About Layer 2 Generic Routing Encapsulation (L2GRE) Tunnels
L2GRE tunnels are used to route traffic from any remote device to a GigaVUE-H Series or GigaVUE-TA Series device over the internet. The device at the remote site encapsulates the filtered packets, adds a L2GRE encapsulation header, and forwards it to the corresponding circuit port that is used for GRE encapsulation. The encapsulation header consists of Ethernet + IP + GRE headers. The parameters of the encapsulated header are user-configurable, such as the IPv4 address of the IP interface on the destination GigaVUE device and the GRE key that identifies the source of the tunnel.
The encapsulated packet is sent out of the circuit port, which is connected to the public network (the Internet). This packet is routed in the public network to reach the main office site. The packet is ingressed at the circuit port of the GigaVUE device at the main office. The destination IP address of the received packet is checked against the IP configured for the circuit port. If they match, decapsulation is applied. The Ethernet + IP + GRE header is stripped and the remaining packet is sent to the tool port.
If the destination IP address of the received packet does not match with the IP address configured for the IP interface, the packet is dropped.
The following figure illustrates the L2GRE tunnel encapsulation and decapsulation.
1 | L2GRE Tunnel Encapsulation and decapsulation |
In this diagram, traffic is tapped on a GigaVUE-TA200 device at a remote site, and then it is tunneled through L2GRE encapsulation across the network before it reaches the GigaVUE‑HC3 device at the main office site, which is connected to the actual tools. The tunnel decapsulation is executed on an ingress circuit port (IP interface). After tunnel decapsulation the packet is presented to the Flow Mapping® module to filter based on map rule parameters.
Refer to the following sections for details about the L2GRE tunnel configuration:
L2GRE Tunnel Configuration—Rules and Notes |
Limitation |
Configure L2GRE Tunnel to Encapsulate Traffic |
Configure L2GRE Tunnel to Decapsulate Traffic |
L2GRE Tunnel Configuration—Rules and Notes
Keep in mind the following rules and notes when working with L2GRE tunnels:
L2GRE tunnels are supported only on GigaVUE‑HC1-Plus, GigaVUE-HCT, GigaVUE‑HC1, GigaVUE‑HC2 CCv2, GigaVUE‑HC3CCv1 and CCv2, GigaVUE-TA100, GigaVUE-TA200, GigaVUE‑TA200E GigaVUE‑TA25, GigaVUE‑TA25E,GigaVUE‑TA400 and DELL S4112F-ON devices. |
L2GRE tunnel encapsulation and decapsulation is NOT supported on GigaVUE‑HC2 CCv1. |
A maximum of 1500 L2GRE IDs are supported. |
IPv6 protocol is not supported with L2GRE tunnels. |
Ingress VLAN tagging and Tool Mirror features are not supported with L2GRE tunnels. |
Filtering of Q-in-Q packets is not supported with L2GRE tunnels except on GigaVUE-TA400. |
Map-passall is not supported for the circuit port that encapsulates or decapsulates the L2GRE packet. |
- When configuring a map for L2GRE encapsulation, you cannot configure a combination of a regular tool port and L2GRE encapsulation tunnel as part of the "To" ports.
Any encapsulated packet that exceeds the MTU value configured for the IP interface will be discarded because IP fragmentation and reassembly of packets are not supported. |
L2GRE tunnel encapsulation is not supported on circuit GigaStreams. |
Flow mapping that is configured on the circuit port used for L2GRE decapsulation will filter only the inner packet attributes along with L2GRE-ID. Any other non-tunneled packets that ingress on this circuit port will not be filtered or redirected to tool ports, even if it matches the rules configured on the map. |
GigaSMART operations cannot be combined with L2GRE decapsulation in the same map. |
L2GRE tunnel decapsulation is supported only on encapsulated packets that are not tagged. On GigaVUE-TA400, L2GRE tunnel decapsulation is supported on encapsulated packets that are both tagged and untagged. |
Inner VLAN qualifier is not supported on the port in which the L2GRE tunnel decapsulation is enabled except on GigaVUE-TA400. |
L2GRE ID qualifier is available as part of existing static templates. Following table provides details about the platforms for which the static templates are available: |
Template |
Platform |
|
GigaVUE‑HC2 (CCv2)/GigaVUE‑HC1 |
GigaVUE‑HC3/GigaVUE-TA100/TA200/TA200E/TA25//TA25E/ TA400 |
|
IPv4 |
No |
Yes |
IPv6 |
Yes |
Yes |
IPv4+UDA |
No |
Yes |
IPv4+MAC |
Yes |
Yes |
UDA |
Yes |
Yes |
Limitation
When the encapsulation device fragments your traffic, the L2GRE Tunnels used to decapsulate the traffic does not support re-assembly. To avoid this, you can use GigaSMART L2GRE decapsulation, which reassembles the fragmented packets. Refer to GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation for more detailed information on how to configure GigaSMART L2GRE Tunnel Decapsulation. You can also configure the highest possible MTU value before tapping the traffic to the virtual machine so that packets are not fragmented.