Home > GRE Tunnel Tutorial

GRE Tunnel Tutorial

April 26th, 2018 Go to comments

GRE stands for Generic Routing Encapsulation, which is a very simple form of tunneling. With GRE we can easily create a virtual link between routers and allow them to be directly connected, even if they physically aren’t. Let’s have a look at the topology below:

GRE_Tunnel.jpg

Suppose R1 and R2 are routers at two far ends of our company. They are connected to two computers who want to communicate. Although R1 and R2 are not physically connected to each other but with GRE Tunnel, they appear to be! This is great when you have multiple end points and don’t care the path between them. The routing tables of two routers show that they are directly connected via GRE Tunnel.

How GRE Tunnel works

When the sending router decides to send a packet into the GRE Tunnel, it will “wrap” the whole packet into another IP packet with two headers: one is the GRE header which uses to manage the tunnel itself. The other is called “Delivery header” which includes the new source and destination IP addresses of two virtual interfaces of the tunnel (called tunnel interfaces). This process is called encapsulation.

GRE_Tunnel_Encapsulation_Process.jpg

In the example above when R1 receives an IP packet, it wraps the whole packet with a GRE header and a delivery header. The delivery header includes new source IP address of 63.1.27.2 (the IP address of R1’s physical interface which is used to create tunnel) and new destination IP address of 85.5.24.10 (the IP address of R2’s physical interface which is used to create tunnel).

It is important to note that the GRE tunnel does not encrypt the packet, only encapsulate it. If we want to encrypt the packet inside GRE Tunnel we must use IPSec but it is out of CCNA scope so we will not mention here.

When the GRE packet arrives at the other end of the tunnel (R2 in this case), the receiving router R2 needs to remove the GRE header and delivery header to get the original packet.

Unlike VPN which does not support multicast, GRE tunnel does support multicast so many popular routing protocols (like OSPF, EIGRP) can operate along with.

Note: The IP addresses of the two ends of GRE Tunnel (63.1.27.2 & 85.5.24.10 in this case) can be in the same subnet or different subnet (like over the Internet with public IP addresses), provided that two routers know how to reach each other’s tunnel IP address. For example in this case R1 must know how to reach 85.5.24.10 and R2 must reach 63.1.27.2.

Now you learned the basis of GRE Tunnel. It is important to show you the related GRE configuration of the example above. Suppose OSPF is used in our company.

R1 (GRE config only)
interface s0/0/0
ip address 63.1.27.2 255.255.255.0
interface tunnel0
ip address 10.0.0.1 255.255.255.0
tunnel mode gre ip //this command can be ignored
tunnel source s0/0
tunnel destination 85.5.24.10
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
R2 (GRE config only)
interface s0/0/0
ip address 85.5.24.10 255.255.255.0
interface tunnel1
ip address 10.0.0.2 255.255.255.0
tunnel source 85.5.24.10
tunnel destination 63.1.27.2
router ospf 1
network 192.168.1.0 0.0.0.255 area 0

In the above R1 configuration, the command interface tunnel0 create the virtual tunnel 0 interface, which is called a tunnel interface. We can use any number. The tunnel numbers do not need to match on two routers so on R2 we can use “interface tunnel1” without any problem.

The next line assigns the IP address for the tunnel interface: 10.0.0.1/24. The IP addresses of two tunnel interfaces must be in the same subnet (10.0.0.1/24 on R1 & 10.0.0.2/24 on R2 in this case).

The command tunnel mode gre ip is in fact not necessary as this is the default setting. We just want to show you this command and let you know that we are configuring a traditional point-to-point GRE. There are other GRE modes like “tunnel mode gre multipoint” used in DMVPN or “tunnel mode gre ipv6” to encapsulate IPv4 packets in an IPv6 infrastructure.

Next we have to specify the tunnel source and tunnel destination with “tunnel source …” and “tunnel destination” commands. For “tunnel source” command, we can either specify the interface or the IP address of the interface. When we define the tunnel source and tunnel destination in the tunnel interface, the router will add these IP addresses to the GRE packet generated by the tunnel interface. At the receiving end, the router looks for the tunnel destination and decapsulates the packet, then forwards it to the specific tunnel interface.

GRE_tunnel_source_destination.jpg

Note: We can use loopback interface as the tunnel source or destination. Traffic will flow through the best physical path toward the tunnel destination.

One last note, GRE tunnels are stateless which means the tunnel endpoint does not keep any information about the state or availability of the remote tunnel endpoint. Therefore the local tunnel endpoint does not bring the line protocol of the GRE tunnel interface down if the remote tunnel endpoint is unreachable. For example, if R2 tunnel interface is brought down for some reason, R1 tunnel interface will remain in up state.

If you are interested in full config for GRE please read our GRE tunnel Lab to have detailed knowledge of how to configure GRE tunnel.

Comments (13) Comments
Comment pages
1 2 4084
  1. 123
    August 22nd, 2018

    Hey guys, can I get the latest CCNA dump to help a brother out? jrandall1685 (at) yahoo (dot) com

  2. Anonymous
    August 23rd, 2018

    hi guys , can i get the latest CCNA dumb ? {email not allowed}

  3. Hombre
    August 30th, 2018

    Hi
    Router R2 config:
    router ospf 1
    network 192.168.1.0 0.0.0.255 area 0 – is it correct?

  4. Andy
    August 31st, 2018

    Hey, Could I have get the new CCNA 200-125 exam question dump. My exam is in a few day. Please help me. <>

  5. Andy Garcya
    August 31st, 2018

    Hey, Could I have get the new CCNA 200-125 exam question dump. My exam is in a few day. Please help me. westbam1983 (at) outlook (dot) com

  6. sulkab
    August 31st, 2018

    @9tut : why we have used s0/0/0 instead of s0/0 (as shown in the topology)?

    Thanks!

  7. 9tut
    September 1st, 2018

    @sulkab: It is just a typo as we copied the config from real devices. Thanks for your detection, we have just updated it to match the theory.

  8. esfs
    September 3rd, 2018

    The questions have been updated. I failed the exam and I have to retake the exam. They sent me the latest questions. I confirmed that it is the latest.

  9. Anonymous
    September 8th, 2018

    Could someone please send me the latest dumps
    rasisfreelance @ yahoo. Com

  10. sa
    September 8th, 2018

    @esfs Please send me the latest Dups to sus89400 AT Gmail.com

  11. Anonymous
    September 10th, 2018

    Hello could someone please send the latest CCNA dump for 200-125 to machineman888 AT gmail.com

  12. Anonymous
    September 14th, 2018

    INSTANT DOWNLOAD HERE
    4 Drag and Drop FYI: frame relay, ACL, AAA, DHCPv6.

    http://www.drive.google.com/open?id=1NCkXkLzGYdFSZkRSk1IOQagrhTUcSKP7

    Drag and Drop same from dumps

    DNS

  13. sharon
    September 19th, 2018

    hey guys can someone assist me with 200-125

    thaks in advance

Comment pages
1 2 4084
Add a Comment