1
00:00:00,890 --> 00:00:06,110
Now, before we configure our tunnels, we need to make sure that the tunnel endpoints have connectivity

2
00:00:06,110 --> 00:00:07,070
to each other.

3
00:00:07,070 --> 00:00:10,910
So router two should be able to ping, right a for and vice versa.

4
00:00:11,150 --> 00:00:15,680
In this example, I'm going to set up the tunnel from the serial interfaces.

5
00:00:15,800 --> 00:00:22,100
So logically it looks like we have this separate tunnel interface, but the tunnel is actually configured

6
00:00:22,100 --> 00:00:26,450
from serial 020 to serial 020.

7
00:00:27,110 --> 00:00:27,980
So rather two.

8
00:00:28,010 --> 00:00:31,700
Can we ping for to one to 2 to 2?

9
00:00:32,360 --> 00:00:33,530
Yes, we can.

10
00:00:34,070 --> 00:00:37,160
And en route of four, can we ping for one, two, one, two, one.

11
00:00:37,190 --> 00:00:38,180
Yes, we can.

12
00:00:38,780 --> 00:00:41,190
Now, ping uses a different protocol to go.

13
00:00:42,050 --> 00:00:49,220
So you need to confirm that you have connectivity using geo re from this interface to this interface.

14
00:00:49,550 --> 00:00:55,550
But for the moment, we've used Ping as our initial test to ensure that we have basic connectivity.

15
00:00:55,670 --> 00:01:01,970
So to configure a tunnel, you go to interface tunnel and you specify a number.

16
00:01:03,780 --> 00:01:06,470
I'm going to choose zero to keep it simple.

17
00:01:06,480 --> 00:01:10,230
But as you see, there's a wide range of tunnel numbers that you can choose from.

18
00:01:10,500 --> 00:01:13,050
Tunnel zero in this example has gone down.

19
00:01:13,440 --> 00:01:19,770
The tunnel interface will only come up if we have IP connectivity to the tunnel destination, which

20
00:01:19,770 --> 00:01:21,030
we still need to configure.

21
00:01:21,860 --> 00:01:29,330
But first, let's configure an IP address on the tunnel and I'm going to configure this as a slash 30

22
00:01:29,330 --> 00:01:30,260
network.

23
00:01:30,350 --> 00:01:34,160
And once again, we're going to use a private IP address.

24
00:01:34,550 --> 00:01:38,870
So we're going to be sending traffic across the Internet using private IP addresses.

25
00:01:38,870 --> 00:01:44,180
But it'll work because router three is going to route traffic based on the outer header.

26
00:01:45,380 --> 00:01:49,640
Or as described in the RFC is the delivery header.

27
00:01:50,550 --> 00:01:54,360
So the header and payload packet is not going to be read.

28
00:01:55,300 --> 00:02:02,080
By the Internet routers, they simply going to route traffic based on the delivery header.

29
00:02:03,040 --> 00:02:05,110
We need to specify the tunnel mode.

30
00:02:07,910 --> 00:02:11,810
Notice multiple options are available, but we're going to use JIRA.

31
00:02:12,570 --> 00:02:15,990
And IP version for that is actually the default.

32
00:02:15,990 --> 00:02:22,350
So when we look at the tunnel interface, you'll notice that command doesn't display because that is

33
00:02:22,350 --> 00:02:24,600
once again the default tunnel mode.

34
00:02:25,050 --> 00:02:27,450
We now need to specify the tunnel source.

35
00:02:28,200 --> 00:02:30,960
Notice the tunnel command gives you multiple options.

36
00:02:31,780 --> 00:02:36,520
We've already chosen mode, but now we'll select the source of the tunnel.

37
00:02:38,300 --> 00:02:41,530
You can choose a physical interface or an IP address.

38
00:02:41,540 --> 00:02:44,330
In this example, I'm simply going to choose IP address.

39
00:02:45,150 --> 00:02:53,670
And he'd enter the tunnel is going to originate from this IP address and it's going to go to a destination

40
00:02:54,120 --> 00:02:56,100
afforded 1 to 2.2.

41
00:02:56,790 --> 00:02:58,590
In other words, rather a four.

42
00:02:59,680 --> 00:03:06,760
As you can see, the tunnel has now come up and that's because we have IP connectivity from this router

43
00:03:06,760 --> 00:03:08,860
to the destination of the tunnel.

44
00:03:09,010 --> 00:03:13,120
The tunnel, however, is not going to work because we have to configure the other side.

45
00:03:13,420 --> 00:03:22,040
So kind of t interface tunnel zero on router four IP Address ten .1.3.2.

46
00:03:23,260 --> 00:03:24,880
Keep it in the same subnet.

47
00:03:26,000 --> 00:03:31,040
So this site is once again ten .1.3.1.

48
00:03:33,840 --> 00:03:35,880
And the side is 10.1.

49
00:03:36,220 --> 00:03:37,140
3.2.

50
00:03:39,150 --> 00:03:46,770
So back on route of four tunnel mode, geo IP, you don't have to specify that command because it's

51
00:03:46,770 --> 00:03:50,250
the default, but I'll do it here for completeness.

52
00:03:52,490 --> 00:03:53,360
Tunnel sources.

53
00:03:53,360 --> 00:03:54,980
4 to 1 or 2 to 2.

54
00:03:55,340 --> 00:03:57,140
Tunnel destination.

55
00:03:57,380 --> 00:03:59,150
It's four, two, one, two, one, two, one.

56
00:03:59,660 --> 00:04:08,840
And hopefully what we should see is that that tunnel comes up and there it does show IP interface brief

57
00:04:09,440 --> 00:04:14,090
shows us that we now have a tunnel interface that's up up on the side.

58
00:04:14,860 --> 00:04:16,570
And en route to.

59
00:04:19,160 --> 00:04:21,680
The tunnel is up on a two.

60
00:04:22,070 --> 00:04:24,590
So in order to, we should be able to ping, right.

61
00:04:24,590 --> 00:04:27,170
A force tunnel interface, which we can.

62
00:04:27,620 --> 00:04:35,870
So notice we pinging 10.1 or 3.2, but rather three has no visibility of that route.

63
00:04:39,020 --> 00:04:43,490
And that shows quite nicely that rather three is able to route traffic from this IP address to this

64
00:04:43,490 --> 00:04:47,420
IP address without actually reading those IP addresses.

65
00:04:47,570 --> 00:04:51,890
It's simply routing traffic based on the source to the destination.

66
00:04:53,050 --> 00:04:55,510
So let's prove that I'll start a CAPTCHA here.

67
00:04:56,190 --> 00:05:01,560
I'm going to start a CAPTCHA using LC because the default encapsulation is hdl-c.

68
00:05:02,220 --> 00:05:08,460
On Cisco serial links on interface serial 2/1 on router three.

69
00:05:13,790 --> 00:05:17,510
So at the moment we see CDP, we see some of the messages.

70
00:05:18,020 --> 00:05:23,420
But what I'll do is to a ping from router two to router four again.

71
00:05:25,240 --> 00:05:25,950
And there you go.

72
00:05:25,960 --> 00:05:27,670
There's our ICMP messages.

73
00:05:31,130 --> 00:05:34,400
So we can see it's an ICMP from ten to 1 to 3 to 1 to 10.

74
00:05:34,400 --> 00:05:35,840
To 1.3 to 2.

75
00:05:37,250 --> 00:05:39,470
The Layer two encapsulation is hdl-c.

76
00:05:39,500 --> 00:05:46,790
The protocol used at layer three is IP version four and notice the source and destination IP addresses

77
00:05:46,790 --> 00:05:50,630
4.1.1 and one destination is 4.12222.

78
00:05:51,080 --> 00:05:55,370
In other words, this router is sending traffic to this router.

79
00:05:56,120 --> 00:06:04,130
Rada three is going to root based on these IP addresses, not on the IP addresses contained in the encapsulated

80
00:06:04,130 --> 00:06:04,850
packet.

81
00:06:05,360 --> 00:06:11,720
At layer four, we can see that it's a generic routing encapsulation using IP version four.

82
00:06:12,680 --> 00:06:17,320
And inside there we can see the source tendered.

83
00:06:17,330 --> 00:06:18,410
One, two, three, two, one.

84
00:06:18,590 --> 00:06:21,380
And destination of ten .1.3.2.

85
00:06:21,590 --> 00:06:24,380
In other words, we've encapsulated.

86
00:06:25,630 --> 00:06:29,740
An IP version for packet within an IP version for packet.

87
00:06:30,650 --> 00:06:34,250
The original traffic was a ICMP ping.

88
00:06:34,610 --> 00:06:35,720
So there's the ping.

89
00:06:35,720 --> 00:06:42,950
And if we go to the next packet, we can see the ping reply encapsulated in IP version for within JURI,

90
00:06:42,980 --> 00:06:46,760
within IP version for within Hdl-c.

91
00:06:48,760 --> 00:06:52,710
So we've now successfully configured a tunnel from rather 2 to 2 out of four.

92
00:06:53,260 --> 00:06:54,580
I'll stop that capture.

93
00:06:55,830 --> 00:07:01,440
In the next video will check whether rudder one can ping root of five and do some more.

94
00:07:01,440 --> 00:07:04,680
Wireshark captures and do some other tests.