cancel
Showing results for 
Search instead for 
Did you mean: 

GRE Monitor utilitiy

SOLVED
Go to solution
monu_1
Regular Advisor

GRE Monitor utilitiy

Hi All,

There are two network having GRE tunnel using linux boxes (router & NAT) in between them.
1) Encapsulation/Decapsulation of IP header, GRE header, MPLS header - does the stack support all three or just IP and GRE?
2)DF bit setting of encapulating IP header
3)Tunnel status monitoring

Is there any utilities to monitor GRE tunnel like DSCP marking of encapsulating IP header, Configurable MTU , Path MTU Discovery etc?

Please suggest.
Thanks,
MKS
1 REPLY
Matti_Kurkela
Honored Contributor
Solution

Re: GRE Monitor utilitiy

1.) MPLS??? As far as I know, the standard Linux kernel has no native support for MPLS yet.

Of course, if your linux boxes are specially designed to work as routers, they may contain special hardware & software for MPLS support. If this is the case, see the documentation of your system.

2.) This is used by the Path MTU Discovery, which is enabled by default in all modern operating systems (it was standardized in 1990, as RFC1191). So I'd expect the DF bit to be always set in practice.

3.) A GRE tunnel is stateless, so there is no "status" to monitor. There are only configuration settings, and they won't change unless you make the change using the appropriate commands.

The tunnel is presented to the OS tools as equivalent to a normal network interface, so you can use tools like iptables to manipulate the DSCP markings if the defaults do not work for you. The MTU of the tunnel device can be adjusted using "ifconfig" or "ip" tools.

In Linux, you cannot enable or disable Path MTU Discovery separately for each NIC (or tunnel). It's all or nothing: by default, Path MTU discovery is enabled for all interfaces.

If you wish to disable Path MTU Discovery for the entire box, you can use:
echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc

If you would need to selectively disable Path MTU Discovery, you could use the TCPMSS target of iptables instead. Something like:

iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
See "man iptables" for more information.

MK
MK