No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Ethernet over mGRE

Ethernet over mGRE

Generic Routing Encapsulation (GRE) provides a mechanism to encapsulate packets of a protocol into packets of another protocol. This allows packets to be transmitted over heterogeneous networks. A channel for transmitting heterogeneous packets is called a tunnel.

A GRE tunnel can be established using the following tunnel interfaces:
  • GRE tunnel interface

    A GRE tunnel interface is a point-to-point virtual interface used to encapsulate packets, and has the source address, destination address, and tunnel interface IP address.

  • mGRE tunnel interface

    An mGRE tunnel interface is a point-to-multipoint virtual interface used in Dynamic Smart VPN (DSVPN) applications, and has the source address, destination address, and tunnel interface IP address.

    The destination IP address of a GRE tunnel interface is manually configured, whereas the destination IP address of an mGRE tunnel is resolved by the next hop resolution protocol (NHRP). An mGRE tunnel interface has multiple remote ends because there are multiple GRE tunnels on the interface.

In Figure 2-4, the enterprise headquarters (Hub) and branches (Spokes) use Ethernet networks and are connected by an IP backbone network. Ethernet over mGRE can be deployed to transparently transmit Ethernet packets over mGRE tunnels, enabling communication between the Hub and Spokes.

Figure 2-4  Ethernet over mGRE networking

Ethernet over mGRE encapsulates Ethernet packets using GRE and transmits the encapsulated packets over a network running another network layer protocol, such as IPv4. The detailed working process is as follows:

  1. Layer 2 virtual Ethernet (VE) interfaces VE0/0/2 and VE0/0/1 are bound to the LAN-side physical Ethernet interface GE2/0/0 and WAN-side tunnel interface Tunnel0/0/1 of the routers, respectively.
  2. LAN-side GE2/0/0 on Spoke1 receives an Ethernet packet containing a VLAN tag from branch network 1.
  3. GE2/0/0 forwards the packet to VE0/0/2. VE0/0/2 processes the VLAN tag, forwards the packet at Layer 2 based on the MAC address and VLAN tag, and finds the outbound interface VE0/0/1.
  4. VE0/0/1 processes the VLAN tag in the Ethernet packet and forwards it to the bound Tunnel0/0/1. Tunnel0/0/1 encapsulates the Ethernet packet using GRE (with the protocol code 0x6558) and forwards the encapsulated packet over an mGRE tunnel.
  5. Tunnel0/0/1 on Hub decapsulates the received packet using GRE, finds that the protocol code is 0x6558, and forwards the decapsulated Ethernet packet to the inbound interface VE0/0/1.
  6. VE0/0/1 processes the VLAN tag in the packet and forwards it to the outbound interface VE0/0/2. VE0/0/2 processes the VLAN tag in the packet and sends it to the outbound interface GE2/0/0.
  7. GE2/0/0 sends the Ethernet packet containing a new VLAN tag to the headquarters network.
  8. The forwarding process of packets from Spoke2 to Hub is the same as that from Spoke1 to Hub.
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31731

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next