GRE

True point-to-point networks are not always possible in today’s corporate networking environment. Many networks deploy non-traditional methods of connection (for example, DSL or broadband) at remote sites or branch offices. The branch office, telecommuter, or business traveler then becomes separated from the corporate network. Some method of tunneling becomes imperative to connect all the network sites together.

Virtual Private Networking (VPN) is often deployed to create private tunnels through the public network system for passing data to remote sites. While VPN is sufficient for the average business traveler, it is not a good solution for branch site connectivity. VPN configurations must include statically maintained access lists to identify traffic through the tunnel. These access lists are often tedious to configure for larger networks and are prone to errors.

VPNs do not permit multicast traffic to pass; therefore routing protocols such as Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are no longer options for dynamic routing updates. All new additions to the network topology must be manually added to the various configured access lists. Without dynamic routing from one site to another, network management is severely hampered. Network managers need their non-heterogeneous networks to function like traditional point-to-point networks (see Figure 2) so that traditional management methods (once available only on point-to-point circuits) can apply to the entire network.

The solution to these challenges is GRE.

Generic Routing Encapsulation (GRE) in its simplest form provides a way to encapsulate any network layer protocol over any other network layer protocol. GRE is used to transport IP packets with private IP addresses over the public internet to a remote private IP network. GRE allows routers to act as if they have a virtual point-to-point connection to each other. GRE tunnels allow routing protocols (like RIP and OSPF) to be forwarded to another router across the Internet. In addition, GRE tunnels can encapsulate multicast data streams for transmission over the Internet.

The following diagram shows a GRE tunnel that connects two IPv4 networks over an IPv4 network.

If network 1 and network 3 were using IPv6 addressing, GRE connects them by encapsulating the IPv6 traffic in IPv4 packets to traverse network 2.

GRE tunneling is accomplished by creating routable tunnel endpoints that operate on top of existing physical and/or other logical endpoints. By design, GRE tunnels connect A to B and provide a clear data path between them. Data is routed by the system to the GRE endpoint using routes established in the route table. (These routes can be manually established or dynamically learned using routing protocols such as RIP or OSPF.) Once a data packet is received by the GRE endpoint, it is encapsulated in a GRE header and routed again using the endpoint configuration (destination address of the tunnel); therefore each data packet traveling over the GRE tunnel gets routed through the system twice. The best way to understand this is to trace a packet destined for a network available through a GRE tunnel. For example:

  1. Packet originates from 180.1.10.55 with destination address of 190.1.10.19.
  2. Packet is received by switch 1 on interface 1/1/2 (180.1.10.2).
  3. The switch checks the routing table and determines that the destination network for the packet is available through GRE tunnel 10.
  4. The packet is encased in GRE header with source IP (10.1.1.1) and destination IP (20.1.1.1).
  5. The switch checks the routing table and determines that the destination for 20.1.1.1 is on interface 1/1/1.
  6. The packet traverses the public network.
  7. Switch B receives the packet on interface 1/1/1 (20.1.1.1). The switch recognizes that there is a GRE header on the packet and sends it to the tunnel interface associated with the source and destination IP addresses (10.1.1.1 and 20.1.1.1).

GRE support

  • Up to 127 tunnels can be defined on a switch.
  • A maximum of 16 source IP addresses are supported. Tunnels can have the same source IP address and different destination IP addresses. The source IP, destination IP, and VRF combine to uniquely identify a tunnel.

Unsupported features

  • GRE IPv4 over IPv6 and GRE IPv6 over IPv6 are not supported.
  • QoS cannot be applied to a GRE tunnel interface.
  • Key support can be added for security and identification purposes when there are multiple applications.
  • VPN across public IP network.
  • MPLS over GRE.
  • Multipoint GRE for scalable network to reach multiple remote sites.