Now that we've entered a basic configuration on Vyatta VC4 VMs and made sure that we do not have connectivity problems, we can proceed and test the GRE and IPIP tunnels in case of Scenario 2. If you do not recall what was Scenario 2 take a look here.
First we will configure them without IPsec protection to see how they behave. Since we are in our private lab, security is not a problem. I suppose I do not have to remind you that, in practice, if you simply first configure the GRE or IPIP tunnels without IPsec protection to make sure that they are up and working, *anybody* with access to the wire can hack into your network (the portion of it accessible through the tunnels).

As said before, Vyatta really shines in a particular area: if you have to do a deployment in practice, you can actually do so having a working and tested configuration. First you can easily do the tests using a VMware lab for example, find a working configuration and optimize this configuration. Then, with the confidence gained over your configuration files, deployment should be easy and trouble free.
And the branch office admins can be provided with a fully workable configuration file to enter on their Vyatta machines.
These aspects are quite important because they can save time and money.

As in Part 9, I will enable VMware Network Adapter VMnet5, VMware Network Adapter VMnet6, VMware Network Adapter VMnet7 on the host machine, see Figure136.

Figure136: VMware Network Adapters VMnet5, VMnet6 and VMnet7 Enabled

Also, since VMware Network Adapters VMnet5, VMnet6 and VMnet7 are enabled, I can use a SSH client from the host machine to configure the routers.
And before entering the configuration lines on the Vyatta VC4 machines, I will start a Wireshark capture on the VMnet5 interface on the host machine(see Figure137, make sure "Capture packets in promiscous mode " is selected). Doing so, I will have a nice point of view over the traffic sent between Vyatta VC4 machines because Glendale HQ represents the hub, I will see the first packets sent through the tunnels, the OSPF multicast packets and so on. This is very useful for troubleshooting and we can actually see how things work. Additionally you can start Wireshark captures on VMnet6 and VMnet7 interfaces on the host machine in order to have a complete view over the traffic(see Figure138 and Figure139, make sure "Capture packets in promiscous mode " is selected).

Figure139:  Start the Wireshark captures on the host machine

And we will run OSPF through these tunnels to discover the networks behind the other Vyatta VC4 machines.

set protocols ospf area 100
set protocols ospf area 100 network 192.168.10.0/24
set protocols ospf area 100 network 192.168.111.0/30
set protocols ospf area 100 network 192.168.121.0/30
set protocols ospf log-adjacency-changes
commit
save

And we will run OSPF through this tunnel to discover the networks behind the other Vyatta VC4 machines.

set protocols ospf area 100
set protocols ospf area 100 network 192.168.30.0/24
set protocols ospf area 100 network 192.168.111.0/30
set protocols ospf log-adjacency-changes
commit
save

And we will run OSPF through this tunnel to discover the networks behind the other Vyatta VC4 machines.

set protocols ospf area 100
set protocols ospf area 100 network 192.168.40.0/24
set protocols ospf area 100 network 192.168.121.0/30
set protocols ospf log-adjacency-changes
commit
save

If we take a look at the Wireshark capture, we will notice that it recorded some activity, a sign that our tunnels are working. In Figure140 we can spot OSPF traffic sent through the GRE tunnel between HQ and Branch1.

Figure140: Wireshark Capture GRE Tunnels: OSPF Traffic

Let's check the routing table on the Glendale HQ, Glendale Branch1 and Glendale Branch2, see Figure141, Figure142 and Figure143. We can notice that every Vyatta VC4 machine is now aware of the networks behind the other Vyatta VC4 machines.

Figure141: Glendale HQ GRE Tunnels: Routing Table

Figure142: Glendale Branch1 GRE Tunnels: Routing Table

Figure143: Glendale Branch2 GRE Tunnels: Routing Table

Figure145: Glendale HQ GRE Tunnels: show ip ospf interface tun1 and tun2

Figure146: Glendale Branch1 GRE Tunnels: show ip ospf interface tun1

Figure147: Glendale Branch2 GRE Tunnels: show ip ospf interface tun1

Let's see if we have connectivity between hosts located behind Vyatta VC4 machines, see Figure148, Figure149 and Figure150.

Figure148:  GRE Tunnels: Ping from a Host Behind Glendale HQ to Hosts Behind Glendale Branch1 and Glendale Branch2

Figure149:  GRE Tunnels: Ping from a Host Behind Glendale Branch1 to Hosts Behind Glendale HQ and Glendale Branch2

Figure150:  GRE Tunnels: Ping from a Host Behind Glendale Branch2 to Hosts Behind Glendale HQ and Glendale Branch1

The ping traffic we generated was recorded by our Wireshark capture, see Figure151.

Figure151: Wireshark Capture GRE Tunnels: Ping

Things look good.

All the configuration lines entered on Glendale HQ, Glendale Branch1 and Glendale Branch2 can be found here:
 -  Glendale HQ
 -  Glendale Branch1
 -  Glendale Branch2

If you want, you can make the hub-and-spoke topology a mesh one, by configuring a point-to-point GRE tunnel between Branch1 and Branch2.

On Branch1 add:

set interfaces tunnel tun2
set interfaces tunnel tun2 address 192.168.131.1/30
set interfaces tunnel tun2 description "Gre Tunnel to Branch2"
set interfaces tunnel tun2 encapsulation gre
set interfaces tunnel tun2 local-ip 192.168.60.2
set interfaces tunnel tun2 remote-ip 192.168.70.2

set protocols ospf area 100 network 192.168.131.0/30
commit

On Branch2 add:

set interfaces tunnel tun2
set interfaces tunnel tun2 address 192.168.131.2/30
set interfaces tunnel tun2 description "Gre Tunnel to Branch1"
set interfaces tunnel tun2 encapsulation gre
set interfaces tunnel tun2 local-ip 192.168.70.2
set interfaces tunnel tun2 remote-ip 192.168.60.2

set protocols ospf area 100 network 192.168.131.0/30
commit

And we will run OSPF through these tunnels to discover the networks behind the other Vyatta VC4 machines.

set protocols ospf area 100
set protocols ospf area 100 network 192.168.10.0/24
set protocols ospf area 100 network 192.168.111.0/30
set protocols ospf area 100 network 192.168.121.0/30
set protocols ospf log-adjacency-changes
commit
save

And we will run OSPF through this tunnel to discover the networks behind the other Vyatta VC4 machines.

set protocols ospf area 100
set protocols ospf area 100 network 192.168.30.0/24
set protocols ospf area 100 network 192.168.111.0/30
set protocols ospf log-adjacency-changes
commit
save

And we will run OSPF through this tunnel to discover the networks behind the Vyatta VC4 machines.

set protocols ospf area 100
set protocols ospf area 100 network 192.168.40.0/24
set protocols ospf area 100 network 192.168.121.0/30
set protocols ospf log-adjacency-changes
commit
save