GRE Flashcards
Which two GRE features are configured to prevent fragmentation? (Choose two.)
A. TCP window size
B. IP MTU
C. TCP MSS
D. DF bit clear
E. MTU ignore
B. IP MTU
C. TCP MSS
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?
A. MSS
B. MTU
C. MRU
D. window size
A. MSS
The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between hosts. The sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS reported by the receiving host.
TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU link in the middle between these two endpoints. PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is used to dynamically determine the lowest MTU along the path from a packet’s source to its destination.
Refer to the exhibit.
A network engineer configures a GRE tunnel and enters the show interface tunnel command. What does the output confirm about the configuration?
A. The keepalive value is modified from the default value.
B. The physical interface MTU is 1476 bytes.
C. The tunnel mode is set to the default.
D. Interface tracking is configured.
C. The tunnel mode is set to the default.
HQ(config)#int t100
HQ(config-if)#no keepalive
HQ(config-if)#keepalive
HQ(config-if)#do sh int t100 | inc Keep
Keepalive set (10 sec), retries 3
HQ(config-if)#
Refer to the exhibit.
MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces.
What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?
A. The packet is discarded on router B
B. The packet arrives on router C without fragmentation
C. The packet arrives on router C fragmented
D. The packet is discarded on router A
C. The packet arrives on router C fragmented
GRE is 20 IP Header Bytes and 4 GRE Header Bytes and another 4 Bytes if a Tunnel key is used. 1500 + 28 > 1500 so the packet has to be fragmented to traverse the ethernet having a Maximum Transmission Unit of 1500 Bytes. If the DF bit was set, the packet would be discarded.
The following system log message is presented after a network administrator configures a GRE tunnel:
%TUN-RECURDOWN Interface Tunnel 0 temporarily disabled due to recursive routing
Why is Tunnel 0 disabled?
A. Because dynamic routing is not enabled.
B. Because the tunnel cannot reach its tunnel destination.
C. Because the best path to the tunnel destination is through the tunnel itself.
D. Because the router cannot recursively identify its egress forwarding interface.
C. Because the best path to the tunnel destination is through the tunnel itself.
Recursive routing in GRE is when it detects that the best route to reach the tunnel is by the tunnel itself, this scenario happen usually when both phisical and tunnel interface are aggregated on the same routing protocol.
The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the generic routing encapsulation (GRE) tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes:
A misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing)
A temporary instability caused by route flapping elsewhere in the network
Refer to the exhibit. A network engineer must simplify the IPsec configuration by enabling IPsec over GRE using IPsec profiles. Which two configuration changes accomplish this? (Choose two).
A. Create an IPsec profile, associate the transform-set ACL, and apply the profile to the tunnel interface.
B. Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4.
C. Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.
D. Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.
E. Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24.
C. Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.
D. Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.
Refer to the exhibit. A network engineer configures a new GRE tunnel and enters the show run command. What does the output verify?
A. The tunnel keepalive is configured incorrectly because they must match on both sites.
B. The tunnel destination will be known via the tunnel interface.
C. The tunnel will be established and work as expected.
D. The default MTU of the tunnel interface is 1500 bytes
B. The tunnel destination will be known via the tunnel interface.
The answer is B.
Some have brought up the fact that the default route will have the preferred AD of 1.
While this is true, it is forgetting the path selection order:
1: Prefer the most specific route - Longest Match
2: Prefer the lowest Administrative Distance - Most Trusted Routing Protocol
3: Prefer the lowest Metric - Shortest Calculated Distance/Cost
In other words, while the default route is going to have an AD of 1, the more specific destination address is going to be learned from OSPF through the Tunnel. The Source Router is going to learn the more specific route and prefer it over the default route, causing the recursive routing error.
Which GRE tunnel configuration command is missing on R2?
A. tunnel source 172.16.1.0
B. tunnel source 200.1.1.1
C. tunnel destination 200.1.1.1
D. tunnel source 192.168.1.2
B. tunnel source 200.1.1.1
Refer to the exhibit. Which command must be applied to Router1 to bring the GRE tunnel to an up/up state?
A. Router1(config-if)#tunnel source Loopback0
B. Router1(config-if)#tunnel mode gre multipoint
C. Router1(config-if)#tunnel source GigabitEthernet0/1
D. Router1(config)#interface tunnel0
A. Router1(config-if)#tunnel source Loopback0
the given answer is correct because int tunnel 0 is wrong not specified !, G0/1 is not assigned and wont work, only the LO interface works and it matches the ip scheme.
