IBM Cloud Global

 View Only



LinkedIn Share on LinkedIn

Enhancing Network Resilience: Redundant GRE tunnel in IBM Cloud Transit Gateway

By RAMESH KRISHNAMANENI posted 11 days ago

  

Authors:

 @RAMESH KRISHNAMANENI - Cloud Solution Architect - IBM Cloud Center of Excellence

@NEIL DELIMA  - Cloud Solution Architect - IBM Cloud Center of Excellence

@NITIN HURALIKUPPI - Cloud Solution Architect - IBM Cloud Center of Excellence

Learn how to enhance network resilience in IBM Cloud by migrating from Unbound GRE Tunnel to Redundant GRE Tunnels in IBM Cloud Transit Gateway.

In today's digital-first world, network reliability is crucial. To ensure the availability demands of mission critical cloud applications, constant connectivity is essential, regardless of whether they operate in multiple virtual private clouds, classic infrastructure, or hybrid cloud environments.

IBM Cloud Transit Gateway is a networking service that provides a secure and scalable way to connect multiple virtual private clouds (VPCs) to each other and to on-premises networks. However, it needs to be designed with redundancy and flexibility in mind to ensure high availability and reliability of critical applications. IBM Cloud Transit Gateway supports Unbound tunnels which allow for direct connections between VPCs without the need for a hub-and-spoke architecture. When network reliability is important, Redundant tunnels provide an additional layer of failover, availiability and network stability by creating multiple paths for traffic to flow between networks. Changing to Redundant tunnels guarantees that traffic may immediately reroute if a problem occurs and greatly lowers single point of failure. This article explains why this migration is advantageous and how to carry it out smoothly.

Advantages of Moving to Redundant GRE

Imagine your network as a big highway system. Unbound GRE tunnels give you only one lane. Although it works, any obstruction or problem could stop travel.

Switching to Redundant GRE tunnels adds a second lane guaranteeing that if one way has a problem, traffic is automatically routed through the backup route. More network uptime, better dependability, and lower disturbance risk.

Steps to Migrate from Unbound to Redundant GRE Tunnels

Step 1: Assess current Unbound GRE tunnel setup

Before migrating to Redundant GRE, gather the following details about your current GRE setup:

  • Remote GRE Tunnel endpoint IP Addresses
  • Associated VPCs and subnet configurations
  • Route tables and routing priorities
Current Unbound GRE Setup

                                                                                                  Figure 1: Unbound GRE Tunnel Setup

Step 2: Plan Redundant GRE Setup

To ensure redundancy, the IBM Cloud Transit Gateway supports multiple GRE tunnels. To enable failover, you need to identify two independent GRE endpoints on each side of the connection. Additionally, if the remote GRE endpoint spans multiple Availability Zones (AZs), consider establishing redundant GRE endpoints in different availability zones to maximize resiliency

Redundant GRE Setup

                                                                                         Figure 2: Redundant GRE Tunnel Setup

 

The following IP addresses and CIDRs are identified in figure 2:

  • 10.0.254.1 is the IP address of transit gateway instance-1
  • 10.0.254.2 is the IP address of transit gateway instance-2
  • 169.254.0.0/30 is the CIDR of GRE tunnel-1
  • 169.254.0.4/30 is the CIDR of GRE tunnel-2
  • 10.0.1.2 is the IP address of the firewall/gateway

Step 3: Creation of GRE Tunnels on IBM Cloud Transit Gateway

  1. Log in to IBM Cloud Console.
  2. Navigate to Transit Gateway.
  3. Select the Redundant GRE tab.
  4. Click Create GRE Tunnel and configure the following for each tunnel:
    • Local Tunnel IP Address: Your IBM Cloud GRE endpoint
    • Remote Tunnel IP Address: Your remote GRE endpoint
    • BGP Configuration: Define Remote ASN (Autonomous System Number)
    • Local Gateway IP : Your IBM Cloud Transit Gateway endpoint (must comply with RFC 1918)
    • Remote Gateway IP: Your remote gateway endpoint
  5. Repeat these steps to create a second GRE tunnel for redundancy.

Step 4: Creation of GRE tunnels on Remote Gateway

Create GRE Tunnel and configure the following for each tunnel:

  • Local Tunnel IP Address: Your GRE endpoint
  • Remote Tunnel IP Address: IBM Cloud GRE endpoint
  • BGP Configuration: Define Remote ASN (Autonomous System Number) - TGW ASN for GRE would be generated after step 3
  • Local Gateway IP : Your Gateway endpoint
  • Remote Gateway IP: Your IBM Cloud gateway endpoint
  • Repeat these steps to create a second GRE tunnel for redundancy.

Step 5: Update Routing Configuration

For BGP-based routing, configure BGP sessions to dynamically update routes when one tunnel fails on the remote gateway device. Update your firewall rules, security groups, and route tables to reflect the new setup.

Step 6: Test the Redundant GRE Configuration

Thorough testing ensures a smooth transition. Perform the following:

  • Ping Tests: Verify connectivity between endpoints.
  • BGP Status Check: Confirm both BGP sessions are established and stable.
  • Failover Test: Temporarily disable one tunnel and verify traffic successfully reroutes via the backup tunnel.

Step 7: Decommission the Unbound GRE Tunnel

Once the redundant GRE tunnels are verified and stable, safely remove the Unbound GRE tunnel configuration.

Conclusion

Migrating from an Unbound GRE to a Redundant GRE setup in IBM Cloud Transit Gateway greatly enhances network stability and resiliency. By carefully planning, testing, and updating your routing policies, you can ensure a seamless transition with minimal disruption.

For further information about IBM Cloud Transit Gateway or guidance about managing Redundant GRE Tunnels please consult the IBM Cloud Documentation.

0 comments
44 views

Related Content

Permalink