User Tools

Site Tools


Sidebar

NetYCE Documentation



menu:build:ipsec_gre

IPsec GRE

This form is meant for IPsec / GRE tunnel support. An IPsec tunnel (database table: Ipsec_map) corresponds to a node of a specific predefined type. Each IPsec tunnel has zero or more GRE tunnels (database table Ipsec_gre) through said node's subnet (at the moment only IPv4 is supported).

The current design has a site with a service for all subnets on the central side. Service key = 27182, ClientCode = 99904, SiteCode = BTBX0C01, and service class = OC_HSR6804_IRF. This service contains the Loopback_GRE subnets that are mapped to the MPLS VRF. The idea to move these loopbacks from the service and add them as Lookup entries is not convenient, because of this mapping. Especially because these subnets are contained in a number plan. The IPsec relations track down these subnets through their Net_name and Net_description, globally.

The table Ipsec_map points to a subnet in the OLGA service for the North side of the Ipsec connection link through Ipsec_map.Wan_net_name - Ipsubnet.net_name. This one too is from an IP plan.

The records in the table Ipsec_gre point to a subnet in the OLGA service for the south side of the GRE connection. Their link to their subnet is through Ipsec_gre.Gre_tunnel_net - Ipsubnet.Net_name. This subnet too belongs to an Ip plan.

Adding an IPsec Tunnel

When creating a new IPsec tunnel, a new record is generated. Its id is either the highest existing Site id, plus one, or the lowest Site_id not currently taken up by another IPsec tunnel. This depends on the tweak 'Ipsec_first_free':

Ipsec_first_free 0 Site id is the highest existing Site id, plus one
Ipsec_first_free 1 Site id is the lowest Site_id not currently taken up by another IPsec tunnel

The profile of the new IPsec tunnel will be the default profile.

Editing an IPsec Tunnel

You can specify the hostname for the node this IPsec tunnel corresponds to. The possible nodes are restricted by the Node Type, defined in the IPsec's profile, which can also be changed in this form. The default profile is OLGA_SDSL with four possible GREs: mansec, atm, mra and cam.

Deleting an IPsec Tunnel

Delete an IPsec tunnel. The Ipsec_delete_full tweak in the Lookup table specifies whether its corresponding GRE tunnels will also be deleted.

Adding a GRE Tunnel

Adds a new GRE tunnel. Its tunnel id will be the next highest of all existing GRE tunnel ids.

Editing a GRE Tunnel

Vpn name must be unique within an IPsec tunnel. Gre key and Policy id are initially set to the tunnel's id, but can be manually changed if demanded.

The Gre attachpoint and the Gre tunnel net are both defined by the IPsec's profile and the GRE's VPN name. A VPN name must be unique within its IPsec tunnel.

The Ipsec central is the IP address of the northern side of the IPsec tunnel. The Ipsec decentral is the IP address of the southern side of the IPsec tunnel. The gre decentral is the net mask of the southern side of the IPsec tunnel.

Deleting a GRE tunnel

Delete a GRE tunnel

Deleting a Node

Deleting a node happens on the main page of the build-section of NetYCE. When you delete a Node, any IPsec tunnel linked to it has its ClientCode, SiteCode and Hostname removed, but apart from that it still continues to exist.


menu/build/ipsec_gre.txt · Last modified: 2019/12/23 11:52 (external edit)