GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation
Required License for L2GRE Decapsulation: Base (GigaVUE‑HC2, and GigaVUE‑HC3), Tunneling (GigaVUE‑HC1)Required License for L2GRE Encapsulation: Advanced Tunneling (GigaVUE‑HC2, and GigaVUE‑HC3), Tunneling (GigaVUE‑HC1)
Use GigaSMART Layer 2 (L2) Generic Routing Encapsulation (GRE) tunnel encapsulation to send traffic from one GigaSMART node over the Internet to a second GigaSMART node using L2GRE encapsulation. Use GigaSMART L2GRE tunnel decapsulation at the second GigaSMART node to decapsulate the traffic before sending it to local tool ports.
GigaSMART Layer 2 GRE tunnel encapsulation/decapsulation provides the following:
L2GRE tunnel initiation and encapsulation on the tool port at the sending end of the tunnel (for example, at a remote site) |
L2GRE tunnel termination and decapsulation on the network port at the receiving end of the tunnel (for example, at a main office site) |
The GigaSMART at the remote site encapsulates the filtered packets, adds an encapsulation header, and routes it to the main office site. The encapsulation protocol is GRE and the delivery protocol is IP or IPv6, so the encapsulation header consists of Ethernet + IP + GRE or Ethernet + IPv6 + GRE headers.
The parameters of the encapsulated header are user-configurable, such as the IPv4 address of the IP interface on the destination GigaSMART node and the GRE key that identifies the source of the tunnel.
At the remote end, packets are decapsulated, the L2GRE header is stripped off, and packets are sent to the specified tool port.
IP fragmentation and reassembly are supported. Refer to IP Fragmentation and Reassembly on L2GRE and GMIP Tunnels.
Figure 1 L2GRE Tunnel Encapsulation/Decapsulation shows the remote site encapsulating the filtered traffic and routing it to the main office from the remote end.
The encapsulated packet is sent out of the tool port, which is connected to the public network (the Internet). This packet is routed in the public network to reach the main office site. It ingresses at the routed network port of the GigaVUE node at the main office.
The ingress encapsulated packet is then sent to the GigaSMART at the main office, where the packet is decapsulated and sent to the tool port. The received packet’s destination IP is checked against the source IP/IPv6 configured for the network port. If they match, decapsulation is applied. The Ethernet + IP + GRE or Ethernet + IPv6 + GRE header is stripped and the remaining packet is sent to the tool port.
Note: IPv6 addresses are not supported on SMT-HC1-S (Generation 3 GigaSMART module on GigaVUE-HC1.
Figure 138 | L2GRE Tunnel Encapsulation/Decapsulation |
For L2GRE tunnel encapsulation/decapsulation configuration examples, refer to GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation and GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation.
For statistics for encapsulated packets, refer to Display L2GRE Tunnel Encapsulation Statistics. For statistics for decapsulated packets, refer to Display L2GRE Tunnel Decapsulation Statistics.
The L2GRE header length is as follows:
Header |
Length in Bytes |
With Key |
42 bytes consisting of 14 Ethernet + 20 IP + 4 GRE + 4 GRE Key. |
Without Key |
38 bytes consisting of 14 Ethernet + 20 IP + 4 GRE. |
Starting in software version 5.1, L2GRE tunnel encapsulation supports load balancing. Traffic from an IP Interface can be sent to multiple destinations Defined by IP address. The traffic is distributed using stateful load balancing or stateless hashing.
For information on stateful and stateless load balancing, refer to GigaSMART Load Balancing.
For examples of load balancing on L2GRE encapsulation, refer to GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation and GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation.
Gigasmart L2GRE IPv6 lets you route filtered traffic to the remote
end using IPv6-based L2GRE tunneling. At the receiving end, filtered traffic is sent to GigaSMART, which adds an L2GRE header and a IPv6 header to make it routable.
The remote end decapsulates the packet and sends it to the tool port.
GigaVUE nodes act as L2GRE encapsulation and decapsulation devices.
The IPv6 protocol is used to deliver all packets received in the encap tunnel to the
termination node using the configured source and destination IPv6 address. The tunnel termination (decap) node strips the IPv6 + GRE header and sends the payload to the tool port.
The ICMPv6 protocol is used by the tool port on the encapsulation node for Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages to resolve the gateway MAC address and respond to NS messages received from the gateway in the tunnel decapsulation/termination node. ICMPv6 echo request/reply messages are also sent and received.
For a configuration example, refer to GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation
L2GRE tunnel termination is supported on physical devices, and the decapsulation happens through the GigaSMART engine. Tunneled traffic coming in the chassis is sent to the GigaSMART engine, which is sent to the tools using a hybrid port. The maps created are then applied to this decapsulated traffic.
Starting with version 5.4, tunnel termination is supported for VXLAN and L2GRE tunnel in the front panel ports of the switch. This feature provides line rate tunneling on all faceplate ports and also allows flow mapping to be applied for the incoming tunneled traffic on the same ports.
The following diagram illustrates how the traffic from two sources—a GigaVUE V Series appliance running on an AWS platform and a GigaVUE H Series device at a remote site traverses through the L2GRE tunnel and reaches the GigaVUE-H Series node in the main office site. In each case, traffic is tapped at the remote source and is then tunneled through L2GRE encapsulation across the cloud before it reaches the GigaVUE H Series device at the main office site, which is connected to the actual tools. The L2GRE tunnel termination is executed on an ingress circuit port (IP interface) on the destination GigaVUE H Series device. After tunnel termination, the packet is presented to the flow mapping module to filter based on map rule parameters.
Refer to the following configuration examples:
GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation |
GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation |
GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation |
GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation |
GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation |
To view IP Interfaces statistics, select Ports > IP Interfaces > Statistics to open the IP Interfaces Statistics page.
The IPv6 tunnel statistics pane displays the gateway status as Reachable if neighbor discovery is completed with gateway or Unreachable if neighbor discovery failed. Neighbor discovery is done only on the encapsulation node. On the decapsulation node, the gateway status will be Not Applicable.
To display Layer 2 GRE tunnel encapsulation statistics, select GigaSMART > GigaSMART Operations (GSOP) > Statistics. The statistics for tunnel encapsulation will be in the row labeled Tunnel Encap in the GS Operations column.
Refer to Tunnel Encapsulation Statistics Definitions for descriptions of these statistics as well as to GigaSMART Operations Statistics Definitions.
To display Layer 2 GRE tunnel decapsulation statistics, select GigaSMART > GigaSMART Operations (GSOP) > Statistics and click on the GS Operation in table to open the Quick View for GS Operation Statistics.
Refer to Tunnel Decapsulation Statistics Definitions for descriptions of these statistics as well as to GigaSMART Operations Statistics Definitions.