Proxmox node GRE tunnel over public IP

[dqq]

Hi,

I have 3 servers:

server one, public IP: 1.1.1.1
server two, public IP: 2.2.2.2
server three, public IP: 3.3.3.3


All of them have set up private network: 10.0.0.0/8

I would like to set up GRE tunnel between them for this private network, using public interfaces (through NAT).

1) Is there any specific way of achieving this?
2) How does GRE tunnel performance look like for multi node GRE tunnels?
3) How does encryption have effect on GRE tunnel performance?


Thanks in advance!

 

[wolfgang]

Hi,

GRE is not directly supported by Proxmox VE.
You can do this if you like, but you have to setup everything by yourself.

1) Is there any specific way of achieving this?

No, you can set it up with IP commands [a].
If you like this as a persistent setup you can use in the interfaces file "post-up".

2) How does GRE tunnel performance look like for multi node GRE tunnels?

It is a very simple and lean tunnel so I guess good if the routing is correct.

3) How does encryption have effect on GRE tunnel performance?

GRE does not care about encryption and does not support it.

a.) https://manpages.debian.org/stretch/iproute2/ip-tunnel.8.en.html
b.) https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation

 

[spirit]

Another way could be to use vxlan with the new beta sdn feature

https://forum.proxmox.com/threads/proxmox-6-2-sdn-beta-test.69655/

With gre, you need multiple tunnels + spanning tree to avoid loop. With vxlan, you don't have this problem.

It still missing encryption, but I'm looking to add macsec support soon.


If you want to do gre tunnel, it's possible manually with ifupdown2 package, in /etc/network/interfaces

some example here:
https://docs.cumulusnetworks.com/cumulus-linux-41/Layer-3/GRE-Tunneling/