Creating an unbound GRE tunnel
You can use an unbound Generic Routing Encapsulation (GRE) tunnel transit gateway connection to connect endpoints. This connection allows a transit gateway to connect to overlay networks hosted on classic infrastructure resources.
Before you begin
Before creating an unbound GRE tunnel, review GRE connection considerations for additional prerequisites.
Unbound transit gateway GRE connections require the gateway owner to specifically configure HA for their needs. A GRE connection is a point-to-point connection, has no built in redundancy, and is a single point of failure. When configuring an unbound GRE tunnel on a transit gateway, you must specify the availability zone. For a robust HA solution, configure multiple GRE connections using different availability zones.
Keep in mind that you are required to enter four IP addresses when you create an unbound GRE tunnel. These are:
- Remote gateway IP - the IP address of your GRE tunnel endpoint. This IP address must be a private IP and be the private IP from the classic environment. For example, this IP can be a hardware appliance or even a VM.
- Local gateway IP - the IP address that your tunnel endpoint connects to. This IP is the transit gateway's IP for the purpose of establishing the tunnel so that when you enter the "remote IP" on your tunnel endpoint, you use this IP address.
- Remote tunnel IP - the GRE tunnel address on the tunnel endpoint.
- Local tunnel IP - the GRE tunnel address on the transit gateway side.
Creating an unbound GRE tunnel in the UI
You can create an unbound GRE tunnel on an existing transit gateway, or when you are creating a new transit gateway.
To create an unbound GRE tunnel, follow these steps:
-
Select one of the following choices:
-
To create an unbound GRE tunnel on an existing transit gateway:
- From your browser, open the IBM Cloud console and log in to your account.
- Select the Navigation Menu icon
from the upper left, then click Interconnectivity > Transit Gateway. - Click the name of the transit gateway where you want to add a connection.
- Click Add connection in the Connections tab.
-
To create an unbound GRE tunnel while creating a transit gateway:
- From your browser, open the IBM Cloud console and log in to your account.
- Select the Navigation Menu icon from the upper left, then click Interconnectivity.
- Click Transit Gateway from the left navigation window. Then, click Create transit gateway.
- Enter the transit gateway name, resource group, and location.
-
-
Choose Unbound GRE tunnel as your network connection type.
-
Enter the tunnel name.
-
Select the base network type and whether this is a connection to a network in another account.
-
If this connection is to a network in another account, enter the account ID.
-
Choose an availability zone in which to create the tunnel.
-
Configure the remaining parameters for the connection:
-
Enter the remote gateway IP for the endpoint of the GRE tunnel.
-
Enter a
/30remote tunnel IP for both ends of the tunnel, for example192.168.103.2. -
Enter the local gateway IP address[1] that the transit gateway uses to host the underlay network for the GRE tunnel. This user-selected IP address is configured on the transit gateway GRE tunnel after the tunnel is created.
-
Enter a
/30local tunnel IP for both ends of the tunnel, for example192.168.103.1. -
Optionally, enter the remote BGP ASN, which is a valid 2 or 4 byte value of your choosing.
You can leave this blank and a unique ASN is assigned.
-
Enter a connection name for your GRE tunnel.
-
-
Click Add to create the GRE tunnel.
Next steps
To configure the other end of the BGP tunnel, expand the newly created unbound GRE tunnel in the Connections panel to see its details. It will show the Local BGP ASN. If you created an optional remote BGP ASN, it also shows in the Connections panel. You must give this ASN information to the person creating the other end of the BGP tunnel, so that the BGP session can be fully configured.
Creating an unbound GRE tunnel from the CLI
Create an unbound Generic Routing Encapsulation (GRE) tunnel connection on a given transit gateway.
ibmcloud tg connection-create-gre|ccgre GATEWAY_ID --name NAME --zone ZONE --local-gateway-ip LOCAL_GATEWAY_IP --local-tunnel-ip LOCAL_TUNNEL_IP --remote-gateway-ip REMOTE_GATEWAY_IP --remote-tunnel-ip REMOTE_TUNNEL_IP [--network-type NETWORK_TYPE] [--base-connection-id BASE_CONNECTION_ID] [--base-network-type BASE_NETWORK_TYPE] [--network-account-id NETWORK_ACCOUNT_ID] [--remote-bgp-asn REMOTE_BGP_ASN] [--output json]
Where:
- GATEWAY_ID
- ID of the gateway where the new connection is bound.
- --name
- Name of the new connection.
- --zone
- Availability zone for the GRE tunnel. Example:
us-south-1 - --local-gateway-ip
- Local gateway IP address for the GRE tunnel connection.
- --local-tunnel-ip
- Local tunnel IP address for the GRE tunnel connection.
- --remote-gateway-ip
- Remote gateway IP address for the GRE tunnel connection.
- --local-tunnel-ip
- Remote tunnel IP address for the GRE tunnel connection.
- --network-type
- Optional: The type of GRE tunnel to create, either
gre_tunnelorunbound_gre_tunnel. The default isgre_tunnel. - --base-connection-id
- Optional: The ID of the classic network connection that will be the underlay for the GRE tunnel. Used only for
gre_tunneltype connections. - --base-network-type
- Optional: The type of network the GRE tunnel is targeting (classic). Used only for
unbound_gre_tunneltype connections. - --network-account-id
- Optional: The ID of the IBM Cloud account to use for creating a cross account GRE tunnel to a classic network. Used only for
unbound_gre_tunneltype connections. - --remote-bgp-asn
- Optional: If the remote BGP ASN is not specified, one is generated.
- --output json
- Optional: Shows the output in JSON format.
- --help | -h
- Optional: Get help on this command.
Example
This example illustrates creating an unbound GRE tunnel named unbound-gre-connection to a classic network:
ibmcloud tg connection-create-gre $gateway --network-type unbound_gre_tunnel --name unbound-gre-connection --base-network-type classic --zone us-south-2 --local-gateway-ip 192.168.100.1 --local-tunnel-ip 192.168.101.1 --remote-gateway-ip 10.242.63.12 --remote-tunnel-ip 192.168.101.2
Creating an unbound GRE tunnel with the API
Example Request
This example illustrates requesting a GRE connection:
curl -X POST "https://transit.cloud.ibm.com/v1/transit_gateways/test/connections?version=2022-01-27" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"local_gateway_ip\":\"192.168.100.1\",\"local_tunnel_ip\":\"192.168.129.2\",\"name\":\"Transit_Service_BWTN_SJ_DL\",\"network_type\":\"unbound_gre_tunnel\",\"base_network_type\":\"classic\",\"remote_bgp_asn\":65010,\"remote_gateway_ip\":\"10.242.63.12\",\"remote_tunnel_ip\":\"192.168.129.1\",\"zone\":{\"name\":\"us-south-1\"}}"
The payload for this request is as follows:
{
"local_gateway_ip": "192.168.100.1",
"local_tunnel_ip": "192.168.129.2",
"name": "Transit_Service_BWTN_SJ_DL",
"network_type": "unbound_gre_tunnel",
"base_network_type": "classic",
"remote_bgp_asn": 65010,
"remote_gateway_ip": "10.242.63.12",
"remote_tunnel_ip": "192.168.129.1",
"zone": {
"name": "us-south-1"
}
}
Example Response
This example illustrates the response from creating an unbound GRE tunnel:
{
"created_at": "2020-03-31T12:08:05Z",
"id": "1a15dca5-7e33-45e1-b7c5-bc690e569531",
"name": "example-connection",
"network_type": "unbound_gre_tunnel",
"base_network_type": "classic",
"status": "pending",
"updated_at": "2020-03-31T12:08:05Z"
}
For more information, see Adds a connection to a Transit Gateway in the Transit Gateway API reference.
Creating a GRE tunnel connection using Terraform
You can specify the following argument references for your resource when creating an unbound Generic Routing Encapsulation (GRE) tunnel connection:
| Argument | Details |
|---|---|
| gateway Required Forces new resource string |
Enter the transit gateway identifier. |
| local_gateway_ip Optional Forces new resource string |
The local gateway IP address. This field is required for, and only applicable to, gre_tunnel and unbound_gre_tunnel type connections. |
| local_tunnel_ip Optional Forces new resource string |
The local tunnel IP address. This field is required for, and only applicable to, gre_tunnel and unbound_gre_tunnel type connections. |
| name Optional string |
The name of the connection. If the name is not given, the default name is provided based on the network type, such as unbound_gre_tunnel for network type unbound gre. |
| network_type Required Forces new resource string |
The network type. Allowed values are gre_tunnel and unbound_gre_tunnel. |
| base_network_type Optional Forces new resource string |
The base network type. Allowed values are classic.This field only applies to unbound_gre_tunnel type connections. |
| remote_bgp_asn Optional Forces new resource integer |
The remote network BGP ASN. It will be generated for the connection if not specified. This field only applies to gre_tunnel and unbound_gre_tunnel type connections. |
| remote_gateway_ip Optional Forces new resource string |
The remote gateway IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections. |
| remote_tunnel_ip Optional Forces new resource string |
The remote tunnel IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections. |
| zone Optional Forces new resource string |
The location of the GRE tunnel. This field only applies to gre_tunnel and unbound_gre_tunnel type connections. |
Example
This example illustrates requesting an unbound GRE tunnel:
resource "ibm_tg_connection" "test_ibm_tg_connection" {
gateway = ibm_tg_gateway.test_tg_gateway.id
network_type = "unbound_gre_tunnel"
base_network_type = "classic"
name = "myconnection"
local_gateway_ip = 192.168.0.1
local_tunnel_ip = 10.0.0.1
remote_bgp_asn = 36361
remote_gateway_ip = 192.168.1.1
remote_tunnel_ip = 10.0.1.1
zone = us-east
}
-
This IP address must not be an IP address within the multicast range of
224.0.0.0to239.255.255.255and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎