bºô¸ô C ¤W¥i¥H¨ã¦³¦n´X­Ó IP ¦ì§}¡M¨Ã¥Ñ±z¨M©w¥Î­þ¤@­Ó¨Ó°µ tunneling)¡M¦Ó¥B¡M«Ê¥]ªº TTL Äæ¦ì³Q³]©w¬° 255 (ttl 255)¡C

²Ä 2 ¦æ§Ú­Ì±N³o­Ó³]³Æ±Ò°Ê°_¨Ó¡C

¦b²Ä 3 ¦æ¡M§Ú­Ì¬°·s¼Wªº¬É­± netb ³]©w¤@­Ó¦ì§}¬° 10.0.1.1¡C¥Î³o­Ó¦b¤pºô¸ô¤W¤]¥¼¹Á¤£¥i¡M¥u¬O·í±z½ñ¤W±Äª÷®Èµ{¤§»Ú¡M±z©Î»Ý¥Î¨ä¥¦ IP ½d³ò¨Óµ¹ tunneling ¬É­±´N¬O¤F(¨Ò¦p¦b¦¹½d¨Ò¤¤¡M±z¥i¥H¨Ï¥Î 10.0.3.0)¡C

¦b²Ä 4 ¦æ¡M§Ú­Ì¬°ºô¸ô B ³]©w¦n router¡C½Ð¯d·N¡M¦¹³B¨Ï¥Îªº netmask ªí¥Üªk¨Ã¤£¤@¼Ë¡C¦pªG±z¤£¤Ó¤F¸Ñ¨ä·N©Ò¦b¡M¥i¥H³o¼Ë¨Ó²z¸Ñ¡R±N netmask ´«ºâ¬°¤G¶i¦ì(binary)¡MµM«á¼Æ¤@¼Æ¦³¦h¤Ö­Ó 1 ´N¬O¤F¡C¦pªG±z³s³o­Ó¤]¤£·|¡M¸U¤@¤S·Qª¾¹D¡M¨º´N³o¼Ë±j°O§Y¥i¡R255.0.0.0 ¬O /8¡N255.255.0.0 ¬O /16¡NÁÙ¦³ 255.255.255.0 ¬O /24¡N¦Ó 255.255.253.0 «h¬O /23¡C

°÷¤F¯u¬Oªº¡MÁÙ¬OÅý§Ú­Ì¬Ý¬Ýºô¸ô B ªº router §a¡C

ip tunnel add neta mode gre remote 172.16.17.18 local 172.19.20.21 ttl 255
ip link set neta up
ip addr add 10.0.2.1 dev neta
ip route add 10.0.1.0/24 dev neta

ip link set netb down
ip tunnel del netb

GRE tunnels ¥Ø«e©Ò¿ï¥Îªº tunneling Ãþ«¬¡C¥¦¤w¦¨¼Ð·Ç¨Ã¥B¤]³Q¼sªxªº²¾´Ó¨ì Linux ªÀ¸s¤§¥ ¡M¸Û¬O¬ü¨Æ¤@¼Î¡C

5.4 Userland tunnels

¦b®Ö¤ß¤§¥ ¡MÁÙ¦³¦¨¥´§Î§Î¦â¦âªº tunneling ¹ê§@¡Mµ´«D¸Ø±i¤§½Í¡C¨ä¤¤ªíªíªÌ«D PPP ©M PPTP ²öÄÝ¡MµM¦Ó¨ä¥¦ªº¤]¬°¼Æ²³¦h (¦³ªº¬°±MÄݪº¡M¦³ªº¬O«O±Kªº¡M¦³ªº¬Æ¦Ü¤£¬O¨Ï¥Î IP)¡M¤£¹L¡M³o¨Ç¹ê¦b¶W¹L¥» HOWTO ªº½dÃ¥¤F¡C