Configuring GRE tunnels
April 17, 2024
ID 206050
Prerequisites for configuring GRE tunnels
- GRE keepalive must be disabled.
- Traffic in the tunnel must be symmetric.
- Traffic is transmitted over only one tunnel at any point in time.
- Prior to building GRE tunnels, the TTL of the DNS A record for the Protected resource must be changed to a value of 300 seconds.
Description
GRE tunnels are configured with a Full Mesh topology (each Customer channel connects to each Kaspersky DDoS Protection Scrubbing Center). Traffic is transmitted over only one tunnel at any point in time. The other tunnels are necessary to ensure fault tolerance.
For this reason, you must make sure that the volume of traffic sent to the Scrubbing Center does not exceed the bandwidth of each communication channel. It is preferable that each communication channel have a capacity 30% larger than the volume of traffic sent to the Scrubbing Center. This is necessary to preserve stable availability of the Protected resource when there are surges of traffic.
Clean traffic from the Scrubbing Center will be delivered through these tunnels. Because only one tunnel is used at any point in time, traffic in a tunnel must be symmetric. Symmetric traffic means that the outbound traffic generated by the Protected resources must also return through the same tunnel.
