CISCO官方配置手册GRE+Tunnel

agang1717
2 ℃
2017-07-27

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

TableofContentsWhyCan'tIBrowsetheInternetwhenUsingaGRETunnel?.....................................................................1DocumentID:13725................................................................................................................................1Introduction..........................................................................................................................................................1Prerequisites.........................................................................................................................................................1Requirements..........................................................................................................................................1ComponentsUsed...................................................................................................................................1Conventions............................................................................................................................................1PacketFragmentationandICMPMessages........................................................................................................1BlockedICMPMessages.....................................................................................................................................3Solutions.................................................................................................................................................3FurtherSolutions.....................................................................................................................................3RelatedInformation.............................................................................................................................................4Cisco−WhyCan'tIBrowsetheInternetwhenUsingaGRETunnel?iWhyCan'tIBrowsetheInternetwhenUsingaGRETunnel?DocumentID:13725IntroductionPrerequisitesRequirementsComponentsUsedConventionsPacketFragmentationandICMPMessagesBlockedICMPMessagesSolutionsFurtherSolutionsRelatedInformationIntroductionSometimeswhentrafficgoesthroughagenericroutingencapsulation(GRE)tunnel,youcansuccessfullyusethepingcommandandTelnet,butyoucannotdownloadInternetpagesortransferfilesusingFileTransferProtocol(FTP).Thisdocumentexplainsacommonreasonforthisproblem,andoffersseveralworkarounds.PrerequisitesRequirementsThisdocumentrequiresabasicunderstandingofGRE.RefertothefollowingdocumentstolearnmoreaboutGRE:GenericRoutingEncapsulation•TheConfiguringaGRETunnelsectionofSite−to−SiteandExtranetVPNBusinessScenarios•ComponentsUsedThisdocumentisnotrestrictedtospecificsoftwareandhardwareversions.Tofindadditionalinformationonthecommandsusedinthisdocument,usetheCommandLookupTool(registeredcustomersonly).ConventionsFormoreinformationondocumentconventions,seetheCiscoTechnicalTipsConventions.PacketFragmentationandICMPMessagesThisdocumentusesthefollowingnetworkdiagramasanexample:Cisco−WhyCan'tIBrowsetheInternetwhenUsingaGRETunnel?Inthediagramabove,whentheClientwantstoaccessapageontheInternet,itestablishesaTCPsessionwiththeWebServer.Duringthisprocess,theClientandWebServerannouncetheirmaximumsegmentsize(MSS),indicatingtoeachotherthattheycanacceptTCPsegmentsuptothissize.UponreceivingtheMSSoption,eachdevicecalculatesthesizeofthesegmentthatcanbesent.ThisiscalledtheSendMaxSegmentSize(SMSS),anditequalsthesmallerofthetwoMSSs.FormoreinformationaboutTCPMaximumSegmentSize,seeRFC879.Forthesakeofargument,let'ssaytheWebServerintheexampleabovedeterminesthatitcansendpacketsupto1500bytesinlength.Itthereforesendsa1500bytepackettotheClient,and,intheIPheader,itsetsthedon'tfragment(DF)bit.WhenthepacketarrivesatR2,theroutertriesencapsulatingitintothetunnelpacket.InthecaseoftheGREtunnelinterface,theIPmaximumtransmissionunit(MTU)is24byteslessthantheIPMTUoftherealoutgoinginterface.ForanEthernetoutgoinginterfacethatmeanstheIPMTUonthetunnelinterfacewouldbe1500minus24,or1476bytes.R2istryingtosenda1500byteIPpacketintoa1476byteIPMTUinterface.Sincethisisnotpossible,R2needstofragmentthepacket,creatingonepacketof1476bytes(dataandIPheader)andonepacketof44bytes(24bytesofdataandanewIPheaderof20bytes).R2thenGREencapsulatesbothofthesepacketstoget1500and68bytepackets,respectively.Thesepacketscannowbesentouttherealoutboundinterface,whichhasa1500byteIPMTU.However,rememberthatthepacketreceivedbyR2hastheDFbitset.Therefore,R2can'tfragmentthepacket,andinstead,itneedstoinstructtheWebServertosendsmallerpackets.ItdoesthisbysendinganInternetControlMessageProtocol(ICMP)type3code4packet(DestinationUnreachable;FragmentationNeededandDFset).ThisICMPmessagecontainsthecorrectMTUtobeusedbytheWebServer,whichshouldreceivethismessageandadjustthepacketsizeaccordingly.Note:RefertoImportantInformationonDebugCommandsbeforeyouusedebugcommands.WecanviewtheICMPmessagessentbyR2byenablingthedebugipicmpcommand:ICMP:dst(10.10.10.10)frag.neededandDFsetunreachablesentto10.1.3.4Cisco−WhyCan'tIBrowsetheInternetwhenUsingaGRETunnel?BlockedICMPMessagesAcommon