IBM Cloud Docs
Creating an unbound Generic Routing Encapsulation tunnel connection

Creating an unbound Generic Routing Encapsulation tunnel connection

You can use an unbound Generic Routing Encapsulation (GRE) tunnel transit gateway connection to connect endpoints. This connection allows a transit gateway to connect to overlay networks hosted on classic infrastructure resources.

Before you begin

Before creating an unbound GRE tunnel connection, review Generic Routing Encapsulation connection considerations for additional prerequisites.

Unbound transit gateway GRE connections require the gateway owner to specifically configure HA for their needs. A GRE connection is a point-to-point connection, has no built in redundancy, and is a single point of failure. When configuring an unbound GRE connection on a transit gateway, you must specify the availability zone. For a robust HA solution, configure multiple GRE connections using different availability zones.

Keep in mind that you are required to enter four IP addresses when you create an unbound GRE tunnel connection. These are:

  • Remote gateway IP - the IP address of your GRE tunnel endpoint. This IP address must be a private IP and be the private IP from the classic environment. For example, this IP can be a hardware appliance or even a VM.
  • Local gateway IP - the IP address that your tunnel endpoint connects to. This IP is the transit gateway's IP for the purpose of establishing the tunnel so that when you enter the "remote IP" on your tunnel endpoint, you use this IP address.
  • Remote tunnel IP - the GRE tunnel address on the tunnel endpoint.
  • Local tunnel IP - the GRE tunnel address on the transit gateway side.

Creating an unbound GRE tunnel connection in the UI

You can create an unbound GRE tunnel connection on an existing transit gateway, or when you are creating a new transit gateway.

Creating an unbound GRE tunnel connection on an existing transit gateway

To create your unbound GRE tunnel on an existing transit gateway, follow these steps:

  1. From your browser, open the IBM Cloud console and log in to your account.

  2. Select the Navigation Menu icon Navigation Menu icon from the upper left, then click Interconnectivity.

  3. Click Transit Gateway from the left navigation panel. Click the name of the transit gateway where you want to add a connection.

    If you are in the expanded view, click View details.

  4. Click Add connection in the Connections tab.

  5. Choose Unbound GRE tunnel as your network connection type.

  6. Select the base network type and whether this is a connection to a network in another account.

  7. If this connection is to a network in another account, enter the account ID.

  8. Choose an availability zone in which to create the tunnel.

  9. Configure the remaining parameters for the connection:

    • Enter the remote gateway IP[1] for the endpoint of the GRE tunnel.

    • Enter a /30 remote tunnel IP[2] for both ends of the tunnel, for example 192.168.103.2.

    • Enter the local gateway IP address[3] that the transit gateway uses to host the underlay network for the GRE tunnel. This user-selected IP address is configured on the transit gateway GRE tunnel after the tunnel is created.

    • Enter a /30 local tunnel IP[4] for both ends of the tunnel, for example 192.168.103.1.

    • Optionally, enter the remote BGP ASN, which is a valid 2 or 4 byte value of your choosing.

      You can leave this blank and a unique ASN is assigned.

    • Enter a connection name for your GRE tunnel.

  10. Click the Add button to create the GRE tunnel.

Creating an unbound GRE tunnel connection while creating a new transit gateway

To create your unbound GRE tunnel connection while creating a new transit gateway, follow these steps:

  1. From your browser, open the IBM Cloud console and log in to your account.

  2. Select the Navigation Menu icon Navigation Menu icon from the upper left, then click Interconnectivity.

  3. Click Transit Gateway from the left navigation panel. Click Create transit gateway.

  4. Enter the transit gateway name, resource group, and location.

  5. Choose Unbound GRE tunnel as your network connection type for the connection to create.

  6. Select the base network type and whether this is a connection to a network in another account.

  7. If this connection is to a network in another account, enter the account ID.

  8. Choose an availability zone in which to create the tunnel.

  9. Configure the remaining parameters for the connection:

    • Enter the remote gateway IP[5] for the endpoint of the GRE tunnel.

    • Enter a /30 remote tunnel IP[6] for both ends of the tunnel, for example 192.168.103.2.

    • Enter the local gateway IP address[7] that the transit gateway uses to host the underlay network for the GRE tunnel. This user-selected IP address is configured on the transit gateway GRE tunnel after the tunnel is created.

    • Enter a /30 local tunnel IP[8] for both ends of the tunnel, for example 192.168.103.1.

    • Optionally, enter the remote BGP ASN, which is a valid 2 or 4 byte value of your choosing.

      You can leave this blank and a unique ASN is assigned.

    • Enter a connection name for your GRE tunnel.

  10. Click the Add connection button to add the unbound GRE tunnel to the transit gateway.

  11. After all connections have been added, click Create to create the transit gateway with the network connections.

Next steps

To configure the other end of the BGP tunnel, expand the newly created unbound GRE tunnel in the Connections panel to see its details. It will show the Local BGP ASN. If you created an optional remote BGP ASN, it also shows in the Connections panel. You must give this ASN information to the person creating the other end of the BGP tunnel, so that the BGP session can be fully configured.

Creating an unbound Generic Routing Encapsulation tunnel connection from the CLI

Create an unbound Generic Routing Encapsulation (GRE) tunnel connection on a given transit gateway.

ibmcloud tg connection-create-gre|ccgre GATEWAY_ID --name NAME --zone ZONE --local-gateway-ip LOCAL_GATEWAY_IP --local-tunnel-ip LOCAL_TUNNEL_IP --remote-gateway-ip REMOTE_GATEWAY_IP --remote-tunnel-ip REMOTE_TUNNEL_IP [--network-type NETWORK_TYPE] [--base-connection-id BASE_CONNECTION_ID] [--base-network-type BASE_NETWORK_TYPE] [--network-account-id NETWORK_ACCOUNT_ID] [--remote-bgp-asn REMOTE_BGP_ASN] [--output json]

Where:

GATEWAY_ID
ID of the gateway where the new connection is bound.
--name
Name of the new connection.
--zone
Availability zone for the GRE tunnel. Example: us-south-1
--local-gateway-ip
Local gateway IP address for the GRE tunnel connection.
--local-tunnel-ip
Local tunnel IP address for the GRE tunnel connection.
--remote-gateway-ip
Remote gateway IP address for the GRE tunnel connection.
--local-tunnel-ip
Remote tunnel IP address for the GRE tunnel connection.
--network-type
Optional: The type of GRE tunnel to create, either gre_tunnel or unbound_gre_tunnel. The default is gre_tunnel.
--base-connection-id
Optional: The ID of the classic network connection that will be the underlay for the GRE tunnel. Used only for gre_tunnel type connections.
--base-network-type
Optional: The type of network the GRE tunnel is targeting (classic). Used only for unbound_gre_tunnel type connections.
--network-account-id
Optional: The ID of the IBM Cloud account to use for creating a cross account GRE tunnel to a classic network. Used only for unbound_gre_tunnel type connections.
--remote-bgp-asn
Optional: If the remote BGP ASN is not specified, one is generated.
--output json
Optional: Shows the output in JSON format.
--help | -h
Optional: Get help on this command.

Example

This example illustrates creating an unbound GRE tunnel connection named unbound-gre-connection to a classic network:

ibmcloud tg connection-create-gre $gateway  --network-type unbound_gre_tunnel --name unbound-gre-connection --base-network-type classic  --zone us-south-2 --local-gateway-ip 192.168.100.1 --local-tunnel-ip 192.168.101.1 --remote-gateway-ip 10.242.63.12 --remote-tunnel-ip 192.168.101.2

Creating an unbound Generic Routing Encapsulation (GRE) tunnel connection with the API

To create an unbound Generic Routing Encapsulation (GRE) tunnel connection with the API, perform the following actions:

Request

To request a creation of an Unbound Generic Routing Encapsulation (GRE) tunnel connection, set the following parameters:

Table 1. Path parameters for creating a GRE
Path parameters Details
transit_gateway_id
Required
string 		The transit gateway identifier
Table 2. Query parameters for creating a GRE
Query parameters Details
version
Required
string 		Requests the version of the API as of a date in the format YYYY-MM-DD. Any date up to the current date may be provided. Specify the current date to request the latest version.
Possible values: Value must match the regular expression: ^[0-9]{4}-[0-9]{2}-[0-9]{2}$
Request Body
Required
TransitGatewayConnectionTemplate 		The connection template.
network_type
Required
string 		Defines what type of network is connected using this connection.
For access to unbound_gre_tunnel connections, contact IBM support.
Allowable value: [unbound_gre_tunnel]
Example: unbound_gre_tunnel
base_network_type
Required
string 		Defines what type of network the GRE tunnel is targeting. This field is required for and only applicable to type unbound_gre_tunnel connections.
Allowable value: [classic]
Example: classic
local_gateway_ip
string 		Local gateway IP address. This field is required for, and only applicable to, gre_tunnel and unbound_gre_tunnel type connections.
Example: 192.168.100.1
local_tunnel_ip
string 		Local tunnel IP address. This field is required for, and only applicable to, gre_tunnel and unbound_gre_tunnel type connections. The local_tunnel_ip and remote_tunnel_ip addresses must be in the same /30 network. Neither can be the network nor the broadcast addresses.
Example: 192.168.129.2
name
Name 		The user-defined name for this transit gateway connection.
Name specification is required for network type gre_tunnel and unbound_gre_tunnel connections.
Possible values: 1 ≤ length ≤ 63, value must match the regular expression: `^([a-zA-Z]
remote_bgp_asn
string 		Remote network BGP ASN. This field is only applicable to gre_tunnel and unbound_gre_tunnel type connections. The following ASN values are reserved and unavailable: 0, 13884, 36351, 64512, 64513, 65100, 65200–‍65234, 65402‍–‍65433, 65500, and 4201065000‍–‍4201065999. If remote_bgp_asn is omitted on gre_tunnel connection create requests, IBM will assign an ASN.
Example: 65010
remote_gateway_ip
string 		Remote gateway IP address. This field is required for, and only applicable to type gre_tunnel and unbound_gre_tunnel connections.
Example: 10.242.63.12
remote_tunnel_ip
string 		Remote tunnel IP address. This field is required for and only applicable to, gre_tunnel and unbound_gre_tunnel type connections. The local_tunnel_ip and remote_tunnel_ip addresses must be in the same /30 network. Neither can be the network nor broadcast addresses.
Example: 192.168.129.1
zone
ZoneIdentityByName 		For network_type gre_tunnel and unbound_gre_tunnel connections specify the connection's location. The specified availability zone must reside in the gateway's region. Use the IBM Cloud global catalog to list zones within the desired region. This field is required for and only applicable to gre_tunnel and unbound_gre_tunnel type connections.
  • name
    string
Availability zone name.
Example: us-south-1

Example request

This example illustrates requesting a GRE connection:

curl -X POST "https://transit.cloud.ibm.com/v1/transit_gateways/test/connections?version=2022-01-27" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"local_gateway_ip\":\"192.168.100.1\",\"local_tunnel_ip\":\"192.168.129.2\",\"name\":\"Transit_Service_BWTN_SJ_DL\",\"network_type\":\"unbound_gre_tunnel\",\"base_network_type\":\"classic\",\"remote_bgp_asn\":65010,\"remote_gateway_ip\":\"10.242.63.12\",\"remote_tunnel_ip\":\"192.168.129.1\",\"zone\":{\"name\":\"us-south-1\"}}"

{
  "local_gateway_ip": "192.168.100.1",
  "local_tunnel_ip": "192.168.129.2",
  "name": "Transit_Service_BWTN_SJ_DL",
  "network_type": "unbound_gre_tunnel",
  "base_network_type": "classic",
  "remote_bgp_asn": 65010,
  "remote_gateway_ip": "10.242.63.12",
  "remote_tunnel_ip": "192.168.129.1",
  "zone": {
    "name": "us-south-1"
  }
}

Response

The following response results show after you initiate the request:

Table 3. Initating request response
Response body Details
name
Always included*
Name 		The user-defined name for this transit gateway connection.
Possible values: 1 ≤ length ≤ 63, Value must match the regular expression: `^([a-zA-Z]
network_type
Always included*
string 		Defines what type of network is connected through this connection. The list of enumerated values for this property may expand in the future. Code and processes using this field must tolerate unexpected values.
Possible values: [unbound_gre_tunnel]
Example: unbound_gre_tunnel
id
Always included*
string 		The unique identifier for this transit gateway connection
Example: 1a15dca5-7e33-45e1-b7c5-bc690e569531
created_at
Always included*
date-time 		The date and time that this connection was created.
base_network_type
string 		Defines what type of network the GRE tunnel is targeting. This field only applies to unbound_gre_tunnel type connections. The list of enumerated values for this property may expand in the future. Code and processes using this field must tolerate unexpected values.
Possible values: [classic]
Example: classic
local_bgp_asn
integer 		The local network BGP ASN. This field only applies to network type gre_tunnel and unbound_gre_tunnel connections.
Example: 64490
local_gateway_ip
string 		The local gateway IP address. This field only applies to network type gre_tunnel and unbound_gre_tunnel connections.
Example: 192.168.100.1
local_tunnel_ip
string 		The local tunnel IP address. This field only applies to network type gre_tunnel and unbound_gre_tunnel connections.
Example: 192.168.129.2
mtu
integer 		The GRE tunnel MTU. This field only applies to network type gre_tunnel and unbound_gre_tunnel connections.
Example: 9000
remote_bgp_asn
integer 		The remote network BGP ASN. This field only applies to network type gre_tunnel and unbound_gre_tunnel connections.
Example: 65010
remote_gateway_ip
string 		The remote gateway IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
Example: 10.242.63.12
remote_tunnel_ip
string 		The remote tunnel IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
Example: 192.168.129.1
request_status
string 		Represents the status of a connection request between IBM Cloud accounts, and is only visible for cross account connections. The list of enumerated values for this property may expand in the future. Code and processes using this field must tolerate unexpected values.
Possible values: [pending,approved,rejected,expired,detached]
status
string 		The connection's current configuration state. The list of enumerated values for this property may expand in the future. Code and processes using this field must tolerate unexpected values.
Possible values: [attached,failed,pending,deleting,detaching,detached]
updated_at
date-time 		The date and time that this connection was last updated.
zone
ZoneReference 		The location of GRE tunnel. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
  • name
    Always included*
    string
Availability zone name
Example: us-south-1
Table 4. Status codes
Status Code
201 The transit gateway connection was created successfully.
400 An invalid connection template was provided.
404 The specified transit gateway could not be found, the specified resource group could not be found, or the default resource group could not be found (if the resource group was not specified in the template).
409 The network being connected must either be in a location that is considered "local" to the specified transit gateway, or the specified transit gateway must be global. The network being connected cannot already be connected to another transit gateway.

Example response

This example illustrates the response from creating an unbound GRE tunnel:

{
  "created_at": "2020-03-31T12:08:05Z",
  "id": "1a15dca5-7e33-45e1-b7c5-bc690e569531",
  "name": "example-connection",
  "network_type": "unbound_gre_tunnel",
  "base_network_type": "classic",
  "status": "pending",
  "updated_at": "2020-03-31T12:08:05Z"
}

For more information (including Java, Node, Python and Go examples), refer to Add Connection to a Transit Gateway.

Creating a Generic Routing Encapsulation tunnel connection using Terraform

You can specify the following argument references for your resource when creating an unbound Generic Routing Encapsulation (GRE) tunnel connection:

Table 5. Terraform argument references for creating a GRE
Argument Details
gateway
Required
Forces new resource
string 		Enter the transit gateway identifier.
local_gateway_ip
Optional
Forces new resource
string 		The local gateway IP address.
This field is required for, and only applicable to, gre_tunnel and unbound_gre_tunnel type connections.
local_tunnel_ip
Optional
Forces new resource
string 		The local tunnel IP address.
This field is required for, and only applicable to, gre_tunnel and unbound_gre_tunnel type connections.
name
Optional
string 		The name of the connection. If the name is not given, the default name is provided based on the network type, such as unbound_gre_tunnel for network type unbound gre.
network_type
Required
Forces new resource
string 		The network type. Allowed values are gre_tunnel and unbound_gre_tunnel.
base_network_type
Optional
Forces new resource
string 		The base network type. Allowed values are classic.
This field only applies to unbound_gre_tunnel type connections.
remote_bgp_asn
Optional
Forces new resource
integer 		The remote network BGP ASN. It will be generated for the connection if not specified.
This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
remote_gateway_ip
Optional
Forces new resource
string 		The remote gateway IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
remote_tunnel_ip
Optional
Forces new resource
string 		The remote tunnel IP address. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.
zone
Optional
Forces new resource
string 		The location of the GRE tunnel. This field only applies to gre_tunnel and unbound_gre_tunnel type connections.

Example

This example illustrates requesting an unbound GRE tunnel connection:

resource "ibm_tg_connection" "test_ibm_tg_connection" {
  gateway            = ibm_tg_gateway.test_tg_gateway.id
  network_type       = "unbound_gre_tunnel"
  base_network_type  = "classic"
  name               = "myconnection"
  local_gateway_ip   = 192.168.0.1
  local_tunnel_ip    = 10.0.0.1
  remote_bgp_asn     = 36361
  remote_gateway_ip  = 192.168.1.1
  remote_tunnel_ip   = 10.0.1.1
  zone               = us-east
}

  1. This address must comply with rfc1918 IP addresses and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎

  2. This address must comply with rfc1918 IP addresses and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎

  3. This address must not be an IP address within the multicast range of 224.0.0.0 to 239.255.255.255 and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎

  4. This address must comply with rfc1918 IP addresses and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎

  5. This address must comply with rfc1918 IP addresses and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎

  6. This address must comply with rfc1918 IP addresses and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎

  7. This address must not be an IP address within the multicast range of 224.0.0.0 to 239.255.255.255 and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎

  8. This address must comply with rfc1918 IP addresses and cannot be in conflict with any existing networks connected to the transit gateway. ↩︎