jAkademy

This Blog is related to Network and System Administration articles and configuration of different devices mostly on Cisco and Microsoft Platform.

Monday, August 3, 2015

Generic Routing Encapsulation (GRE)


Generic Routing Encapsulation (GRE) is a tunneling/encapsulation protocol that encapsulates data inside an IP packet and route it over IP Networks to its ultimate destination through a virtual point to point link (GRE tunnel).


Fig 1: showing GRE tunnel over Internet providing virtual link
GRE Overview
Encapsulation is simply the addition of another header to a packet.
An IP tunnel is a network communications channel between two networks that is used to transport traffic over another network’s protocol by encapsulating its packets. Tunnels are mostly used to connect discontinuous (disjoint) networks that don’t have a native routing path to each other.

Fig 3: IP Tunnel created by GRE to form Virtual p2p link

GRE is defined by RFC 2784 and its the simplest ever protocol that probably exist in the universe. All it does is to encapsulate payloads (inner packets/ passenger protocol, that need to be delivered to a destination network) into (outer) IP packets and redirects them to an intermediate host, where they are de-encapsulated and routed to their final destination i.e. encapsulate the normal packet inside a GRE and IP header to form a GRE tunnel for the traffic. 
Fig 2: Repackaging of Passenger protocol in GRE and IP Packet

GRE was developed as a tunneling tool meant to provide a private point to point connection like that of a virtual private network (VPN). The virtual point-to-point link is created by tunneling the data from source to destination.
Note: GRE tunnels allow routing protocols like RIP and OSPF to forward data packets from one customer router to another customer router across the Internet.

 GRE Routing Process

  1. Data is routed by the system to the GRE endpoint over routes established in the routing table.
  2. Other IP routers along the way do not parse the payload (the inner packet); they only parse the outer IP packet as they forward it towards the GRE tunnel endpoint.
  3. When a data packet is received by the GRE endpoint, it is de-encapsulated and routed again by means of the end point configuration to the destination address. In this way, each data packet travelling over the GRE tunnels gets routed through the system twice

Fig 4: Routing process of a GRE packet
Note: Because GRE tunnels are stateless, the endpoint of the tunnel contains no information about the state or availability of the remote tunnel end point. Therefore the tunnel source router cannot change the state of GRE tunnel interface to down if the remote end point is unreachable.

Encapsulation and De-encapsulation process
A switch/router operating as a tunnel source encapsulates and forward GRE packets as follows

  • When a switch receives Data (payload) to be tunneled it sends that to the tunnel interface
  • The tunnel interface encapsulates the data into a GRE Packet
  • The system encapsulates the GRE packet into IP packet
  • The IP packet is forwarded based on its destination address and routing table

Fig 5: Encapsulation Process of GRE

DE-Encapsulation
On the remote tunnel router the packet is dealt as follows

  • When an IP packet is received from tunnel interface, its destination address is checked
  • The IP header is removed and the packet is submitted to the GRE protocol.
  • The protocol strips off the GRE header and submits the payload packet for forwarding

Why use GRE

  1. Multicast traffic: IPSEC cannot pass multicast traffic across the link. One may say I don’t use multicast but oh you may because routing protocols use multicast IPs. So to allow multicast traffic you will have to use GRE tunnel
  2. Easy Use of IP: In IPSEC we mention our local IPs Network id in source and destination address which is not good because people also use these private address in homes so what we do is to use GRE so that traffic is routed towards the global IP address and each link becomes a tunnel. Essentially you start looking only at the (GRE’s) private IP addresses of all your remote sites and forget about the local VPN IP addresses and the global IP addresses of your remote sites.
Total Number of Tunnels Allowed
Number of Source and Destination tunnels allowed are 500 and a switch can have at most 20 source IP addresses which in turn can have 20 destination IP addresses, which make 400 tunnels.
If a switch is connected to any third router then their can only have at max 500 tunnels.

Advantages of GRE

  • Unlike IP-to-IP tunneling, GRE tunneling can transport multicast and ipv6 traffic between networks
  • GRE tunnels encase multiple protocol over a single protocol backbone
  • GRE tunnels connects discontinuous sub-network
  • GRE tunnels allows VPN across Wide Area Networks (WANs)
Disadvantages

  • Since GRE do not use any encryption like IPSEC so it is not considered to be secured, however  IPSEC can be laid over GRE.
  • GRE can be used for limited networks because it needs full mesh connectivity between the tunnel peers. And for large number of connection it will be very difficult to manage it.



Labels: , ,

No comments:

Post a Comment

We’re eager to see your comment. However, use of any abusive language is strictly prohibited . All the abusive words and posts will be deleted and Please Keep in mind that all comments are moderated manually by our human reviewers. Let’s enjoy a personal and evocative conversation. Thank You

Subscribe to: Post Comments (Atom)