beautypg.com

Loopback interfaces, 7, “loopback interfaces – Amer Networks E5Web GUI User Manual

Page 178

background image

Use Session Key: 1

Additional Encapsulation Checksum: Enabled

3.

Define a route in the main routing table which routes all traffic to remote_net_A on the
GRE_to_A GRE interface. This is not necessary if the option Add route for remote network
is enabled in the Advanced tab, since this will add the route automatically.

4.

Create the following rules in the IP rule set that allow traffic to pass through the tunnel:

Name

Action

Src Int

Src Net

Dest Int

Dest Net

Service

To_A

Allow

lan

lannet

GRE_to_A

remote_net_A

all_services

From_A

Allow

GRE_to_A

remote_net_A

lan

lannet

all_services

Checking GRE Tunnel Status

IPsec tunnels have a status of being either up or not up. With GRE tunnels in cOS Core this does
not really apply. The GRE tunnel is up if it exists in the configuration.

However, we can check on the what is going on with a GRE tunnel. For example, if the tunnel is
called gre_interface then we can use the ifstat CLI command:

Device:/> ifstat gre_interface

This will show us what is happening with the tunnel and the ifstat command options can provide
various details.

3.4.7. Loopback Interfaces

A Loopback Interface is an interface that will take all traffic sent through it and send it out through
a second configured loopback interface. Loopback interfaces are consequently always
configured in pairs with each referring to the other.

Suppose that there is a pair of loopback interfaces defined called LB1 and LB2. When traffic is sent
through LB1, it is simultaneously received on LB2 with the transfer occurring within cOS Core.
Similarly, when traffic is sent through LB2, it is received on LB1. This is exactly the same as if the
two interfaces were physical Ethernet interfaces and they were connected together.

Usage with Virtual Routing

Loopback interfaces are usually used with Virtual Routing. With virtual routing, it is possible to
divide up a single Clavister Security Gateway's operations so that it behaves as multiple virtual
security gateways. This is done by having multiple routing tables so that each table handles the
routing for one set of interfaces.

The routing tables and their associated routes can be totally isolated from each other so that
related traffic flows are completely separate. However, if some traffic needs to flow between
interfaces in separate routing tables, a loopback interface pair must be used (also see Section 4.5,
“Virtual Routing”
).

Loopback Interface Parameters

The following are the parameters for a loopback interface:

Chapter 3: Fundamentals

178

This manual is related to the following products: