Generic Routing Encapsulation (GRE) Tunnel

Generic Routing Encapsulation or GRE protocol is developed by Cisco and it provides a virtual point-to-point private connection and encapsulates and forwards packets over an IP-based network. GRE is used in many instances, such as transporting IPv6 traffic over an IPv4-only network. We can also use GRE to tunnel routing protocols like RIP, OSPF, or EIGRP between HQ and branch sites.

How Do GRE Tunnels Work?

When a router encapsulates data packets, it modifies the packet’s header information (encapsulation) to include the remote endpoint’s IP address as the destination. The GRE packets consist of GRE header and flags, original IP header, and payload data. The new IP header information now allows the GRE packet to be routed between two tunnel endpoints without inspecting the original packet’s payload. Once the packet reaches the remote tunnel endpoint, the GRE header is removed (de-encapsulation), and the original data packet is routed to the remote network.

Original Packet

IP Header

Payload Data

GRE Packet

GRE IP Header

GRE Flags

Original IP Header

Payload Data

GRE Configuration

Here’s the step-by-step process for configuring the GRE tunnel:

Verification

Now, let’s check the state of the tunnel using the ‘show interfaces tunnel’ command.

Site-A#sh int tunnel 1 | include Tunnel.*is|Tunnel s|Tunnel pTunnel1 is up, line protocol is up Tunnel source 172.16.1.1, destination 172.16.2.1 Tunnel protocol/transport GRE/IP

Site-B#sh int tunnel 1 | include Tunnel.*is|Tunnel s|Tunnel p Tunnel1 is up, line protocol is up Tunnel source 172.16.2.1, destination 172.16.1.1 Tunnel protocol/transport GRE/IP

Let’s also check the routing table if Site A has formed an OSPF adjacency with Site B over the GRE tunnel.

Site-A# sh ip route ospfGateway of last resort is 172.16.1.2 to network 0.0.0.0O IA 192.168.2.0/24 [110/1001] via 10.10.10.2, 00:02:22, Tunnel1

Lastly, we do a traceroute and ping to confirm reachability.

Site-A#traceroute 192.168.2.1Type escape sequence to abort.Tracing the route to 192.168.2.1VRF info: (vrf in name/id, vrf out name/id) 1 10.10.10.2 5 msec 6 msec *

Site-A#ping 192.168.2.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/6 ms

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:

FAQs

Generic Routing Encapsulation (GRE) Tunnel - Study CCNP? ›

How Do GRE Tunnels Work? When a router encapsulates data packets, it modifies the packet's header information (encapsulation) to include the remote endpoint's IP address as the destination. The GRE packets consist of GRE header and flags, original IP header

IP header

IPv4 is the fourth version in the development of the Internet Protocol, and routes most traffic on the Internet. The IPv4 header includes thirteen mandatory fields and is as small as 20 bytes. A fourteenth optional and infrequently used options field can increase the header size.

https://en.wikipedia.org › wiki › IP_header

IP header - Wikipedia

, and payload data.

Read On ›

What is generic routing encapsulation GRE tunnel? ›

Generic Routing Encapsulation, or GRE, is a protocol for encapsulating data packets that use one routing protocol inside the packets of another protocol. "Encapsulating" means wrapping one data packet within another data packet, like putting a box inside another box.

Discover More Details ›

What VPN tunnel type uses generic routing encapsulation? ›

GRE tunnels are essential for routing data efficiently and securely over multicast-enabled networks, particularly in Cisco technologies. Multipoint Generic Routing Encapsulation is a protocol used for creating Virtual Private Networks (VPNs) over a multicast-enabled network, particularly for Cisco technologies.

Is generic routing encapsulation GRE a non secure site to site VPN tunneling protocol? ›

Generic Routing Encapsulation (GRE) is a non-secure site-to-site VPN tunneling protocol. A GRE tunnel can encapsulate various network layer protocols as well as multicast and broadcast traffic. GRE does not by default support encryption; and therefore, it does not provide a secure VPN tunnel.

See Details ›

Which of the following protocols do generic routing encapsulation GRE tunnels support? ›

Features of Generic Routing Encapsulation

The protocol can work with numerous Layer 3 protocols, including IP, IPX and DECnet. As a result, one GRE tunnel can carry different types of traffic and route packets to their ultimate destination.

Find Out More ›

What is the purpose of a GRE tunnel? ›

GRE Tunnel Overview

A Generic Routing Encapsulation (GRE) tunnel is ideal for forwarding internet-bound traffic from your corporate network to the Zscaler service. GRE is a tunneling protocol for encapsulating packets inside a transport protocol. A GRE-capable router encapsulates a payload packet inside a GRE packet.

Tell Me More ›

What is the difference between IPSec and GRE tunnel? ›

GRE is a tunneling protocol which is used to transport multicast, broadcast and non-IP packets like IPX etc. IPSec is an encryption protocol. IPSec can only transport unicast packets not multicast & broadcast. Hence we wrap it GRE first and then into IPSec which is called as GRE over IPSec.

Show Me More ›

What is the difference between GRE and UDP? ›

Generic Routing Encapsulation (GRE) is a tunneling protocol that encapsulates various network protocols within Internet Protocol (IP) packets. User Datagram Protocol (UDP) is a lightweight transport protocol used for sending data over IP networks. Both protocols are fundamental to network communications.

Explore More ›

Is a GRE tunnel secure? ›

GRE tunnels do not provide any authentication, confidentiality, or integrity protection for the encapsulated traffic. This means that anyone who can intercept the GRE packets can see the original network layer protocol and its payload, and potentially modify or spoof it.

What is GRE in Cisco? ›

Generic Routing Encapsulation (GRE) provides a simple approach to transporting packets of one protocol over another protocol using encapsulation.

Show Me More ›

What are the disadvantages of the GRE? ›

One of the main problems with the GRE is its ability to predict graduate school performance, particularly the first-year grades. Several critics have cited that its predictive validity is actually weak. Also, the GRE fails to cover areas like a student's intellect, creativity, and perseverance to finish a program.

Read The Full Story ›

What is the difference between site to site VPN and GRE tunnel? ›

VPN tunnels encrypts traffic that is sent across the link while GRE tunnels simply encapsulate the traffic before sending it over the link. However, VPN tunnels come with several disadvantages as well. VPN configurations must include statically maintained access lists to identify traffic allowed through the tunnel.

See Details ›

What is the difference between L2TP and GRE tunnel? ›

GRE and L2TP are both tunneling protocols. Their main difference is that L2TP is a user access protocol whereas GRE is a network protocol. Therefore, L2TP involves only user-side access, and GRE involves only network-side tunnel connectivity.

Get More Info Here ›

What is the purpose of generic routing encapsulation? ›

Generic routing encapsulation (GRE) provides a private path for transporting packets through an otherwise public network by encapsulating (or tunneling) the packets. GRE tunneling is accomplished through tunnel endpoints that encapsulate or de-encapsulate traffic.

What are the 3 types of routing protocols? ›

In the Internet, there are three types of routing protocols commonly used. They are: distance vector, link state, and path vector. In this chapter, we present the basic concepts and fundamentals behind each of these three types of protocols in a generic framework.

What is the bandwidth limit for GRE tunnel? ›

Supported Bandwidth for GRE Tunnels

Zscaler supports a maximum bandwidth of 1 Gbps for each GRE tunnel if its internal IP addresses aren't behind NAT.

View Details ›

What is the difference between IP encapsulation and GRE? ›

IP-in-IP is an even simpler encapsulating protocol, using this technique IP packets are encapsulated only in an additional IP header. So unlike GRE tunnels an IP-in-IP tunnel cannot carry multicast traffic, other protocols or IPv6 between networks.

What is encapsulation in tunneling? ›

Tunneling is a way to move packets from one network to another. Tunneling works via encapsulation: wrapping a packet inside another packet.

Learn More ›

When using generic routing encapsulation (GRE tunneling over internet protocol version 4 IPv4), where is the GRE header inserted? ›

GRE Header The 4-16 byte header is placed between the delivery and payload headers. At least, the GRE header stores the GRE version and payload protocol type. Optionally the GRE header can store a packet checksum, a tunnel key and packet sequence number.

Discover More Details ›

What is the difference between EoIP and GRE tunnel? ›

GRE tunnel adds a 24 byte overhead (4-byte gre header + 20-byte IP header). Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection.

Show Me More ›

Generic Routing Encapsulation (GRE) Tunnel - Study CCNP (2024)

How Do GRE Tunnels Work?

GRE Configuration

Verification

FAQs

Generic Routing Encapsulation (GRE) Tunnel - Study CCNP? ›

IP header - Wikipedia

What are the disadvantages of the GRE? ›