IBM Cloud Docs
Creating a GRE tunnel connection

Creating a GRE tunnel connection

You can connect endpoints using a Generic Routing Encapsulation (GRE) tunnel transit gateway connection. This connection allows a transit gateway to connect to overlay networks hosted on classic infrastructure resources.

This form of GRE tunnel is now deprecated, and we suggest using an unbound GRE tunnel instead. Unbound GRE tunnels provide the following benefits:

  • The ability to receive classic network subnets from a classic connection.
  • The ability to communicate through other unbound GRE tunnels on the same transit gateway in the same availability zone.
  • Does not require a classic connection on the transit gateway. As a result, the classic network's subnets will not be advertised to the connections on the transit gateway (and vice versa).

See Creating an unbound GRE tunnel for more information.

Migrating your GRE tunnels to unbound GRE tunnels requires deleting any existing GRE tunnels before creating new unbound ones. Migration will also cause a network disruption for anything that uses the old GRE tunnel until you create the new one.

To migrate from a GRE tunnel to an unbound GRE tunnel:

  1. Gather the existing GRE tunnel's configuration information for use on the new unbound GRE tunnel.

  2. Delete your old GRE tunnel.

  3. If desired, delete any classic connections.

    Classic connections can't be deleted if they are being used by other GRE tunnels.

  4. Create the new unbound GRE tunnel.

Transit gateway GRE connections require the gateway owner to specifically configure HA for their needs. A GRE connection is a point to point connection, has no built in redundancy, and is a single point of failure. When configuring a GRE connection on a transit gateway, you must specify the availability zone. For a robust HA solution, configure multiple GRE connections using different availability zones.

Before you begin

The following prerequisites must be met before you can create a GRE tunnel connection:

  • Ensure that you have an existing classic infrastructure connection, or create one. For more information, see Adding a connection. The GRE tunnel connection connects with an endpoint only on classic infrastructure.
  • Review the GRE connection considerations for additional prerequisites.

Creating a GRE tunnel connection in the UI

Only unbound GRE tunnels can be created in the UI. See Creating an unbound GRE tunnel

Creating a GRE tunnel connection from the CLI

Create a Generic Routing Encapsulation (GRE) tunnel connection on the given transit gateway.

ibmcloud tg connection-create-gre|ccgre GATEWAY_ID --name NAME --zone ZONE --base-connection-id BASE_CONNECTION_ID --local-gateway-ip LOCAL_GATEWAY_IP --local-tunnel-ip LOCAL_TUNNEL_IP --remote-gateway-ip REMOTE_GATEWAY_IP --remote-tunnel-ip REMOTE_TUNNEL_IP [--remote-bgp-asn REMOTE_BGP_ASN] [--output json]

Where:

  • GATEWAY_ID: ID of the gateway where the new connection is bound.

  • --name: Name of the new connection.

  • --zone: Availability zone for the GRE tunnel. Example: us-south-1

  • --base-connection-id: ID of the classic network connection that will be the underlay for the GRE tunnel.

  • --local-gateway-ip: Local gateway IP address for the GRE tunnel connection.

  • --local-tunnel-ip: Local tunnel IP address for the GRE tunnel connection.

  • --remote-gateway-ip: Remote gateway IP address for the GRE tunnel connection.

  • --local-tunnel-ip: Remote tunnel IP address for the GRE tunnel connection.

  • --remote-bgp-asn: Optional: If the remote BGP ASN is not specified, one is generated.

  • --output json: Optional: Shows the output in JSON format.

  • --help | -h: Optional: Get help on this command.

Example

Create a GRE tunnel connection named gre-connection using classic connection 9037f710-8dfb-4948-a2bd-847c8dde96d3 as the base connection:

ibmcloud tg connection-create-gre $gateway  --name gre-connection --base-connection-id 9037f710-8dfb-9999-a2bd-847c8dde96d3  --zone us-south-2 --local-gateway-ip 192.168.100.1 --local-tunnel-ip 192.168.101.1 --remote-gateway-ip 10.242.63.12 --remote-tunnel-ip 192.168.101.2

Creating a GRE tunnel connection with the API

Example Request

This example illustrates requesting a GRE connection:

curl -X POST "https://transit.cloud.ibm.com/v1/transit_gateways/test/connections?version=2022-01-27" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"base_connection_id\":\"975f58c1-afe7-469a-9727-7f3d720f2d32\",\"local_gateway_ip\":\"192.168.100.1\",\"local_tunnel_ip\":\"192.168.129.2\",\"name\":\"Transit_Service_BWTN_SJ_DL\",\"network_type\":\"gre_tunnel\",\"remote_bgp_asn\":65010,\"remote_gateway_ip\":\"10.242.63.12\",\"remote_tunnel_ip\":\"192.168.129.1\"}"

The payload for this request is as follows:

{
  "base_connection_id": "975f58c1-afe7-469a-9727-7f3d720f2d32",
  "local_gateway_ip": "192.168.100.1",
  "local_tunnel_ip": "192.168.129.2",
  "name": "Transit_Service_BWTN_SJ_DL",
  "network_type": "gre_tunnel",
  "remote_bgp_asn": 65010,
  "remote_gateway_ip": "10.242.63.12",
  "remote_tunnel_ip": "192.168.129.1"
}

Example Response

This example illustrates the response from creating a GRE tunnel:

{
  "created_at": "2020-03-31T12:08:05Z",
  "id": "1a15dca5-7e33-45e1-b7c5-bc690e569531",
  "name": "example-connection",
  "network_type": "gre_tunnel",
  "status": "pending",
  "updated_at": "2020-03-31T12:08:05Z"
}

For more information, see Adds a connection to a Transit Gateway in the Transit Gateway API reference.

Creating a GRE tunnel connection using Terraform

You can specify the following argument references for your resource when creating a Generic Routing Encapsulation (GRE) tunnel connection:

Terraform argument references for creating a GRE
Argument Details
base_connection_id
Optional
Forces new resource
string 		The ID of a network_type classic connection a tunnel is configured over.
This field only applies to network type gre_tunnel connections.
gateway
Required
Forces new resource
string 		Enter the transit gateway identifier.
local_gateway_ip
Optional
Forces new resource
string 		The local gateway IP address.
This field is required for and only applicable to gre_tunnel and unbound_gre_tunnel connection types.
local_tunnel_ip
Optional
Forces new resource
string 		The local tunnel IP address.
This field is required for, and only applicable, to gre_tunnel and unbound_gre_tunnel type connections.
name
Optional
string 		Enter a name. If the name is not given, the default name is provided based on the network type, such as gre_tunnel.
network_type
Required
Forces new resource
string 		The network type. Allowed values are gre_tunnel
remote_bgp_asn
Optional
Forces new resource
integer 		The remote network BGP ASN. This will be generated for the connection if not specified.
This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
remote_gateway_ip
Optional
Forces new resource
string 		The remote gateway IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
remote_tunnel_ip
Optional
Forces new resource
string 		The remote tunnel IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
zone
Optional
Forces new resource
string 		The location of the GRE tunnel. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.

Example

This example illustrates requesting a GRE tunnel connection:

resource "ibm_tg_connection" "test_ibm_tg_connection" {
  gateway            = ibm_tg_gateway.test_tg_gateway.id
  network_type       = "gre_tunnel"
  name               = "myconnection"
  base_connection_id = testgretunnel
  local_gateway_ip   = 192.168.0.1
  local_tunnel_ip    = 10.0.0.1
  remote_bgp_asn     = 36361
  remote_gateway_ip  = 192.168.1.1
  remote_tunnel_ip   = 10.0.1.1
  zone               = us-east
}