ICTShore.com

We re-branded, ictshore.com is now accelerates.it!

Skill Integration: GRE and OSPF

Packet Tracer Skill Integration

Share This Post

If you are a network engineer, you know the importance of skill integration. In fact, you can’t just use every single technology independently. The work of network administrators consists of combining multiple technologies to address business needs. While preparing for your CCNA, having the possibility to practice multiple skills together can make a difference. In this lab, we are going to do just that for connecting two sites using GRE and OSPF.

This article focuses on implementing a lab, that you can download for free using the link below. So, if you wish to learn how to integrate GRE and OSPF, just click the following image.

Get this lab! Practice what you learn and gain experience with our networking labs and demos - download now

Once you have downloaded the lab, un-zip and open it with Cisco Packet Tracer. Then, read through the requirements in the following section. Be sure to understand them, and try to implement them on your own. After that, you can check the solution (below in the article).

Skill Integration Challenge: GRE and OSPF

This lab is a Skill Integration Challenge. To complete it, you will need to try to complete it on your own. The requirements provide you with all the needed information, so just go read them. However, they do not provide you with the technical knowledge needed to do the lab. If you are not familiar with GRE and OSPF, you should check the following links first.

Lab Topology

For this lab, the topology is fairly simple. As you can see from the picture, we have two small sites.

Skill Integration Lab topology with OSPF and GRE
The topology for this lab.

These small sites, named HQ and Branch, are connected with MPLS and Internet. Both sites can go to the Internet using NAT, while the only site having local infrastructure (servers) is HQ. However, the branch site cannot access the internal devices at HQ as of now. On the Internet, we also have a public web server, as you will see in the requirements.

The Requirements

Our high-level goal here is to implement redundancy. In this lab, we are going to integrate GRE and OSPF to create two paths between the two sites: one over the MPLS, and the other over the Internet. Below a detailed checklist.

  1. Configure the DHCP relay in HQ for subnet 10.0.10.0/24 toward 10.0.20.11.
  2. Add the DNS server in the DHCP pool on the Branch router. The corporate DHCP server is 10.0.20.12
  3. Create a GRE tunnel over the MPLS (tunnel0) network having the addressing of 10.255.2.0/30, where HQ has the lowest address. To turn on that tunnel, you will need to create the Loopback0 interface on both routers and give it an address of 10.128.1.1/32 for HQ, and 10.128.1.2/32 for Branch. To make this work you will need to add a static route for the loopback of the other router: use the lowest address in the subnet as next-hop.
  4. Create a GRE tunnel over the Internet (tunnel1). It must have addressing of 10.255.2.4/30, where HQ will have the lowest address available. Use the public interfaces of the routers as source/destination.
  5. Create an OSPF instance on both routers (using the process ID of 1), and propagate all the networks individually in the backbone area. Do not specify a Router ID.

Now try to implement all of that, and see how you score. Then, read through our guide as we explain the solution.

Integrating GRE with OSPF

For this lab, interestingly, the requirements do not list all the information we need. However, they list enough information for us to retrieve what’s missing with show commands.

#1 – Add the DHCP relay in HQ

This first step is very easy. Use show ip interface brief to see what’s the network has an address of 10.0.10.0/24, and then add the helper-address to it. Below, the configuration commands.

interface GigabitEthernet0/1.10
 ip helper-address 10.0.20.11

#2 – Add DNS to Branch

Using simply show running-configuration, you can find out that the DHCP pool name is “BRANCH”. Then, all we need to do is this:

ip dhcp pool BRANCH
 dns-server 10.0.20.12

#3 – Creating the GRE tunnel over MPLS

Now it starts to be tricky. First, we need to create the Loopback as specified by the requirements. Here’s what we need to do on HQ-Router.

interface Loopback0
 ip address 10.128.1.1 255.255.255.255

Then, using show ip route we can find out that the network going to the MPLS is 10.255.1.128/30, and so we can add the static route as required.

ip route 10.128.1.2 255.255.255.255 10.255.1.129

Finally, we can create the tunnel as below.

interface Tunnel0
 ip address 10.255.2.1 255.255.255.252
 tunnel source Loopback0
 tunnel destination 10.128.1.2

The process on Branch-Router is similar.

interface Loopback0
 ip address 10.128.1.2 255.255.255.255

ip route 10.128.1.1 255.255.255.255 10.255.1.1

interface Tunnel0
 ip address 10.255.2.2 255.255.255.252
 tunnel source Loopback0
 tunnel destination 10.128.1.1

#4 – Creating the GRE tunnel over the Internet

Creating the GRE tunnel over the Internet is simple. We don’t need to define new loopback interfaces or static routes. So, these are the commands for HQ-Router.

interface Tunnel1
 ip address 10.255.2.5 255.255.255.252
 tunnel source GigabitEthernet 0/2
 tunnel destination 147.11.87.18

And these are the commands for Branch-Router.

interface Tunnel1
 ip address 10.255.2.6 255.255.255.252
 tunnel source GigabitEthernet 0/2
 tunnel destination 87.0.1.130

#5 – Run OSPF

To run OSPF, we can use these commands on HQ-Router.

router ospf 1
 network 10.0.10.0 0.0.0.255 area 0
 network 10.0.20.0 0.0.0.255 area 0
 network 10.255.2.0 0.0.0.3 area 0
 network 10.255.2.4 0.0.0.3 area 0

And these on Branch-Router.

router ospf 1
 network 10.1.10.0 0.0.0.255 area 0
 network 10.255.2.0 0.0.0.3 area 0
 network 10.255.2.4 0.0.0.3 area 0

Some thoughts

And now… congratulations! At this point, your score is 100%, and you have completed this lab about GRE and OSPF integration. However, we still have some considerations we need to do.

First, in real life, we never implement a GRE tunnel over the Internet without encryption. In fact, as from best practices, everything you send over the Internet should be encrypted, so that only the intended receiver can read it. Instead of a GRE tunnel, this is the perfect use case of a VPN. You can do that with a GRE tunnel, but you need to run IPSec encryption over it.

After that, it is still worth mentioning that it’s not so common to have a GRE tunnel over the MPLS. MPLS contains just private addresses, it is a private network. Therefore, there’s no need for a GRE tunnel over it. However, we needed to do it for some packet tracer’s limitations.

Another thing we didn’t do, but we should have done, is discouraging the Internet path. Now, the two paths are equivalent (and we can’t change the metric in packet tracer). However, we want the routers to use the path running in MPLS, and the Internet path only if the MPLS becomes unavailable. The only case for using both is load balancing, but we aren’t doing that.

How did it feel to implement such architecture? Have you learned something that you didn’t get while studying the individual technologies? Just let me know your thoughts in the comments below.

Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.
Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.

Join the Newsletter to Get Ahead

Revolutionary tips to get ahead with technology directly in your Inbox.

Alessandro Maggio

2018-01-11T16:30:13+00:00

Unspecified

Networking

Unspecified