Building Ethernet-over-IP tunnels with Linux

TunnelThere is a not so well documented way to link together separate Ethernet segments by using GRE tunnels over IP networks while using only Linux Kernel capabilities and not requiring any userland daemons.

This can be useful to make physically separate networks appear as one, although linking over the internet in this way may not be very wise as the tunnel isn’t encrypted.

This can also be used to simulate multiple separate networks for virtual machines running on different physical hosts, without requiring VLAN tagging support from the physical network or using Open vSwitch.

The basic idea is to add a tunnel link of type “gretap” and attach it to a bridge, here is how to see what little documentation is available about it:

ip link add foo type gretap help

Here is a blog post providing some further explanation.

This capability has existed in the kernel since 2.6.29, so it is included in most moderately-recent distributions including RHEL/CentOS 6, Ubuntu (since 9.10 – Kermic) and Debian (since 6.0 – Squeeze).

One thought on “Building Ethernet-over-IP tunnels with Linux

  1. Pingback: Linux network encapsulation - My Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s