All Products
Search

This Product

    :Create an IPIP tunnel in an ECS instance deployed in a VPC

    Document Center

    :Create an IPIP tunnel in an ECS instance deployed in a VPC

    Last Updated:Jul 19, 2023

    Overview

    This topic describes how to create an IPIP tunnel in an Elastic Compute Service (ECS) instance deployed in a virtual private cloud (VPC).

    Issue

    Enable communication between 172.31.0.118 and 192.168.0.4 through an IPIP tunnel. The following figure shows the network topology.

    Note

    • The CIDR block of VPC1 is 172.31.0.0/24, and the CIDR block of VPC2 is 192.168.0.0/24.

    • The ECS instance with the IP address 172.31.0.118 in VPC1 is used. The IP address of the IPIP tunnel gateway is 172.31.0.119.

    • The ECS instance with the IP address 192.168.0.4 in VPC2 is used. The IP address of the IPIP tunnel gateway is 192.168.0.1.

    • 10.0.0.1 and 10.0.0.2 are the connection addresses of the tunnel.

    Solutions

    Related operations in VPC1

    1. Log on to 172.31.0.119 and run the following commands. Run ifconfig and route -n to check whether the configuration is complete. 

      echo 1 > /proc/sys/net/ipv4/ip_forward ##Enable routing.
modprobe ipip ##Load the IPIP module.
ip tunnel add tun1 mode ipip local 172.31.0.119 remote 47.X.X.209 ##Create an IPIP tunnel.
ip link set tun1 up ##Enable the tun1 tunnel.
ip addr add 10.0.0.1 peer 10.0.0.2 dev tun1 ##Configure the connection address for the tunnel.
route add -net 192.168.0.0/24 dev tun1 ##Configure routes.

      A command output similar to the following one is displayed.

      p573314..png

    2. In the route table of VPC1, add a route whose destination CIDR block is the CIDR block of VPC2 and whose next hop is the ECS instance where the IPIP gateway resides.

    3. Add a route whose destination CIDR block is the connection address and whose next hop is the ECS instance where the IPIP gateway resides.

    Related operations in VPC2

    1. Log on to 192.168.0.1 and run the following commands. Run ifconfig and route -n to check whether the configuration is complete. 

      echo 1 > /proc/sys/net/ipv4/ip_forward ##Enable routing.
modprobe ipip ##Load the IPIP module.
ip tunnel add tun1 mode ipip local 192.168.0.1 remote 47.X.X.163 ##Create an IPIP tunnel.
ip link set tun1 up ##Enable the tun1 tunnel.
ip addr add 10.0.0.2 peer 10.0.0.1 dev tun1 ##Configure the connection address for the tunnel.
route add -net 172.31.0.0/24 dev tun1 ##Configure a route.

    2. A command output similar to the following one is displayed.

      p573317..png

    3. In the route table of VPC2, add a route whose destination CIDR block is the CIDR block of VPC1 and whose next hop is the ECS instance where the IPIP gateway resides.

    4. Add a route whose destination CIDR block is the connection address and whose next hop is the ECS instance where the IPIP gateway resides.

    Check the connectivity

    1. Log on to 192.168.0.4.

    2. Run the following command to ping the destination address. 

      ping 172.31.0.118

      A command output similar to the following one is displayed.

      p573320..png

    Applicable scope

    • VPC