Scribd
Upload
105 views9 pages

GRE Tunnel Basics

Generic Routing Encapsulation (GRE) is a protocol used to encapsulate data packets from one routing protocol within another, enabling point-to-point connections across networks. GRE allows for the tunneling of various Layer 3 protocols and is essential for dynamic routing scenarios where Site-to-Site VPNs may not suffice. The document also provides configuration examples for setting up GRE tunnels between routers, demonstrating how to establish connectivity and enable routing protocols like EIGRP over the tunnel.

Uploaded by

alatsis.n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
105 views9 pages

GRE Tunnel Basics

Generic Routing Encapsulation (GRE) is a protocol used to encapsulate data packets from one routing protocol within another, enabling point-to-point connections across networks. GRE allows for the tunneling of various Layer 3 protocols and is essential for dynamic routing scenarios where Site-to-Site VPNs may not suffice. The document also provides configuration examples for setting up GRE tunnels between routers, demonstrating how to establish connectivity and enable routing protocols like EIGRP over the tunnel.

Uploaded by

alatsis.n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

What is GRE?

Generic Routing Encapsulation, or GRE, is a protocol for encapsulating data packets that
use one routing protocol inside the packets of another protocol.

"Encapsulating" means wrapping one data packet within another data packet, like
putting a box inside another box.

GRE is one way to set up a direct point-to-point connection across a network, for the
purpose of simplifying connections between separate networks. It works with a variety
of network layer protocols.

2. Why You Might Be Unable to Use Site-to-Site VPN Instead of GRE


Lack of Support for Routing Protocols:

Site-to-Site IPsec VPN only supports unicast IP traffic.

If you need to run dynamic routing (EIGRP, OSPF, multicast), GRE is required because
it encapsulates routing updates.

Tunneling is a concept where we put ‘packets into packets’ so they can be transported
over certain networks. We also call this encapsulation.

A good example is when we have an HQ and a branch site, and you want to run a routing
protocol like RIP, OSPF, or EIGRP between them. We can tunnel these routing protocols
so that the HQ and branch router can exchange routing information.

What does GRE tunneling mean?


Encapsulating packets within other packets is called "tunneling." GRE tunnels are usually
configured between two routers, with each router acting like one end of the tunnel. The
routers are set up to send and receive GRE packets directly to each other. Any routers in
between those two routers will not open the encapsulated packets; they only reference
the headers surrounding the encapsulated packets in order to forward them.

What goes in a GRE header?


All data sent over a network is broken up into smaller pieces called packets, and all
packets have two parts: the payload and the header. The payload is the packet’s actual
contents, the data being sent. The header has information about where the packet
comes from and what group of packets it belongs to. Each network protocol attaches a
header to each packet.

GRE adds two headers to each packet: the GRE header, which is 4 bytes long, and an IP
header, which is 20 bytes long. The GRE header indicates the protocol type used by the
encapsulated packet. The IP header encapsulates the original packet's header and
payload. This means that a GRE packet usually has two IP headers: one for the original
packet, and one added by the GRE protocol. Only the routers at each end of the GRE
tunnel will reference the original, non-GRE IP header.

Generic Routing Encapsulation packets and headers

In any network, a packet refers to a unit of data that moves from a source to a
destination. All packets consist of a payload and control information. The payload
contains the user data (actual information) while the control information includes
elements like source and destination addresses and sending sequence. The control
information is placed in the packet header, with one header attached to each packet.

Before a GRE tunnel is created, the original or outer packet has an IP header (20 bytes).
Creating the tunnel means creating a GRE packet that now has two IP headers. The IP
header for the original packet remains intact. When the tunnel is created, the protocol
adds a new GRE header (4 bytes), which indicates the type of protocol that will be used
by the encapsulated packet. The GRE header also includes information such as the
packet's source and destination addresses, sequence number and protocol identifier.

Once both headers are created, the encapsulated packet can travel from the source
router to the destination router. The end router will decapsulate the packet and use the
header information to route the packet to its destination.

GRE headers are added to the packet that is being forwarded.

Features of Generic Routing Encapsulation

The main feature of the GRE protocol is its ability to wrap one data packet inside
another packet, allowing packets to travel between two otherwise-incompatible
protocols or networks. Versatility is another feature of GRE. The protocol can work with
numerous Layer 3 protocols, including IP, IPX and DECnet. As a result, one GRE tunnel
can carry different types of traffic and route packets to their ultimate destination.
Basically, when you configure a tunnel, it’s like you create a point-to-point
connection between the two devices. GRE (Generic Routing Encapsulation) is a simple
tunneling technique that can do this for us. Let me show you a topology that we will use to
demonstrate GRE:

Above, we have three routers connected to each other. On the left side, we have the “HQ”
router, our headquarters. On the right side, there is a “Branch” router that is supposed to be
a branch office. Both routers are connected to the Internet. In the middle, on top, there is
an ISP router. We can use this topology to simulate two routers connected to the Internet.
The HQ and Branch router each have a loopback interface representing the LAN.

Let me show you the basic configuration of these routers so that you can recreate it if
you want:

HQ(config)#interface fastEthernet 0/0

HQ(config-if)#ip address 192.168.12.1 255.255.255.0

HQ(config-if)#exit

HQ(config)#interface loopback0

HQ(config-if)#ip address 172.16.1.1 255.255.255.0


HQ(config-if)#exit

HQ(config)#ip route 192.168.23.3 255.255.255.255 192.168.12.2

ISP(config)#interface fastEthernet 0/0

ISP(config-if)#ip address 192.168.12.2 255.255.255.0

ISP(config-if)#exit

ISP(config)#interface fastEthernet 1/0

ISP(config-if)#ip address 192.168.23.2 255.255.255.0

Branch(config)#interface fastEthernet 0/0

Branch(config-if)#ip address 192.168.23.3 255.255.255.0

Branch(config-if)#exit

Branch(config)#interface loopback 0

Branch(config-if)#ip address 172.16.3.3 255.255.255.0

Branch(config-if)#exit

Branch(config)#ip route 192.168.12.1 255.255.255.255 192.168.23.2

I created a static route on the HQ and Branch routers so that they can reach each other
through the ISP router. They will be unable to reach the networks on each other’s
loopback interfaces, however. Now let’s create a tunnel:

HQ(config)#interface tunnel 1

HQ(config-if)#tunnel source fastEthernet 0/0

HQ(config-if)#tunnel destination 192.168.23.3

HQ(config-if)#ip address 192.168.13.1 255.255.255.0


Branch(config)#interface tunnel 1

Branch(config-if)#tunnel source fastEthernet 0/0

Branch(config-if)#tunnel destination 192.168.12.1

Branch(config-if)#ip address 192.168.13.3 255.255.255.0

You can pick any number for the tunnel interface that you like. We need to specify a
source and destination IP address to build the tunnel, and we’ll use the 192.168.13.0
/24 subnet on the tunnel interface. Let’s verify that our tunnel is working:

HQ#show interfaces tunnel 1

Tunnel1 is up, line protocol is up

Hardware is Tunnel

Internet address is 192.168.13.1/24

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source 192.168.12.1 (FastEthernet0/0), destination 192.168.23.3

Tunnel protocol/transport GRE/IP

Branch#show interfaces tunnel 1

Tunnel1 is up, line protocol is up

Hardware is Tunnel

Internet address is 192.168.13.3/24


MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source 192.168.23.3 (FastEthernet0/0), destination 192.168.12.1

Tunnel protocol/transport GRE/IP

Above, you can see that the tunnel interface is up/up on both routers. The default
tunneling mode is GRE. Let’s see if both routers can reach each other:

Branch#ping 192.168.13.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/12 ms

There we go…they can ping each other without any issues! So that wasn’t too bad,
right? Let’s see if we can enable a routing protocol so that we can advertise the
loopback interfaces. I’ll use EIGRP for this:

HQ(config)#router eigrp 13

HQ(config-router)#no auto-summary

HQ(config-router)#network 192.168.13.0

HQ(config-router)#network 172.16.1.0
Branch(config)#router eigrp 13

Branch(config-router)#no auto-summary

Branch(config-router)#network 192.168.13.0

Branch(config-router)#network 172.16.3.0

I’ll activate EIGRP on the tunnel and loopback interfaces. You will see that both routers
establish an EIGRP neighbor adjacency through the tunnel interface. Let’s check the
routing tables:

If you can't get connectivity between loopback, you can just add on pc like this -after check
the connectivity
PRACTICING LAB :

You might also like