RipEX2 – GRE TAP tunneling

Print version

1. RipEX2 – GRE TAP tunneling

GRE L2 tunnel captures Ethernet frames of the bridge and sends them to the other end of the tunnel. It is linked up to the RipEX2 internal bridge (LAN interface) as one of the bridge’s ports. It enables to build bridges via the complex routed infrastructured networks and combines the local partial segments into one network segment.

We had a so-called ARP proxy functionality in RipEX radios. Proxy ARP is a technique by which a proxy server (local RipEX) at given network answers via the Address Resolution Protocol (ARP) queries for an IP address that is not on that local network segment. This functionality is not implemented in RipEX2, but with the GRE TAP tunnelling feature, advanced native full transparent Layer2 (Ethernet) connectivity over the Layer3 Radio network can be achieved.

GRE L2 tunnel can be used to natively transport IPv6 traffic, GOOSE messaging, multicast, VLAN double-tagged packets – QinQ 802.1ad or single tagged 802.1q over the RipEX2 IPv4 network.

1.1. Configuration

GRE TAP tunnel diagram

Fig. 1.1: GRE TAP tunnel diagram

1.1.1. RipEX_A

Start with RipEX2 units in factory settings. From this point, do the following changes. Go to the Device – Unit menu and set the Unit name. You can also update time in the device so that debugging is easier afterwards (time synchronization).

RipEX_A Device unit

Fig. 1.2: RipEX_A Device unit

RipEX_A Device – Unit – Time

Fig. 1.3: RipEX_A Device – Unit – Time

Go to the SETTINGS – Interfaces – Ethernet and set the IP address.

RipEX_A – Interfaces – Ethernet

Fig. 1.4: RipEX_A – Interfaces – Ethernet

Change the Radio interface configuration.

  • Mode

  • Radio protocol

Flexible (can be BDP as well)
  • Radio / IP mask
  • TX / RX frequencies

Set to any value appropriate to you
  • Modulation type

QAM (you can use FSK as well, but set the same in RipEX_B)
  • Modulation

64QAM (choose to suit your needs)
RipEX_A Interfaces – Radio

Fig. 1.5: RipEX_A Interfaces – Radio

Go to the VPN – GRE menu and set the L2 GRE TAP tunnel. The only parameter is the Peer address equal to (RipEX_B radio IP).

RipEX_A GRE TAP configuration

Fig. 1.6: RipEX_A GRE TAP configuration

Save all the changes and do similar steps in RipEX_B.

1.1.2. RipEX_B

RipEX_B configuration is the same as in RipEX_A so you can upload the saved configuration from RipEX_A to RipEX_B and then change the following parameters:

  • Unit name

  • Ethernet IP
  • Radio / IP mask
  • GRE TAP Peer IP

1.1.3. Diagnostics and tests

The most basic example is to run ICMP ping from RipEX2 GUI, or you can run an ICMP from connected devices as well.

Go to the RipEX_A or RipEX_B Diagnostics – Tools menu and select ICMP ping tab. Fill in the Destination IP. In this example, local accessed unit is RipEX_B and ping is run against IP address.

RipEX_B ICMP ping to RipEX_A

Fig. 1.7: RipEX_B ICMP ping to RipEX_A

Click on the Start button and you should see a similar output.

PING ( from : 200(228) bytes of data.

208 bytes from icmp_seq=1 ttl=64 time=110 ms

208 bytes from icmp_seq=2 ttl=64 time=82.2 ms

208 bytes from icmp_seq=3 ttl=64 time=119 ms

208 bytes from icmp_seq=4 ttl=64 time=101 ms

208 bytes from icmp_seq=5 ttl=64 time=119 ms

— ping statistics —

5 packets transmitted, 5 received, 0% packet loss, time 4005ms

rtt min/avg/max/mdev = 82.299/106.792/119.951/14.101 ms

In a Diagnostics – Monitoring menu, you can verify that packets are encapsulated to GRE. Enable Radio interface monitoring for all on the Radio channel. You can set the Length parameter to 0 Bytes so that more lines fit into one console output.

You should see similar GRE traffic in your output (you can run another ICMP ping from a 2nd window).

14:55:59.565152 [RF:phy:tx] IP > GRE, length:284

14:55:59.619935 [RF:phy:rx] IP > GRE, length:284, rss:74 mse:36

14:56:04.624331 [RF:phy:tx] IP > GRE, length:84

14:56:04.877228 [RF:phy:rx] IP > GRE, length:84, rss:74 mse:36

14:56:04.913019 [RF:phy:tx] IP > GRE, length:83

14:56:04.977027 [RF:phy:rx] IP > GRE, length:83, rss:74 mse:37

Once all of this is working fine, you can test traffic which is most important for you – such as

  • VLAN double-tagged packets

  • IPv6

  • Multicast