Table of Contents Generic Routing Encapsulation, or GRE, is a tunneling system that allows various network layer protocols to be encapsulated within IP tunnels. Using either public or private networks, GRE may establish point-to-point logical links between network devices. In this blog, we will explain the GRE protocol with its working, benefits, drawbacks, and configuration. Generic routing encapsulation or GRE is a protocol that encapsulates packets of one network protocol, such as IPv4, IPv6, IPX, etc., within the payload of another protocol, like IP. The term “encapsulate” refers to the process of wrapping one data packet within another data packet. GRE is a way of establishing a direct point-to-point connection across a network. It works with several network layer protocols. The GRE protocol allows the utilization of protocols that are typically unsupported by a network. This is achieved by encapsulating the packets within other packets that employ supported protocols. Below, we have explained the concept of the GRE Protocol with the help of an example. Let’s suppose a company has two branch offices. One is using IP (Internet Protocol) and the other one is using AppleTalk. In order to enable communication between these two branch offices, GRE can be used. Now, the question that arises is Why the GRE is used. The answer is simple, GRE can be used to encapsulate AppleTalk packets within IP packets. It would allow the AppleTalk data to be transmitted easily over the IP network. By doing this, the two branch offices can be easily connected.Introduction
What is Generic Routing Encapsulation?
As you can see in the image below, the AppleTalk packets are encapsulated within IP packets.
What is GRE Tunnelling?
GRE tunneling is a technique that is mainly used to encapsulate data packets from one network protocol within another protocol. With this, it is possible to transmit data packets over a network that does not support the original protocol.
In a GRE tunnel, the data packets are wrapped in a new packet header, which contains the necessary information for routing. This process is called encapsulation. The receiving end of the tunnel then removes the outer header, revealing the original data packet, and forwards it to its final destination.
GRE tunneling is commonly used in Virtual Private Networks (VPNs) in order to provide secure and private communication between two endpoints over the internet. With the help of GRE, it makes it possible for organizations to extend their private networks across the public internet and side-by-side maintaining the security as well as integrity of their data.
GRE tunneling can also be used in different scenarios. Some of these are connecting networks, routing protocols, tunnelling traffic, etc.
History of Generic Routing Encapsulation protocol
GRE was developed by Cisco Systems in 1994 as a way to simplify the interconnection of different networks. It was initially defined in RFC 1701 and RFC 1702, which described how to use GRE to encapsulate any protocol over any other protocol.
Later, the GRE header structure was streamlined and made more effective by RFC 2784.
Checksum, key, and sequence number are now optional fields in the GRE header, according to RFC 2890.
GRE is currently supported by a broad range of manufacturers and hardware, and it serves a number of functions, including multicast routing, mobility protocols, and VPNs.
Before getting into the working of Generic Routing Encapsulation protocol, let’s first understand why to use GRE protocol.
Why use the GRE (Generic Routing Encapsulation) in Networking?
GRE may be used for many functions, including:
- Connecting networks that use several network layer protocols, including IPv4 and IPv6.
- Building VPNs (Virtual Private Networks) that can pass through NAT (Network Address Translation) devices and firewalls.
- Enabling broadcast and multicast traffic across networks that only support unicast.
- Transferring routing information among several routing domains or protocols.
How Does Generic Routing Encapsulation Protocol Work?
GRE encapsulates the original data packets within new packets that include a new IP header and a GRE header. The source and destination addresses of the tunnel endpoints are included in the new IP header, while the GRE header provides details on the kind of encapsulated data. At the opposite end of the tunnel, the encapsulated packets are delivered to the target location after being decapsulated and forwarded via the IP network as usual.
Below, we have shown the GRE encapsulation structure.
Let’s take an example for better understanding.
Consider a scenario where a business has to connect two IPv6-compatible offices together, but the intermediary network can only handle IPv4 traffic. The business may easily transport IPv6 packets via the intermediary network by encapsulating them within IPv4 packets using GRE. The IPv4 packets act as carriers for the IPv6 packets, which are only opened at the endpoints of the tunnel.
Configuration of GRE Protocol
The GRE tunnel is configured at the router level, and the setup will vary depending on the hardware and service being utilized. Setting up a tunneling interface of IPs and providing public IP addresses on both tunnel endpoints form the foundation of the GRE tunnel configuration.
It’s crucial to confirm that the provided IP address has been whitelisted in the firewall before setting GRE. Both tunnel endpoints should be used for the whitelisting.
Eliminating the tunnels before the firewall is one best practice to follow in this situation. In this manner, the inner packets may be examined.
The MTU must then be checked to ensure it is within the limit. The MTU must be predefined. 1,500 bytes is the standard MTU limit. However, if you’re using the GRE, you must make room for the 24-byte GRE header.
The recommended MTU value for a GRE tunnel is 1400 bytes, and the traffic flow inside one is symmetric.
We now understand the working as well as the configuration of Generic Routing Encapsulation Protocol; let’s discuss its features.
Features of GRE Protocol
Some of the key features of the GRE are:
- Simple Implementation: GRE is one of the simplest tunnelling protocols that encapsulates packets from one network protocol within packets of another network protocol. This allows different networks to communicate with each other easily.
- Multi-Protocol Support: GRE supports multiple network protocols. This includes IPv4, IPv6, and many others.
- High-Level Encryption: GRE offers high-level encryption for secure data transmission. This ensures that data remains confidential.
- Point-to-point Tunnelling: GRE establishes a point-to-point tunnel between two endpoints, allowing for secure and dedicated communication between them.
- Multi-Hop Routing: With GRE, it is possible to transmit data packets to multiple routers and networks.
Benefits of Generic Routing Encapsulation
GRE offers the following benefits:
- A number of network layer protocols may be encapsulated by the tunneling protocol GRE within virtual point-to-point connections over an IP network.
- GRE preserves the original IP header, enabling intermediate routers to handle the packets without inspection or disassembly.
- The intermediate routers don’t need to support any extra hardware or software for the lightweight GRE protocol.
- You may set up GRE tunnels to carry traffic between two IPv4 networks or two IPv6 networks.
- A cloud-based VPN may be linked to an on-premises network using GRE tunnels. Cloud-based VPNs may provide a more secure and dependable connection because they are not exposed to the same physical security vulnerabilities as on-premises VPNs.
- To establish a secure tunnel between two networks, GRE and IPsec are often used together. To prevent eavesdropping, IPsec encrypts the data within the GRE tunnel.
Drawbacks of Generic Routing Encapsulation
GRE has many drawbacks, some of these are:
- Cisco developed the proprietary protocol known as GRE. Unlike IPsec, it is not an open standard.
- All routers do not support GRE. Many routers made for consumers, in particular, do not support GRE.
- Because GRE tunnels isolate the original packets and headers, they might be challenging to diagnose.
- Because packets must be encapsulated and decapsulated at both ends of the tunnel, GRE tunnels may cause delays.
- Attacks that cause a denial of service may target GRE tunnels.
These are the drawbacks of the GRE Protocol.
Frequently Asked Questions
Q1 – What is meant by generic routing encapsulation?
The Generic Routing Encapsulation (GRE) protocol is specifically developed to encapsulate network layer protocols into virtual point-to-point connections over an Internet Protocol (IP) network. In simple terms, GRE tunnels provide a secure channel for transmitting data between two designated points, similar to the functionality of a virtual private network (VPN) connection.
Q2 – Why use generic routing encapsulation?
GRE can be used to establish a secure connection between two networks that are split by the open internet. GRE may encrypt the data packets to guard against hacking or unwanted access.
Q3 – What is the difference between VPN and GRE?
GRE tunnels vary significantly from VPN because they support multicast packets while the VPN does not.
Q4 – What type of protocol is GRE?
Generic Routing Encapsulation (GRE) is a protocol for establishing a one-to-one connection between two networks by encapsulating data packets inside of other data packets.
Conclusion
In this blog post, we have learned what a Generic Routing Encapsulation protocol is, how it works, and why it is useful for network communication. We have also looked at the GRE protocol’s history, benefits, drawbacks, and configuration.
It is essential to have a thorough understanding of GRE for CCNA Training and certification exam.
