How Does Generic Routing Encapsulation Tunnel Work?

In this post, I have explained Generic Routing Encapsulation (GRE) and its configuration process. GRE is a protocol that encapsulates packets to allow other protocols to be routed over IP networks. RFC 2784 is the standard that defines GRE.

Generic Routing Encapsulation (GRE) Overview

GRE was created as a tunneling tool for transporting any OSI Layer 3 protocol over an IP network. GRE, in essence, establishes a private point-to-point connection, similar to that of VPN. Unlike IP-to-IP tunneling, GRE tunneling can transport IPv6 and multicast traffic between networks.

GRE allows data packets to be reconfigured to send information over point-to-point links. The GRE protocol is used to encapsulate data packets from one routing protocol inside packets from another. Actually, this is a method of encapsulating an IP packet in a GRE header, which conceals the original IP packet. By encapsulating or tunneling, it creates a private path for packets to travel over a public network.

GRE is not the only tunneling technology, but it does have some advantages over others. For one thing, it is defined in RFC2784, so it can be supported by any vendor. It also supports multicast packets, so it can be used with dynamic routing protocols.GRE is lightweight in the sense that it lacks built-in encryption, making it very simple to configure.

If you require encryption, you can easily add an IPSec layer to the tunnel. This combines the benefits of GRE with the benefits of IPSec.

Why is a GRE tunnel required?

When you want to connect two networks, one option to consider is a tunnel. GRE is one of the technologies we use to construct these tunnels. For instance, suppose you have two branch offices in different locations that are separated by the internet.

To provide connectivity between two branches they have an option to build a private path (GRE tunnel) over the public network.

When you want to route packets that are destined for a specific IP address to follow a specific point-to-point path. As an example, consider a cloud-based proxy, the packets pass through the GRE tunnel over the public network to the cloud service.

As a result, the cloud service can impose its services on the packets.

How does GRE tunnel work?

A GRE tunnel simulates a point-to-point connection between two routers that are not otherwise directly connected. Tunnel interfaces are used by routers at the two ends of a GRE tunnel instead of serial interfaces used by directly connected routers.

IP addresses from the same subnet are assigned to the virtual interfaces on the routers at both ends of a GRE tunnel.

Advantages of Generic Routing Encapsulation

GRE tunnels can be used for a variety of purposes due to their adaptability. Consider a wide-area network (WAN) that does not support multicast. How do you set up dynamic routing? Simply set up GRE tunnels capable of carrying multicast traffic, including dynamic routing. Connecting to a DDoS service is an example you may not have considered.

If you use a DDoS mitigation provider such as Akamai, you will connect to them via a GRE tunnel. Inbound traffic is directed to the first, DDoS traffic is deleted, and genuine traffic is routed to your network via the tunnel.

Generic routing encapsulation is a tunneling protocol that allows network nodes to establish a direct, point-to-point connection. GRE, as a simple and effective method of transporting data over a public network, allows two peers to share data that would otherwise be inaccessible over the public network.

The GRE protocol has several advantages, including:

Multiple protocols are used over a single protocol backbone.
Providing workarounds for networks with a small number of hops
Non-contiguous subnetworks are linked together.
Being less resource-intensive than its competitors (e.g. IPsec VPN)
GRE tunnels encapsulate multiple protocols on a single protocol backbone.
GRE tunnels are useful for networks with a limited number of hops.
GRE tunnels connect disparate subnetworks.
GRE tunnels enable VPNs to be established across WANs.

Generic Routing Encapsulation(GRE) vs IPsec

IPsec provides better security for IP tunneling, whereas GRE tunnels are useful when network teams must tunnel with multiple protocols or multicast. Both GRE and IPsec encapsulate the packet, but their requirements are different.

GRE is a protocol that encapsulates packets to allow other protocols to be routed over IP networks. The IPsec protocol ensures the authenticity, privacy, and integrity of data transmitted across IP networks. IPsec is commonly used to set up VPNs and works by encrypting IP packets as well as authenticating the source of the packets.

When IP packets must be sent from one network to another without being parsed or treated as IP packets by any intervening routers, the GRE protocol is used. When IP packets must be exchanged between two systems while being protected from eavesdropping or modification, IPsec ESP is used.

GRE is a single-mode protocol, whereas IPSec has two modes: tunnel mode and transport mode.

The GRE protocol does not support information privacy, integrity, or authenticity, whereas the IPSec protocol does.

GRE- Payload Encapsulation. When using IPsec, the entire packet is encapsulated in Tunnel Mode, while only the payload is protected in Transport Mode.

GRE employs IP Protocol 47. IP protocol numbers 50 and 51 and are used in IPSec. Furthermore, IKE is used by IPSec for negotiations (UDP Port number 500).

GRE adds 4 bytes to the IP header, whereas IPsec does not add any extra bytes.

Multicast, routing protocol, and routed protocol are all supported by the GRE protocol. IPSec, on the other hand, does not support multicast, routing protocols, or routed protocols at all.

In comparison to IPSec, GRE is a simpler and faster protocol.

GRE provides a stateless and private connection; however, it is not a secure protocol because it does not use encryption like the IPsec Encapsulating Security Payload (ESP) that is defined by RFC 2406.

The Generic Routing Encapsulation tunneling protocol was created by Cisco Systems. GRE can encapsulate a diverse set of network-layer protocols within virtual point-to-multipoint or point-to-point connections over an Internet Protocol network.

Configuring GRE Tunneling

In most cases, you'll configure a GRE tunnel by utilizing your router's configuration.

To get started, you'll need two pieces of information.

Your IP address is what GRE tunnels rely on. This is not the same as a human-friendly URL. An IP address consists of numbers and decimals.

The IP address of your recipient. You'll need the same information for the node to which you want to connect.

There are five steps you can apply in configuring a GRE tunnel:

Step 1: Use the interface tunnel number global configuration command to create a tunnel interface.

Step 2: Use the IP address IP-address interface configuration command to assign an IP address to the tunnel interface. Normally, this is a private IP address.

Step 3: Use the tunnel source IP-address | interface-name interface configuration command to specify the tunnel source IP address or source interface.

Step 4: Use the tunnel destination IP-address interface configuration command to specify the tunnel destination IP address.

Step 5. (Optional) To specify GRE tunnel mode, use the "tunnel mode GRE IP" command.

The sample configuration in the following example depicts a basic GRE tunnel between R1 and R3, R1 and R4, R1 and R5, and R1 and R6.

Configurations are step by step.

R1(config)#int f0/1

R1(config-if)#ip add 192.168.1.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#ip add 12.1.1.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#

For the physical interface and the tunnel interface, use the show IP interface brief command on all routers to ensure that the tunnel interfaces are operational and configured with the correct IP addresses.

R1#sh ip int br

FastEthernet0/1 192.168.1.1 YES manual up up

Serial0/1 12.1.1.1 YES manual up up

APPLY EIGRP ON ALL ROUTERS FOR CONNECTIVITY

R1(config)#router Eigrp 100

R1(config-router)#network 12.1.1.1 0.0.0.255

R1(config)#exit

TUNNEL CONFIGURATION

R1(config)#int tunnel 13

R1(config-if)#ip address 10.3.3.1 255.255.255.0

R1(config-if)#tunnel source s0/1

R1(config-if)#tunnel destination 23.1.1.3

R1#conf t

APPLY RIP FOR TUNNEL CONNECTIVITY

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#network 192.168.1.0

R1(config-router)#network 10.3.3.0

R1(config-router)#no auto-summary

R1(config-router)#exit

R1#traceroute 192.168.3.3

Type escape sequence to abort.

Tracing the route to 192.168.3.3

1 10.3.3.3 116 msec 112 msec 40 msec

R1# conf t

R1(config)#int tunnel 14

R1(config-if)#ip address 10.4.4.1 255.255.255.0

R1(config-if)#tunnel source s0/1

R1(config-if)#tunnel destination 24.1.1.4

R1#conf t

R1(config)#int tunnel 15

R1(config-if)#ip address 10.5.5.1 255.255.255.0

R1(config-if)#tunnel source s0/1

R1(config-if)#tunnel destination 25.1.1.5

R1(config)#exit

R1#traceroute 10.5.5.5

Type escape sequence to abort.

Tracing the route to 10.5.5.5

1 10.5.5.5 80 msec 84 msec 44 msec

R3(config-if)#int f0/1

R3(config-if)#ip add 192.168.3.3 255.255.255.0

R3(config-if)#no shut

R3(config)#exit

R3#sh ip int br

FastEthernet0/0 23.1.1.3 YES manual up up

FastEthernet0/1 192.168.3.3 YES manual up up

RIP Configuration on R3

R3(config)#router eigrp 100

R3(config-router)#network 23.1.1.3 0.0.0.255

R3(config-router)#

R3(config-router)#exit

R3(config)#int tunnel 13

R3(config-if)#ip address 10.3.3.3 255.255.255.0

R3(config-if)#tunnel source f0/0

R3(config-if)#tunnel destination 12.1.1.1

R3(config-if)#

R3(config)#exit

R3#conf t

R3(config)#router rip

R3(config-router)#version 2

R3(config-router)#network 192.168.3.0

R3(config-router)#network 10.3.3.0

R3(config)#exit

R4#conf t

R4(config)#int f0/0

R4(config-if)#ip add 192.168.4.4 255.255.255.0

R4(config-if)#int f0/1

R4(config-if)#ip add 24.1.1.4 255.255.255.0

R4(config-if)#exit

R4#sh ip int br

FastEthernet0/0 192.168.4.4 YES manual up up

FastEthernet0/1 24.1.1.4 YES manual up up

R4#conf t

R4(config)#router eigrp 100

R4(config-router)#network 24.1.1.4 0.0.0.255

R4(config-router)#exit

R4(config)#int tunnel 14

R4(config-if)#ip address 10.4.4.4

R4(config-if)#ip address 10.4.4.4 255.255.255.0

R4(config-if)#tunnel source f0/1

R4(config-if)#tunnel destination 12.1.1.1

R4(config)#exit

RIP Configuration on R4

R4(config)#router

R4(config-router)#version 2

R4(config-router)#network 192.168.4.4

R4(config-router)#network 10.4.4.0

R5#conf t

R5(config)#int f0/0

R5(config-if)#ip address 192.168.5.5 255.255.255.0

R5(config-if)#no shut

R5(config-if)#exit

R5(config-if)#int f0/1

R5(config-if)#ip address 25.1.1.5 255.255.255.0

R5(config-if)#no shut

R5(config-if)#exit

R5#sh ip int br

FastEthernet0/0 192.168.5.5 YES manual up up

FastEthernet0/1 25.1.1.5 YES manual up up

R5#conf t

R5(config)#router eigrp 100

R5(config-router)#network 25.1.1.5 0.0.0.255

R5(config)#int tunnel 15

R5(config-if)#ip address 10.5.5.5 255.255.255.0

R5(config-if)#tunnel source f0/1

R5(config-if)#tunnel destination 12.1.1.1

R5(config-if)#exit

RIP Configuration on R5

R5(config)#router rip

R5(config-router)#version 2

R5(config-router)#network 192.168.5.5

R5(config-router)#network 10.5.5.0

At the very least, the tunnel source and destination addresses must be specified. Furthermore, the IP subnet must be configured to provide IP connectivity over the tunnel link.

Use the show IP interface command to display GRE tunneling information.

show IP interface.

show IP route.

show IP interface tunnel.

show IP tunnel traffic.

show interface tunnel.

show statistics tunnel.

A Generic Routing Encapsulation tunnel could be used to communicate with a device that is incompatible with your computer. Alternatively, you could use a Generic Routing Encapsulation (GRE) tunnel to ensure that a message reaches its intended recipient despite any protocol issues you suspect exist, even if you are unsure.