Scribd
Upload
51 views9 pages

Understanding GRE Tunneling Basics

Generic Routing Encapsulation (GRE) is a protocol used to encapsulate data packets from one routing protocol within another, enabling point-to-point connections across networks. GRE allows for the tunneling of various Layer 3 protocols and is essential for dynamic routing scenarios where Site-to-Site VPNs may not suffice. The document also provides configuration examples for setting up GRE tunnels between routers, demonstrating how to establish connectivity and enable routing protocols like EIGRP over the tunnel.

Uploaded by

alatsis.n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views9 pages

Understanding GRE Tunneling Basics

Generic Routing Encapsulation (GRE) is a protocol used to encapsulate data packets from one routing protocol within another, enabling point-to-point connections across networks. GRE allows for the tunneling of various Layer 3 protocols and is essential for dynamic routing scenarios where Site-to-Site VPNs may not suffice. The document also provides configuration examples for setting up GRE tunnels between routers, demonstrating how to establish connectivity and enable routing protocols like EIGRP over the tunnel.

Uploaded by

alatsis.n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

What is GRE?

Generic Routing Encapsulation, or GRE, is a protocol for encapsulating data packets that
use one routing protocol inside the packets of another protocol.

"Encapsulating" means wrapping one data packet within another data packet, like
putting a box inside another box.

GRE is one way to set up a direct point-to-point connection across a network, for the
purpose of simplifying connections between separate networks. It works with a variety
of network layer protocols.

2. Why You Might Be Unable to Use Site-to-Site VPN Instead of GRE


Lack of Support for Routing Protocols:

Site-to-Site IPsec VPN only supports unicast IP traffic.

If you need to run dynamic routing (EIGRP, OSPF, multicast), GRE is required because
it encapsulates routing updates.

Tunneling is a concept where we put ‘packets into packets’ so they can be transported
over certain networks. We also call this encapsulation.

A good example is when we have an HQ and a branch site, and you want to run a routing
protocol like RIP, OSPF, or EIGRP between them. We can tunnel these routing protocols
so that the HQ and branch router can exchange routing information.

What does GRE tunneling mean?


Encapsulating packets within other packets is called "tunneling." GRE tunnels are usually
configured between two routers, with each router acting like one end of the tunnel. The
routers are set up to send and receive GRE packets directly to each other. Any routers in
between those two routers will not open the encapsulated packets; they only reference
the headers surrounding the encapsulated packets in order to forward them.

What goes in a GRE header?


All data sent over a network is broken up into smaller pieces called packets, and all
packets have two parts: the payload and the header. The payload is the packet’s actual
contents, the data being sent. The header has information about where the packet
comes from and what group of packets it belongs to. Each network protocol attaches a
header to each packet.

GRE adds two headers to each packet: the GRE header, which is 4 bytes long, and an IP
header, which is 20 bytes long. The GRE header indicates the protocol type used by the
encapsulated packet. The IP header encapsulates the original packet's header and
payload. This means that a GRE packet usually has two IP headers: one for the original
packet, and one added by the GRE protocol. Only the routers at each end of the GRE
tunnel will reference the original, non-GRE IP header.

Generic Routing Encapsulation packets and headers

In any network, a packet refers to a unit of data that moves from a source to a
destination. All packets consist of a payload and control information. The payload
contains the user data (actual information) while the control information includes
elements like source and destination addresses and sending sequence. The control
information is placed in the packet header, with one header attached to each packet.

Before a GRE tunnel is created, the original or outer packet has an IP header (20 bytes).
Creating the tunnel means creating a GRE packet that now has two IP headers. The IP
header for the original packet remains intact. When the tunnel is created, the protocol
adds a new GRE header (4 bytes), which indicates the type of protocol that will be used
by the encapsulated packet. The GRE header also includes information such as the
packet's source and destination addresses, sequence number and protocol identifier.

Once both headers are created, the encapsulated packet can travel from the source
router to the destination router. The end router will decapsulate the packet and use the
header information to route the packet to its destination.

GRE headers are added to the packet that is being forwarded.

Features of Generic Routing Encapsulation

The main feature of the GRE protocol is its ability to wrap one data packet inside
another packet, allowing packets to travel between two otherwise-incompatible
protocols or networks. Versatility is another feature of GRE. The protocol can work with
numerous Layer 3 protocols, including IP, IPX and DECnet. As a result, one GRE tunnel
can carry different types of traffic and route packets to their ultimate destination.
Basically, when you configure a tunnel, it’s like you create a point-to-point
connection between the two devices. GRE (Generic Routing Encapsulation) is a simple
tunneling technique that can do this for us. Let me show you a topology that we will use to
demonstrate GRE:

Above, we have three routers connected to each other. On the left side, we have the “HQ”
router, our headquarters. On the right side, there is a “Branch” router that is supposed to be
a branch office. Both routers are connected to the Internet. In the middle, on top, there is
an ISP router. We can use this topology to simulate two routers connected to the Internet.
The HQ and Branch router each have a loopback interface representing the LAN.

Let me show you the basic configuration of these routers so that you can recreate it if
you want:

HQ(config)#interface fastEthernet 0/0

HQ(config-if)#ip address [Link] [Link]

HQ(config-if)#exit

HQ(config)#interface loopback0

HQ(config-if)#ip address [Link] [Link]


HQ(config-if)#exit

HQ(config)#ip route [Link] [Link] [Link]

ISP(config)#interface fastEthernet 0/0

ISP(config-if)#ip address [Link] [Link]

ISP(config-if)#exit

ISP(config)#interface fastEthernet 1/0

ISP(config-if)#ip address [Link] [Link]

Branch(config)#interface fastEthernet 0/0

Branch(config-if)#ip address [Link] [Link]

Branch(config-if)#exit

Branch(config)#interface loopback 0

Branch(config-if)#ip address [Link] [Link]

Branch(config-if)#exit

Branch(config)#ip route [Link] [Link] [Link]

I created a static route on the HQ and Branch routers so that they can reach each other
through the ISP router. They will be unable to reach the networks on each other’s
loopback interfaces, however. Now let’s create a tunnel:

HQ(config)#interface tunnel 1

HQ(config-if)#tunnel source fastEthernet 0/0

HQ(config-if)#tunnel destination [Link]

HQ(config-if)#ip address [Link] [Link]


Branch(config)#interface tunnel 1

Branch(config-if)#tunnel source fastEthernet 0/0

Branch(config-if)#tunnel destination [Link]

Branch(config-if)#ip address [Link] [Link]

You can pick any number for the tunnel interface that you like. We need to specify a
source and destination IP address to build the tunnel, and we’ll use the [Link]
/24 subnet on the tunnel interface. Let’s verify that our tunnel is working:

HQ#show interfaces tunnel 1

Tunnel1 is up, line protocol is up

Hardware is Tunnel

Internet address is [Link]/24

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source [Link] (FastEthernet0/0), destination [Link]

Tunnel protocol/transport GRE/IP

Branch#show interfaces tunnel 1

Tunnel1 is up, line protocol is up

Hardware is Tunnel

Internet address is [Link]/24


MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source [Link] (FastEthernet0/0), destination [Link]

Tunnel protocol/transport GRE/IP

Above, you can see that the tunnel interface is up/up on both routers. The default
tunneling mode is GRE. Let’s see if both routers can reach each other:

Branch#ping [Link]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/12 ms

There we go…they can ping each other without any issues! So that wasn’t too bad,
right? Let’s see if we can enable a routing protocol so that we can advertise the
loopback interfaces. I’ll use EIGRP for this:

HQ(config)#router eigrp 13

HQ(config-router)#no auto-summary

HQ(config-router)#network [Link]

HQ(config-router)#network [Link]
Branch(config)#router eigrp 13

Branch(config-router)#no auto-summary

Branch(config-router)#network [Link]

Branch(config-router)#network [Link]

I’ll activate EIGRP on the tunnel and loopback interfaces. You will see that both routers
establish an EIGRP neighbor adjacency through the tunnel interface. Let’s check the
routing tables:

If you can't get connectivity between loopback, you can just add on pc like this -after check
the connectivity
PRACTICING LAB :

Common questions

Powered by AI

A GRE header is 4 bytes long and indicates the protocol type of the encapsulated packet . It includes source and destination addresses, sequence number, and a protocol identifier. The GRE header, combined with an IP header (20 bytes long), wraps the original packet, allowing the packet to travel across networks while maintaining essential routing information for proper delivery .

GRE allows for encapsulating packets from different network protocols to be transmitted over another protocol. This is achieved by wrapping the original packet with a GRE header and an additional IP header, which makes it possible to run dynamic routing protocols such as EIGRP, OSPF, or multicast over networks that otherwise only support unicast IP traffic . By creating a GRE tunnel, a point-to-point connection is established, enabling communication between networks despite protocol differences .

GRE tunnels influence load and delay metrics by introducing additional encapsulation overhead, which affects bandwidth and processing latency. As shown in interface monitoring data, metrics like Maximum Transmission Unit (MTU), bandwidth, and usec delay are important for assessing how tunnels affect resource consumption. Monitoring these metrics can help in identifying performance bottlenecks and adjusting configurations for optimal tunnel operation, maintaining a balance between efficient encapsulation and network capacity .

Activating a dynamic routing protocol like EIGRP over a GRE tunnel improves network performance by automating the exchange of routing information between routers and optimizing the path selection. EIGRP allows routers to discover and maintain optimal routes to all networks within the topology, enhancing packet delivery efficiency and enabling real-time adaptability to changes in network structure or traffic conditions, therefore maximizing the potential of GRE tunnels for communication .

GRE encapsulation is specifically designed for tunneling capabilities, distinguishing itself by allowing one protocol to wrap over another, thereby supporting a wide variety of Layer 3 protocols simultaneously. Traditional packet encapsulation primarily involves basic encapsulation within a single protocol family without the flexible inter-protocol tunneling enabled by GRE, which can transport protocol-specific updates like those of RIP, OSPF, or EIGRP through networks that wouldn't support these natively .

Decapsulation in GRE tunnels involves removing the GRE and additional IP headers from a packet at the destination router, thus revealing the original data packet. This process is crucial for interpreting and routing the data packet correctly to its intended destination. It allows the original packet’s routing information, which may have been encapsulated, to be accessed and ensures that network communications remain seamless despite traversing intermediate networks that don’t natively support the original protocol .

GRE is preferred over Site-to-Site VPN in scenarios requiring dynamic routing protocols because Site-to-Site IPsec VPN only supports unicast IP traffic. GRE, on the other hand, can encapsulate multicast and dynamic routing updates (EIGRP, OSPF), which are necessary for some network configurations .

Having two IP headers in a GRE-encapsulated packet means that the original packet’s header is preserved while an additional IP header, added by GRE, is used to route the packet over intermediate networks without direct knowledge of the original packet’s contents. This double encapsulation can affect performance through increased overhead but is essential for allowing the transport of incompatible protocol packets over IP networks, maintaining the original sender’s intent and destination across various intermediate nodes .

To establish a GRE tunnel in the given topology, configure the tunnel interface on both routers with the following steps: Define the tunnel source and destination IP addresses linking the HQ and Branch routers. Assign IP addresses from the 192.168.13.0/24 subnet to the tunnel interfaces. Finally, verify the tunnel setup by ensuring it is "up/up" on both routers, which completes the virtual point-to-point connection .

In the described network topology, GRE simulates a point-to-point connection by establishing a tunnel between the HQ and Branch routers, with the ISP router in between. The configuration involves setting up a tunnel interface on both routers and utilizing IP addresses to define the tunnel source and destination, thus enabling virtual connectivity over public networks. By doing so, GRE allows direct communication and the ability to run dynamic routing protocols, such as EIGRP, across disparate networks .

You might also like