Generic Routing Encapsulation

This document describes the Generic Routing Encapsulation (GRE) feature. This feature is a tunneling protocol
that enables the encapsulation of a wide variety of protocol packet types inside IP tunnels, creating a virtual
point-to-point link to Cisco routers at remote points over an IP internetwork.
• Finding Feature Information, on page 1
• Hardware Compatibility Matrix for the Cisco cBR Series Routers, on page 2
• Restrictions for Implementing Tunnels, on page 2
• Restrictions for GRE IPv6 Tunnels, on page 3
• Information About Implementing Tunnels, on page 4
• Information About IPv6 over IPv4 GRE Tunnels, on page 5
• Information About GRE IPv6 Tunnels, on page 8
• How to Implement Tunnels, on page 8
• Configuration Examples for Implementing Tunnels, on page 16
• How to Configure IPv6 over IPv4 GRE Tunnels, on page 18
• Configuration Examples for IPv6 over IPv4 GRE Tunnels, on page 20
• How to Configure GRE IPv6 Tunnels, on page 21
• Configuration Examples for GRE IPv6 Tunnels, on page 22
• Additional References, on page 23
• Feature Information for Generic Routing Encapsulation , on page 24

Finding Feature Information

Finding Feature Information
Your software release may not support all the features that are documented in this module. For the latest
feature information and caveats, see the release notes for your platform and software release. The Feature
Information Table at the end of this document provides information about the documented features and lists
the releases in which each feature is supported.
Use Cisco Feature Navigator to find information about the platform support and Cisco software image support.
To access Cisco Feature Navigator, go to the link http://tools.cisco.com/ITDIT/CFN/. You do not require a
cisco.com login account.

Generic Routing Encapsulation

1
 Generic Routing Encapsulation
Hardware Compatibility Matrix for the Cisco cBR Series Routers

Hardware Compatibility Matrix fortheCiscocBRSeries Routers

Note The hardware components that are introduced in a given Cisco IOS-XE Release are supported in all subsequent
releases unless otherwise specified.

Table 1: Hardware Compatibility Matrix for the Cisco cBR Series Routers

Cisco CMTS Platform Processor Engine Interface Cards

Cisco cBR-8 Converged Broadband Cisco IOS-XE Release 16.5.1 and Cisco IOS-XE Release 16.5.1 and
Router Later Releases Later Releases
Cisco cBR-8 Supervisor: Cisco cBR-8 CCAP Line Cards:
• PID—CBR-SUP-250G • PID—CBR-LC-8D30-16U30
• PID—CBR-CCAP-SUP-160G • PID—CBR-LC-8D31-16U30
• PID—CBR-CCAP-SUP-60G • PID—CBR-RF-PIC
• PID—CBR-SUP-8X10G-PIC • PID—CBR-RF-PROT-PIC
• PID—CBR-CCAP-LC-40G-R

Cisco cBR-8 Downstream PHY

Modules:
• PID—CBR-D30-DS-MOD
• PID—CBR-D31-DS-MOD

Cisco cBR-8 Upstream PHY

Modules:
• PID—CBR-D30-US-MOD
• PID—CBR-D31-US-MOD

Restrictions for Implementing Tunnels

• It is important to allow the tunnel protocol to pass through a firewall and access control list (ACL) check.
• Multiple point-to-point tunnels can saturate the physical link with routing information if the bandwidth
is not configured correctly on a tunnel interface.
• A tunnel looks like a single hop link, and routing protocols may prefer a tunnel over a multihop physical
path. The tunnel, despite looking like a single hop link, may traverse a slower path than a multihop link.
A tunnel is as robust and fast, or as unreliable and slow, as the links that it actually traverses. Routing
protocols that make their decisions based only on hop counts will often prefer a tunnel over a set of
physical links. A tunnel might appear to be a one-hop, point-to-point link and have the lowest-cost path,

Generic Routing Encapsulation

2
 Generic Routing Encapsulation
Restrictions for GRE IPv6 Tunnels

but the tunnel may actually cost more in terms of latency when compared to an alternative physical
topology. For example, in the topology shown in the figure below, packets from Host 1 will appear to
travel across networks w, t, and z to get to Host 2 instead of taking the path w, x, y, and z because the
tunnel hop count appears shorter. In fact, the packets going through the tunnel will still be traveling
across Router A, B, and C, but they must also travel to Router D before coming back to Router C.

Figure 1: Tunnel Precautions: Hop Counts

• A tunnel may have a recursive routing problem if routing is not configured accurately. The best path to
a tunnel destination is via the tunnel itself; therefore recursive routing causes the tunnel interface to flap.
To avoid recursive routing problems, keep the control-plane routing separate from the tunnel routing by
using the following methods:
• Use a different autonomous system number or tag.
• Use a different routing protocol.
• Ensure that static routes are used to override the first hop (watch for routing loops).
The following error is displayed when there is recursive routing to a tunnel destination:
%TUN-RECURDOWN Interface Tunnel 0
temporarily disabled due to recursive routing

Restrictions for GRE IPv6 Tunnels

• GRE tunnel keepalive packets are not supported.
• Multipoint GRE (mGRE) IPv6 tunneling is not supported.
• There is limited support for tunnel transport in virtual routing and forwarding (VRF). The limited support
in VRF is applicable to IPv6 point-to-point GRE without tunnel protection.

Generic Routing Encapsulation

3
 Generic Routing Encapsulation
Information About Implementing Tunnels

Information About Implementing Tunnels

Tunneling Versus Encapsulation
To understand how tunnels work, you must be able to distinguish between concepts of encapsulation and
tunneling. Encapsulation is the process of adding headers to data at each layer of a particular protocol stack.
The Open Systems Interconnection (OSI) reference model describes the functions of a network. To send a
data packet from one host (for example, a PC) to another on a network, encapsulation is used to add a header
in front of the data packet at each layer of the protocol stack in descending order. The header must contain a
data field that indicates the type of data encapsulated at the layer immediately above the current layer. As the
packet ascends the protocol stack on the receiving side of the network, each encapsulation header is removed
in reverse order.
Tunneling encapsulates data packets from one protocol within a different protocol and transports the packets
on a foreign network. Unlike encapsulation, tunneling allows a lower-layer protocol and a same-layer protocol
to be carried through the tunnel. A tunnel interface is a virtual (or logical) interface. Tunneling consists of
three main components:
• Passenger protocol—The protocol that you are encapsulating. For example, IPv4 and IPv6 protocols.
• Carrier protocol—The protocol that encapsulates. For example, generic routing encapsulation (GRE)
and Multiprotocol Label Switching (MPLS).
• Transport protocol--The protocol that carries the encapsulated protocol. The main transport protocol is
IP.

Tunnel ToS
Tunnel type of service (ToS) allows you to tunnel network traffic and group all packets in the same ToS byte
value. The ToS byte values and Time-to-Live (TTL) hop-count value can be set in the encapsulating IP header
of tunnel packets for an IP tunnel interface on a router. Tunnel ToS feature is supported for Cisco Express
Forwarding (formerly known as CEF), fast switching, and process switching.
The ToS and TTL byte values are defined in RFC 791. RFC 2474, and RFC 2780 obsolete the use of the ToS
byte as defined in RFC 791. RFC 791 specifies that bits 6 and 7 of the ToS byte (the first two least significant
bits) are reserved for future use and should be set to 0.

Path MTU Discovery

Path MTU Discovery (PMTUD) can be enabled on a GRE or IP-in-IP tunnel interface. When PMTUD (RFC
1191) is enabled on a tunnel interface, the router performs PMTUD processing for the GRE (or IP-in-IP)
tunnel IP packets. The router always performs PMTUD processing on the original data IP packets that enter
the tunnel. When PMTUD is enabled, packet fragmentation is not permitted for packets that traverse the tunnel
because the Don’t Fragment (DF) bit is set on all the packets. If a packet that enters the tunnel encounters a
link with a smaller MTU, the packet is dropped and an Internet Control Message Protocol (ICMP) message
is sent back to the sender of the packet. This message indicates that fragmentation was required (but not
permitted) and provides the MTU of the link that caused the packet to be dropped.

Generic Routing Encapsulation

4
 Generic Routing Encapsulation
QoS Options for Tunnels

Note PMTUD on a tunnel interface requires that the tunnel endpoint be able to receive ICMP messages generated
by routers in the path of the tunnel. Ensure that ICMP messages can be received before using PMTUD over
firewall connections.

Use the tunnel path-mtu-discovery command to enable PMTUD for the tunnel packets and use the show
interfaces tunnel command to verify the tunnel PMTUD parameters. PMTUD works only on GRE and
IP-in-IP tunnel interfaces.

QoS Options for Tunnels

A tunnel interface supports various quality of service (QoS) features as a physical interface. QoS provides a
way to ensure that mission-critical traffic has an acceptable level of performance. QoS options for tunnels
include support for applying generic traffic shaping (GTS) directly on the tunnel interface and support for
class-based shaping using the modular QoS CLI (MQC). Tunnel interfaces also support class-based policing,
but they do not support committed access rate (CAR).
GRE tunnels allow the router to copy the IP precedence bit values of the ToS byte to the tunnel or the GRE
IP header that encapsulates the inner packet. Intermediate routers between the tunnel endpoints can use the
IP precedence values to classify packets for QoS features such as policy routing, weighted fair queueing
(WFQ), and weighted random early detection (WRED).
When packets are encapsulated by tunnel or encryption headers, QoS features are unable to examine the
original packet headers and correctly classify the packets. Packets that travel across the same tunnel have the
same tunnel headers, so the packets are treated identically if the physical interface is congested. Tunnel packets
can, however, be classified before tunneling and encryption can occur when a user applies the QoS preclassify
feature on the tunnel interface or on the crypto map.

Note Class-based WFQ (CBWFQ) inside class-based shaping is not supported on a multipoint interface.

For examples of how to implement some QoS features on a tunnel interface, see the section“Configuring QoS
Options on Tunnel Interfaces Examples, on page 17” on page 32.

Information About IPv6 over IPv4 GRE Tunnels

Overlay Tunnels for IPv6
Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core
network or the figure below). By using overlay tunnels, you can communicate with isolated IPv6 networks
without upgrading the IPv4 infrastructure between them. Overlay tunnels can be configured between border
devices or between a border device and a host; however, both tunnel endpoints must support both the IPv4
and IPv6 protocol stacks. IPv6 supports the following types of overlay tunneling mechanisms:
• Manual
• Generic routing encapsulation (GRE)

Generic Routing Encapsulation

5
 Generic Routing Encapsulation
Overlay Tunnels for IPv6

• IPv4-compatible
• 6to4
• Intrasite Automatic Tunnel Addressing Protocol (ISATAP)

Figure 2: Overlay Tunnels

Note Overlay tunnels reduce the maximum transmission unit (MTU) of an interface by 20 octets (assuming that
the basic IPv4 packet header does not contain optional fields). A network that uses overlay tunnels is difficult
to troubleshoot. Therefore, overlay tunnels that connect isolated IPv6 networks should not be considered a
final IPv6 network architecture. The use of overlay tunnels should be considered as a transition technique
toward a network that supports both the IPv4 and IPv6 protocol stacks or just the IPv6 protocol stack.

Use the table below to help you determine which type of tunnel that you want to configure to carry IPv6
packets over an IPv4 network.

Table 2: Suggested Usage of Tunnel Types to Carry IPv6 Packets over an IPv4 Network

Tunneling Type Suggested Usage Usage Notes

Manual Simple point-to-point tunnels that can be used Can carry IPv6 packets only.
within a site or between sites.

GRE- and IPv4- Simple point-to-point tunnels that can be used Can carry IPv6, Connectionless
compatible within a site or between sites. Network Service (CLNS), and many
other types of packets.

IPv4- compatible Point-to-multipoint tunnels. Uses the ::/96 prefix. We do not

recommend using this tunnel type.

6to4 Point-to-multipoint tunnels that can be used Sites use addresses from the 2002::/16
to connect isolated IPv6 sites. prefix.

6RD IPv6 service is provided to customers over an Prefixes can be from the SP’s own
IPv4 network by using encapsulation of IPv6 address block.
in IPv4.

Generic Routing Encapsulation

6
 Generic Routing Encapsulation
GRE IPv4 Tunnel Support for IPv6 Traffic

Tunneling Type Suggested Usage Usage Notes

ISATAP Point-to-multipoint tunnels that can be used Sites can use any IPv6 unicast
to connect systems within a site. addresses.

Individual tunnel types are discussed in detail in this document. We recommend that you review and understand
the information about the specific tunnel type that you want to implement. When you are familiar with the
type of tunnel you need, see the table below for a summary of the tunnel configuration parameters that you
may find useful.

Table 3: Tunnel Configuration Parameters by Tunneling Type

Tunneling Type Tunnel Configuration

Parameter

Tunnel Mode Tunnel Source Tunnel Interface Prefix

Destination or Address

Manual ipv6ip An IPv4 An IPv4 address. An IPv6 address.

address, or
GRE/IPv4 gre ip a reference An IPv4 address. An IPv6 address.
to an
IPv4- compatible ipv6ip auto-tunnel Not required. Not required. The interface
interface
These are all address is generated as
on which
point-to-multipoint ::tunnel-source/96.
IPv4 is
tunneling types.
6to4 ipv6ip 6to4 configured. An IPv6 address. The prefix must
The IPv4
destination address embed the tunnel source IPv4
is calculated, on a address.
per-packet basis,
6RD ipv6ip 6rd from the IPv6 An IPv6 address.

ISATAP ipv6ip isatap destination. An IPv6 prefix in modified eui-64

format. The IPv6 address is
generated from the prefix and the
tunnel source IPv4 address.

GRE IPv4 Tunnel Support for IPv6 Traffic

IPv6 traffic can be carried over IPv4 GRE tunnels using the standard GRE tunneling technique that is designed
to provide the services to implement any standard point-to-point encapsulation scheme. As in IPv6 manually
configured tunnels, GRE tunnels are links between two points, with a separate tunnel for each link. The tunnels
are not tied to a specific passenger or transport protocol but, in this case, carry IPv6 as the passenger protocol
with the GRE as the carrier protocol and IPv4 or IPv6 as the transport protocol.
The primary use of GRE tunnels is for stable connections that require regular secure communication between
two edge devices or between an edge device and an end system. The edge devices and the end systems must
be dual-stack implementations.

Generic Routing Encapsulation

7
 Generic Routing Encapsulation
Information About GRE IPv6 Tunnels

Information About GRE IPv6 Tunnels

Overview of GRE IPv6 Tunnels
The GRE IPv6 Tunnels feature enables the delivery of packets from other protocols through an IPv6 network
and allows the routing of IPv6 packets between private networks across public networks with globally routed
IPv6 addresses.
For point-to-point GRE tunnels, each tunnel interface requires a tunnel source IPv6 address and a tunnel
destination IPv6 address when being configured. All packets are encapsulated with an outer IPv6 header and
a GRE header.

How to Implement Tunnels

Determining the Tunnel Type
Before configuring a tunnel, you must determine the type of tunnel you want to create.

Procedure

Step 1 Determine the passenger protocol. A passenger protocol is the protocol that you are encapsulating.
Step 2 Determine the tunnel mode command keyword, if appropriate.
The table below shows how to determine the appropriate keyword to be used with the tunnel mode command.

Table 4: Determining the tunnel mode Command Keyword

Keyword Purpose

dvmrp Use the dvmrp keyword to specify that the Distance Vector Multicast Routing
Protocol encapsulation will be used.

gre ip Use the gre and ip keywords to specify that GRE encapsulation over IP will be
used.

gre ipv6 Use the gre and ipv6 keywords to specify that GRE encapsulation over IPv6 will
be used.

ipip Use the ipip keyword to specify that IP-in-IP encapsulation will be used. The optional
[decapsulate-any] decapsulate-any keyword terminates any number of IP-in-IP tunnels at one tunnel
interface. Note that this tunnel will not carry any outbound traffic; however, any
number of remote tunnel endpoints can use a tunnel configured as their destination.

ipv6 Use the ipv6 keyword to specify that generic packet tunneling in IPv6 will be used.

Generic Routing Encapsulation

8
 Generic Routing Encapsulation
Configuring an IPv4 GRE Tunnel

Keyword Purpose

ipv6ip Use the ipv6ip keyword to specify that IPv6 will be used as the passenger protocol
and IPv4 as both the carrier (encapsulation) and transport protocol. When additional
keywords are not used, manual IPv6 tunnels are configured. Additional keywords
can be used to specify IPv4-compatible, 6to4, or ISATAP tunnels.

mpls Use the mpls keyword to specify that MPLS will be used for configuring traffic
engineering (TE) tunnels.

Configuring an IPv4 GRE Tunnel

Perform this task to configure a GRE tunnel. A tunnel interface is used to pass protocol traffic across a network
that does not normally support the protocol. To build a tunnel, you must define a tunnel interface on each of
the two routers, and the tunnel interfaces must reference each other. At each router, the tunnel interface must
be configured with a Layer 3 address. The tunnel endpoints, tunnel source, and tunnel destination must be
defined, and the type of tunnel must be selected. Optional steps can be performed to customize the tunnel.
Remember to configure the router at each end of the tunnel. If only one side of a tunnel is configured, the
tunnel interface may still come up and stay up (unless keepalive is configured), but packets going into the
tunnel will be dropped.

GRE Tunnel Keepalive

Keepalive packets can be configured to be sent over IP-encapsulated GRE tunnels. You can specify the rate
at which keepalives are sent and the number of times that a device will continue to send keepalive packets
without a response before the interface becomes inactive. GRE keepalive packets may be sent from both sides
of a tunnel or from just one side.

Before you begin

Ensure that the physical interface to be used as the tunnel source in this task is up and configured with the
appropriate IP address. For hardware technical descriptions and information about installing interfaces, see
the hardware installation and configuration publication for your product.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Router# configure terminal

Generic Routing Encapsulation

9
 Generic Routing Encapsulation
GRE Tunnel Keepalive

Command or Action Purpose

Step 3 interface type number Specifies the interface type and number, and
enters interface configuration mode.
Example:
Router(config)# interface tunnel 0 • To configure a tunnel, use tunnel for the
type argument.

Step 4 bandwidth kb/s Sets the current bandwidth value for an

interface and communicates it to higher-level
Example:
protocols.
Router(config-if)# bandwidth 1000
• Specifies the tunnel bandwidth to be used
to transmit packets.
• Use the kb/s argument to set the
bandwidth, in kilobits per second (kb/s).

Note This is only a routing parameter; it

does not affect the physical
interface. The default bandwidth
setting on a tunnel interface is 9.6
kb/s. You should set the bandwidth
on a tunnel to an appropriate value.

Step 5 keepalive [period [retries]] (Optional) Specifies the number of times the
device will continue to send keepalive packets
Example:
without response before bringing the tunnel
Router(config-if)# keepalive 3 7 interface protocol down.
• GRE keepalive packets may be
configured either on only one side of the
tunnel or on both.
• If GRE keepalive is configured on both
sides of the tunnel, the period and retries
arguments can be different at each side
of the link.

Note This command is supported only on

GRE point-to-point tunnels.

Note The GRE tunnel keepalive feature

should not be configured on a VRF
tunnel. This combination of features
is not supported.

Step 6 tunnel source {ip-address | interface-type Configures the tunnel source.

interface-number}
Note The tunnel source IP address and
Example: destination IP addresses must be
Router(config-if)# tunnel source defined on two separate devices.
TenGigabitEthernet 4/1/0

Generic Routing Encapsulation

10
Generic Routing Encapsulation
GRE Tunnel Keepalive

Command or Action Purpose

Step 7 tunnel destination {hostname | ip-address} Configures the tunnel destination.
Example: Note The tunnel source and destination
IP addresses must be defined on
Router(config-if)# tunnel destination two separate devices.
10.0.2.1

Step 8 tunnel key key-number (Optional) Enables an ID key for a tunnel

interface.
Example:
Router(config-if)# tunnel key 1000 Note This command is supported only on
GRE tunnel interfaces. We do not
recommend relying on this key for
security purposes.

Step 9 tunnel mode gre { ip | multipoint} Specifies the encapsulation protocol to be used
in the tunnel.
Example:
Device(config-if)# tunnel mode gre ip

Step 10 ip mtu bytes (Optional) Sets the MTU size of IP packets

sent on an interface.
Example:
Device(config-if)# ip mtu 1400 • If an IP packet exceeds the MTU set for
the interface, the Cisco software will
fragment it unless the DF bit is set.
• All devices on a physical medium must
have the same protocol MTU in order to
operate.
• For IPv6 packets, use the ipv6 mtu
command.

Note If the tunnel path-mtu-discovery

command is enabled do not
configure this command.

Step 11 ip tcp mss mss-value (Optional) Specifies the maximum segment

size (MSS) for TCP connections that originate
Example:
or terminate on a router.
Device(config-if)# ip tcp mss 250

Step 12 tunnel path-mtu-discovery [age-timer (Optional) Enables PMTUD on a GRE or

{aging-mins | infinite}] IP-in-IP tunnel interface.
Example: • When PMTUD is enabled on a tunnel
Device(config-if)# tunnel interface, PMTUD will operate for GRE
path-mtu-discovery IP tunnel packets to minimize
fragmentation in the path between the
tunnel endpoints.

Generic Routing Encapsulation

11
 Generic Routing Encapsulation
What to Do Next

Command or Action Purpose

Step 13 end Exits interface configuration mode and returns
to privileged EXEC mode.
Example:
Device(config-if)# end

What to Do Next
Proceed to the “Verifying Tunnel Configuration and Operation” section.

Configuring 6to4 Tunnels

Before you begin
With 6to4 tunnels, the tunnel destination is determined by the border-router IPv4 address, which is concatenated
to the prefix 2002::/16 in the format 2002:border-router-IPv4-address ::/48. The border router at each end of
a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks.

Note The configuration of only one IPv4-compatible tunnel and one 6to4 IPv6 tunnel is supported on a router. If
you choose to configure both of these tunnel types on the same router, Cisco recommends that they not share
the same tunnel source.
A 6to4 tunnel and an IPv4-compatible tunnel cannot share the same interface because both of them are NBMA
“point-to-multipoint” access links, and only the tunnel source can be used to reorder the packets from a
multiplexed packet stream into a single packet stream for an incoming interface. When a packet with an IPv4
protocol type of 41 arrives on an interface, the packet is mapped to an IPv6 tunnel interface on the basis of
the IPv4 address. However, if both the 6to4 tunnel and the IPv4-compatible tunnel share the same source
interface, the router cannot determine the IPv6 tunnel interface to which it should assign the incoming packet.
Manually configured IPv6 tunnels can share the same source interface because a manual tunnel is a
“point-to-point” link, and both IPv4 source and the IPv4 destination of the tunnel are defined.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Router# configure terminal

Step 3 interface tunnel tunnel-number Specifies a tunnel interface and number and
enters interface configuration mode.
Example:

Generic Routing Encapsulation

12
Generic Routing Encapsulation
Configuring 6to4 Tunnels

Command or Action Purpose

Router(config)# interface tunnel 0

Step 4 ipv6 address ipv6-prefix/prefix-length [eui-64] Specifies the IPv6 address assigned to the
interface and enables IPv6 processing on the
Example:
interface.
Router(config-if)# ipv6 address • The 32 bits following the initial 2002::/16
2002:c0a8:6301:1::1/64 prefix correspond to an IPv4 address
assigned to the tunnel source.

Note See the "Configuring Basic

Connectivity for IPv6" module for
more information on configuring
IPv6 addresses.

Step 5 tunnel source {ip-address | interface-type Specifies the source IPv4 address or the source
interface-number} interface type and number for the tunnel
interface.
Example:
Router(config-if)# tunnel source Note The interface type and number
TenGigabitEthernet 4/1/0 specified in the tunnel source
command must be configured with
an IPv4 address.

Step 6 tunnel mode ipv6ip 6to4 Specifies an IPv6 overlay tunnel using a 6to4
address.
Example:
Router(config-if)# tunnel mode ipv6ip
6to4

Step 7 exit Exits interface configuration mode and returns

to global configuration mode.
Example:
Router(config-if)# exit

Step 8 ipv6 route ipv6-prefix / prefix-length Configures a static route to the specified tunnel
tunnel tunnel-number interface.
Example: Note When configuring a 6to4 overlay
Router(config)# ipv6 route 2002::/16 tunnel, you must configure a static
tunnel 0 route for the IPv6 6to4 prefix
2002::/16 to the 6to4 tunnel
interface.

• The tunnel number specified in the ipv6

route command must be the same tunnel
number specified in the interface tunnel
command.

Step 9 end Exits global configuration mode and returns to

privileged EXEC mode.
Example:

Generic Routing Encapsulation

13
 Generic Routing Encapsulation
What to Do Next

Command or Action Purpose

Router(config)# end

What to Do Next
Proceed to the “Verifying Tunnel Configuration and Operation” section.

Verifying Tunnel Configuration and Operation

The show and ping commands in the steps below can be used in any sequence. The following commands can
be used for GRE tunnels, IPv6 manually configured tunnels, and IPv6 over IPv4 GRE tunnels.

Procedure

Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Device> enable

Step 2 show interfaces tunnel number [accounting]

Two routers are configured to be endpoints of a tunnel. Device A has TenGigabit Ethernet interface 4/1/0
configured as the source for tunnel interface 0 with an IPv4 address of 10.0.0.1 and an IPv6 prefix of
2001:0DB8:1111:2222::1/64. Device B has TenGigabit Ethernet interface 4/1/0 configured as the source for
tunnel interface 1 with an IPv4 address of 10.0.0.2 and an IPv6 prefix of 2001:0DB8:1111:2222::2/64.
To verify that the tunnel source and destination addresses are configured, use the show interfaces tunnel
command on Device A.
Example:

Device A# show interfaces tunnel 0

Tunnel0 is up, line protocol is up

Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.0.0.1 (TenGigabitEthernet4/1/0), destination 10.0.0.2, fastswitch TTL
255
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
Checksumming of packets disabled, fast tunneling enabled
Last input 00:00:14, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4 packets input, 352 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

Generic Routing Encapsulation

14
Generic Routing Encapsulation
Verifying Tunnel Configuration and Operation

8 packets output, 704 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out

Step 3 ping [protocol] destination

To check that the local endpoint is configured and working, use the ping command on Device A.
Example:

DeviceA# ping 2001:0DB8:1111:2222::2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:0DB8:1111:2222::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms

Step 4 show ip route [address [mask]]

To check that a route exists to the remote endpoint address, use the show ip route command.
Example:

DeviceA# show ip route 10.0.0.2

Routing entry for 10.0.0.0/24

Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via TenGigabitEthernet4/1/0
Route metric is 0, traffic share count is 1

Step 5 ping [protocol] destination

To check that the remote endpoint address is reachable, use the ping command on Device A.
Note The remote endpoint address may not be reachable using the ping command because of filtering,
but the tunnel traffic may still reach its destination.

Example:

DeviceA# ping 10.0.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/28 ms

To check that the remote IPv6 tunnel endpoint is reachable, use the ping command again on Device A. The
note regarding filtering earlier in step also applies to this example.
Example:

DeviceA# ping 2001:0DB8:1111:2222::2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms

Generic Routing Encapsulation

15
 Generic Routing Encapsulation
Configuration Examples for Implementing Tunnels

These steps may be repeated at the other endpoint of the tunnel.

Configuration Examples for Implementing Tunnels

Example: Configuring a GRE IPv4 Tunnel
The following example shows a simple configuration of GRE tunneling. Note that TenGigabit Ethernet
interface 4/1/0 is the tunnel source for Router A and the tunnel destination for Router B. TenGigabit Ethernet
interface 4/1/1 is the tunnel source for Router B and the tunnel destination for Router A.

Router A

interface Tunnel 0
ip address 10.1.1.2 255.255.255.0
tunnel source TenGigabitEthernet 4/1/0
tunnel destination 192.168.3.2
tunnel mode gre ip
!
interface TenGigabitEthernet 4/1/0
ip address 192.168.4.2 255.255.255.0

Router B

interface Tunnel 0
ip address 10.1.1.1 255.255.255.0
tunnel source TenGigabitEthernet 4/1/1
tunnel destination 192.168.4.2
tunnel mode gre ip
!
interface TenGigabitEthernet 4/1/1
ip address 192.168.3.2 255.255.255.0

The following example configures a GRE tunnel running both IS-IS and IPv6 traffic between Router A and
Router B:

Router A

ipv6 unicast-routing
clns routing
!
interface Tunnel 0
no ip address
ipv6 address 2001:0DB8:1111:2222::1/64
ipv6 router isis
tunnel source TenGigabitEthernet 4/1/0
tunnel destination 10.0.0.2
tunnel mode gre ip
!
interface TenGigabitEthernet 4/1/0
ip address 10.0.0.1 255.255.255.0
!

Generic Routing Encapsulation

16
 Generic Routing Encapsulation
Configuring QoS Options on Tunnel Interfaces Examples

router isis
network 49.0000.0000.000a.00

Router B

ipv6 unicast-routing
clns routing
!
interface Tunnel 0
no ip address
ipv6 address 2001:0DB8:1111:2222::2/64
ipv6 router isis
tunnel source TenGigabitEthernet 4/1/0
tunnel destination 10.0.0.1
tunnel mode gre ip
!
interface TenGigabitEthernet 4/1/0
ip address 10.0.0.2 255.255.255.0
!
router isis
network 49.0000.0000.000b.00
address-family ipv6
redistribute static
exit-address-family

Configuring QoS Options on Tunnel Interfaces Examples

The following sample configuration applies GTS directly on the tunnel interface. In this example, the
configuration shapes the tunnel interface to an overall output rate of 500 kb/s.

interface Tunnel 0
ip address 10.1.2.1 255.255.255.0
traffic-shape rate 500000 125000 125000 1000
tunnel source 10.1.1.1
tunnel destination 10.2.2.2

The following sample configuration shows how to apply the same shaping policy to the tunnel interface with
the MQC commands:

policy-map tunnel
class class-default
shape average 500000 125000 125000
!
interface Tunnel 0
ip address 10.1.2.1 255.255.255.0
service-policy output tunnel
tunnel source 10.1.35.1
tunnel destination 10.1.35.2

Policing Example
When an interface becomes congested and packets start to queue, you can apply a queueing method to packets
that are waiting to be transmitted. Logical interfaces--tunnel interfaces in this example--do not inherently
support a state of congestion and do not support the direct application of a service policy that applies a queueing
method. Instead, you must apply a hierarchical policy. Create a "child" or lower-level policy that configures
a queueing mechanism, such as low-latency queueing, with the priority command and CBWFQ with the
bandwidth command.

Generic Routing Encapsulation

17
 Generic Routing Encapsulation
How to Configure IPv6 over IPv4 GRE Tunnels

policy-map child
class voice
priority 512

Create a "parent" or top-level policy that applies class-based shaping. Apply the child policy as a command
under the parent policy because admission control for the child class is done according to the shaping rate for
the parent class.

policy-map tunnel
class class-default
shape average 2000000
service-policy child

Apply the parent policy to the tunnel interface.

interface tunnel 0
service-policy tunnel

In the following example, a tunnel interface is configured with a service policy that applies queueing without
shaping. A log message is displayed noting that this configuration is not supported.

Router(config)# interface tunnel1

Router(config-if)# service-policy output child
Class Based Weighted Fair Queueing not supported on this interface

How to Configure IPv6 over IPv4 GRE Tunnels

Configuring GRE on IPv6 Tunnels
GRE tunnels can be configured to run over an IPv6 network layer and to transport IPv4 and IPv6 packets in
IPv6 tunnels.

Before you begin

When GRE IPv6 tunnels are configured, IPv6 addresses are assigned to the tunnel source and the tunnel
destination. The tunnel interface can have either IPv4 addresses or IPv6 addresses assigned (this is not shown
in the task). The host or device at each end of a configured tunnel must support both the IPv4 and IPv6 protocol
stacks.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Generic Routing Encapsulation

18
Generic Routing Encapsulation
Configuring GRE on IPv6 Tunnels

Command or Action Purpose

Device# configure terminal

Step 3 interface tunnel tunnel-number Specifies a tunnel interface and number, and
enters interface configuration mode.
Example:

Device(config)# interface tunnel 0

Step 4 Enter one of the following commands: Specifies the IPv6 network assigned to the
interface and enables IPv6 processing on the
• ipv6 address {ipv6-address/prefix-length
interface.
| prefix-name sub-bits/prefix-length}
• ipv6 address ipv6-prefix/prefix-length • If you specify the eui-64 keyword, the
[eui-64] software configures an IPv6 address for
an interface and enables IPv6 processing
Example: on the interface using an EUI-64 interface
ID in the low-order 64 bits of the address.
Device(config-if)# ipv6 address
3ffe:b00:c18:1::3/127

Step 5 tunnel source {ip-address | ipv6-address | Specifies the source IPv4 address, IPv6 address,
interface-type interface-number} or the source interface type and number for the
tunnel interface.
Example:
• If an interface is specified, the interface
Device(config-if)# tunnel source must be configured with an IPv4 address.
Tengigabitethernet 4/1/0

Step 6 tunnel destination {hostname | ip-address | Specifies the destination IPv4 address, IPv6
ipv6-address} address, or hostname for the tunnel interface.
Example:

Device(config-if)# tunnel destination

2001:DB8:1111:2222::1/64

Step 7 tunnel mode {aurp | cayman | dvmrp | eon | Specifies a GRE IPv6 tunnel.
gre | gre multipoint | gre ipv6 | ipip
Note The tunnel mode gre ipv6
[decapsulate-any] | iptalk | ipv6 | mpls | nos}
command specifies GRE as the
Example: encapsulation protocol for the tunnel.

Device(config-if)# tunnel mode gre ipv6

Step 8 end Returns to privileged EXEC mode.

Example:

Device(config-if)# end

Generic Routing Encapsulation

19
 Generic Routing Encapsulation
Configuration Examples for IPv6 over IPv4 GRE Tunnels

Configuration Examples for IPv6 over IPv4 GRE Tunnels

Example: GRE Tunnel Running IS-IS and IPv6 Traffic
The following example configures a GRE tunnel running both IS-IS and IPv6 traffic between Router A and
Router B:

Router A Configuration

ipv6 unicast-routing
clns routing
!
interface tunnel 0
no ip address
ipv6 address 3ffe:b00:c18:1::3/127
ipv6 router isis
tunnel source TenGigabitEthernet 4/1/0
tunnel destination 2001:DB8:1111:2222::1/64
tunnel mode gre ipv6
!
interface TenGigabitEthernet4/1/0
ip address 10.0.0.1 255.255.255.0
!
router isis
net 49.0000.0000.000a.00

Router B Configuration

ipv6 unicast-routing
clns routing
!
interface tunnel 0
no ip address
ipv6 address 3ffe:b00:c18:1::2/127
ipv6 router isis
tunnel source TenGigabitEthernet 4/1/0
tunnel destination 2001:DB8:1111:2222::2/64
tunnel mode gre ipv6
!
interface TenGigabitEthernet4/1/0
ip address 10.0.0.2 255.255.255.0
!
router isis
net 49.0000.0000.000b.00
address-family ipv6
redistribute static
exit-address-family

Example: Tunnel Destination Address for IPv6 Tunnel

Router(config)#interface Tunnel0
Router(config-if)#ipv6 address 2001:1:1::1/48
Router(config-if)#tunnel source TenGigabitEthernet 4/1/0
Router(config-if)#tunnel destination 10.0.0.2

Generic Routing Encapsulation

20
 Generic Routing Encapsulation
How to Configure GRE IPv6 Tunnels

Router(config-if)#tunnel mode gre ipv6

Router(config-if)#exit
!
Router(config)#interface TenGigabitEthernet4/1/0
Router(config-if)#ip address 10.0.0.1 255.255.255.0
Router(config-if)#exit
!
Router(config)#ipv6 unicast-routing
Router(config)#router isis
Router(config)#net 49.0000.0000.000a.00

How to Configure GRE IPv6 Tunnels

Configuring GRE IPv6 Tunnels
Perform this task to configure a GRE tunnel on an IPv6 network. GRE tunnels can be configured to run over
an IPv6 network layer and transport IPv6 and IPv4 packets through IPv6 tunnels.

Note You must enable IPv6 or configure IPv6 MTU size more than 1500 on a tunnel's exit interface to avoid
receiving warning messages.

Before you begin

When GRE IPv6 tunnels are configured, IPv6 addresses are assigned to the tunnel source and the tunnel
destination. The tunnel interface can have either IPv4 or IPv6 addresses (this is not shown in the task below).
The host or device at each end of the configured tunnel must support both IPv4 and IPv6 protocol stacks.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 interface tunnel tunnel-number Specifies a tunnel interface and number and
enters interface configuration mode.
Example:
Device(config)# interface tunnel 0

Step 4 tunnel source {ipv6-address | interface-type Specifies the source IPv6 address or the source
interface-number} interface type and number for the tunnel
interface.
Example:

Generic Routing Encapsulation

21
 Generic Routing Encapsulation
Configuration Examples for GRE IPv6 Tunnels

Command or Action Purpose

Device(config-if)# tunnel source ethernet • If an interface type and number are
0
specified, the interface must be configured
with an IPv6 address.

Note Only the syntax used in this context

is displayed. For more details, see
the IPv6 Command Reference.

Step 5 tunnel destination ipv6-address Specifies the destination IPv6 address for the
tunnel interface.
Example:
Device(config-if)# tunnel destination Note Only the syntax used in this context
2001:0DB8:0C18:2::300 is displayed. For more details, see
the IPv6 Command Reference.

Step 6 tunnel mode gre ipv6 Specifies a GRE IPv6 tunnel.

Example: Note The tunnel mode gre ipv6
Device(config-if)# tunnel mode gre ipv6 command specifies GRE as the
encapsulation protocol for the tunnel
interface. Only the syntax used in
this context is displayed. For more
details, see the IPv6 Command
Reference.

Step 7 end Exits interface configuration mode and returns

to privileged EXEC mode.
Example:
Device(config-if)# end

Configuration Examples for GRE IPv6 Tunnels

Example: Configuring GRE IPv6 Tunnels
The following example shows how to configure a GRE tunnel over an IPv6 transport. In this example,
Ethernet0/0 has an IPv6 address, and this is the source address used by the tunnel interface. The destination
IPv6 address of the tunnel is specified directly. In this example, the tunnel carries both IPv4 and IS-IS traffic.
interface Tunnel0
ip address 10.1.1.1 255.255.255.0
ip router isis
tunnel source Ethernet0/0
tunnel destination 2001:DB8:1111:2222::1
tunnel mode gre ipv6
!
interface Ethernet0/0
no ip address
ipv6 address 2001:DB8:1111:1111::1/64
!

Generic Routing Encapsulation

22
 Generic Routing Encapsulation
Additional References

router isis
net 49.0001.0000.0000.000a.00

Additional References
The following sections provide references related to the GRE feature.

Related Documents

Related Document Title

Topic

CMTS Cisco CMTS Cable Command Reference, at the following URL:

Command http://www.cisco.com/c/en/us/td/docs/cable/cmts/cmd_ref/b_cmts_cable_cmd_ref.html
Reference

Configuring Configuring GRE Tunnel over Cable, at the following URL:

GRE http://www.cisco.com/en/US/tech/tk86/tk89/technologies_configuration_example09186a008011520d.shtm
Tunnel
over Cable

Standards

Standard Title

SP-RFIv1.1-I09-020830 Data-over-Cable Service Interface Specifications Radio Frequency Interface

Specification, version 1.1 ( http://www.cablemodem.com )

MIBs

MIB MIBs Link

No new or modified MIBs are To locate and download MIBs for selected platforms, Cisco IOS
supported by this feature. releases, and feature sets, use Cisco MIB Locator found at the
following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index

RFCs

RFC Title

RFC 1701 Generic Routing Encapsulation (GRE)

RFC 1702 Generic Routing Encapsulation over IPv4 networks

RFC 1853 IP in IP Tunneling

RFC 2003 IP Encapsulation within IP

RFC 2784 Generic Routing Ecapsulation (GRE)

Generic Routing Encapsulation

23
 Generic Routing Encapsulation
Feature Information for Generic Routing Encapsulation

RFC Title

RFC 2890 Key and Sequence Number Extensions to GRE

Technical Assistance

Description Link

The Cisco Technical Support & Documentation website http://www.cisco.com/cisco/web/support/index.html

contains thousands of pages of searchable technical
content, including links to products, technologies,
solutions, technical tips, and tools. Registered
Cisco.com users can log in from this page to access
even more content.

Feature Information for Generic Routing Encapsulation

Use Cisco Feature Navigator to find information about the platform support and software image support.
Cisco Feature Navigator enables you to determine which software images support a specific software release,
feature set, or platform. To access Cisco Feature Navigator, go to the http://www.cisco.com/go/cfn link. An
account on the Cisco.com page is not required.

Note The following table lists only the software release that introduced support for a given feature in a given
software release train. Unless noted otherwise, subsequent releases of that software release train also support
that feature.

Table 5: Feature Information for Generic Routing Encapsulation

Feature Name Releases Feature Information

Generic Routing Cisco IOS XE Everest This feature was integrated into Cisco IOS XE
Encapsulation 16.6.1 Everest 16.6.1 on the Cisco cBR Series Converged
Broadband Routers.

Generic Routing Encapsulation

24