1
00:00:00,810 --> 00:00:06,900
In this video, we're going to discuss generic routing, encapsulation tunneling or grid tunneling.

2
00:00:07,140 --> 00:00:14,700
In its most basic form, a GRC tunnel is a point to point tunnel that allows you to transport multiple

3
00:00:14,700 --> 00:00:20,700
higher layer protocols such as IP version four, IP version six, as well as older protocols such as

4
00:00:20,700 --> 00:00:24,870
IP and others across a point to point tunnel.

5
00:00:25,050 --> 00:00:30,630
It's important to remember that GRC does not provide authentication and encryption.

6
00:00:30,750 --> 00:00:38,130
It provides a point to point connection between two routers that emulates or looks like a point to point

7
00:00:38,130 --> 00:00:41,100
tunnel or point to point serial link.

8
00:00:41,430 --> 00:00:46,110
Another advantage of GRC is the support for multicast routing protocols.

9
00:00:46,230 --> 00:00:54,540
In the past, what was often done is that GRC tunnels were encapsulated inside IPsec tunnels for encryption

10
00:00:54,540 --> 00:00:55,800
and authentication.

11
00:00:55,800 --> 00:01:01,590
So GRC would provide a simple point to point link that emulates or looks like a serial link.

12
00:01:01,590 --> 00:01:08,490
But because it provides no encryption and no authentication, that GRC tunnel would then be put inside

13
00:01:08,490 --> 00:01:12,360
an IP tunnel to provide the encryption and authentication.

14
00:01:13,220 --> 00:01:18,560
Now, before going any further, I want to point out that you have access to some features of the VPN

15
00:01:18,560 --> 00:01:21,260
config generator as part of your course.

16
00:01:21,530 --> 00:01:25,610
One of the VPN config generator options is to set up a geo tunnel.

17
00:01:26,000 --> 00:01:32,990
The software allows you very easily to create the configuration required for a point to point Geo Tunnel.

18
00:01:34,710 --> 00:01:41,160
So as an example, by clicking on the show result button, the configuration is automatically generated

19
00:01:41,160 --> 00:01:42,450
for two routers.

20
00:01:42,480 --> 00:01:45,630
He has router two and he has router one.

21
00:01:46,360 --> 00:01:53,140
You could simply copy and paste that configuration into your routers to set up a grid tunnel.

22
00:01:54,870 --> 00:02:01,830
Geary encapsulates other traffic inside a 20 byte IP header and four byte Geary header.

23
00:02:02,460 --> 00:02:09,060
The details of Geary can be found in RF c2784 and as you can see here.

24
00:02:10,009 --> 00:02:13,700
This is for generic routing, encapsulation or GRI.

25
00:02:14,650 --> 00:02:19,630
I won't bore you going through all the details, but if you're interested, have a look at the SA FC.

26
00:02:19,930 --> 00:02:23,950
But notice a payload packet which is the data sent by user.

27
00:02:23,980 --> 00:02:32,080
Pieces would be encapsulated inside a tunnel using a delivery header as well as a header.

28
00:02:32,950 --> 00:02:36,250
In our genius three topology, which I'm going to demonstrate in a moment.

29
00:02:36,340 --> 00:02:44,920
That means that traffic sent from our one acting as PC one to R five, acting as PC two in this topology

30
00:02:45,040 --> 00:02:47,350
is encapsulated by router two.

31
00:02:47,530 --> 00:02:53,170
As mentioned, I'll show you this configuration in a moment and I'll also do Wireshark Captures so that

32
00:02:53,170 --> 00:02:54,730
you can see the packets.

33
00:02:55,090 --> 00:03:00,850
But in brief traffic sent by our one, they sent us normal Ethernet frames across this link, but when

34
00:03:00,850 --> 00:03:02,200
it hits a router two.

35
00:03:02,200 --> 00:03:06,850
It's encapsulated in a tunnel for transmission to router for.

36
00:03:07,630 --> 00:03:11,470
We're going to build a tunnel from our to to our four.

37
00:03:13,160 --> 00:03:16,640
And our three in this case is going to act as an Internet router.

38
00:03:18,830 --> 00:03:23,990
All three is going to forward traffic based on the outer header or delivery header.

39
00:03:25,330 --> 00:03:33,550
Because the tunnel is established from are two to or four or three only sees traffic going from our

40
00:03:33,550 --> 00:03:36,040
two's IP address to our FOE'S IP address.

41
00:03:36,610 --> 00:03:43,060
IT routes based on the order header or delivery header and doesn't look at the traffic that originated

42
00:03:43,060 --> 00:03:44,110
from our one.

43
00:03:44,290 --> 00:03:51,010
Be careful however, Jory doesn't encrypt, so I'm going to demonstrate how you could run Wireshark

44
00:03:51,100 --> 00:03:56,890
on this link and capture the internal traffic that was sent from our one to our five.

45
00:03:57,540 --> 00:04:04,000
So even though you encapsulating the traffic in a tunnel, be aware that that tunnel is not encrypted.

46
00:04:04,020 --> 00:04:11,310
So someone running Wireshark or a hacking tool could see the internal traffic as sent in the payload

47
00:04:11,310 --> 00:04:12,120
packet.

48
00:04:12,480 --> 00:04:15,930
So the original data is encapsulated in a header.

49
00:04:16,899 --> 00:04:18,610
With a delivery header.

50
00:04:18,880 --> 00:04:23,200
The routers on the internet would route traffic based on the delivery header.

51
00:04:23,770 --> 00:04:29,920
When traffic is received by router two, which is the source of the tunnel in this case from router

52
00:04:29,920 --> 00:04:36,610
one, it's encapsulated injury sent across this tunnel two out of four, which encapsulates the traffic

53
00:04:36,610 --> 00:04:43,150
and sends it to a route of five as the original packet, as if this was a point to point link between

54
00:04:43,150 --> 00:04:44,530
route of two and route of four.

55
00:04:44,770 --> 00:04:49,990
Now in this example, I've only got a single router being the internet, but remember, you could have

56
00:04:49,990 --> 00:04:51,760
many, many devices here.

57
00:04:53,900 --> 00:04:55,250
Forming the Internet.

58
00:04:59,150 --> 00:05:06,500
And the idea is that the tunnel is formed from one tunnel end point to another across many devices.

59
00:05:06,920 --> 00:05:12,350
The devices on the internet route based on the outer header router to is an example when receiving traffic

60
00:05:12,350 --> 00:05:19,130
from router, one will encapsulate those packets with injury headers, send it to out of four, router

61
00:05:19,130 --> 00:05:23,000
four will remove the headers and forward the packet across to route of five.

62
00:05:23,030 --> 00:05:28,520
As if there was a point to point the link between router two and router for the same thing will happen

63
00:05:28,520 --> 00:05:29,240
in the reverse.

64
00:05:29,390 --> 00:05:35,480
Router five will send a standard ethernet frame across this link to router for router for will encapsulate

65
00:05:35,480 --> 00:05:42,170
the packet, send it through the tunnel to router two, which will then encapsulate the packet and forward

66
00:05:42,170 --> 00:05:48,140
the packet onto rata one as if there was a point to point serial link between router two and router

67
00:05:48,140 --> 00:05:48,620
four.

68
00:05:49,160 --> 00:05:56,030
As mentioned, I'll demonstrate the setup of this topology and we'll assume that this picture is our

69
00:05:56,480 --> 00:05:58,520
tunnel from router two to router four.

70
00:05:58,880 --> 00:06:05,060
It's simply a session that's established using the protocol from router two to out of four.

71
00:06:05,180 --> 00:06:09,830
But logically, it's as if you've got this extra serial interface.

72
00:06:11,680 --> 00:06:17,050
On the routers, which in our example will configure as tunnel zero.

73
00:06:19,100 --> 00:06:20,300
On both routers.