Home > GRE Tunnel Tutorial

GRE Tunnel Tutorial

April 26th, 2018 Go to comments

GRE stands for Generic Routing Encapsulation, which is a very simple form of tunneling. With GRE we can easily create a virtual link between routers and allow them to be directly connected, even if they physically aren’t. Let’s have a look at the topology below:

GRE_Tunnel.jpg

Suppose R1 and R2 are routers at two far ends of our company. They are connected to two computers who want to communicate. Although R1 and R2 are not physically connected to each other but with GRE Tunnel, they appear to be! This is great when you have multiple end points and don’t care the path between them. The routing tables of two routers show that they are directly connected via GRE Tunnel.

How GRE Tunnel works

When the sending router decides to send a packet into the GRE Tunnel, it will “wrap” the whole packet into another IP packet with two headers: one is the GRE header which uses to manage the tunnel itself. The other is called “Delivery header” which includes the new source and destination IP addresses of two virtual interfaces of the tunnel (called tunnel interfaces). This process is called encapsulation.

GRE_Tunnel_Encapsulation_Process.jpg

In the example above when R1 receives an IP packet, it wraps the whole packet with a GRE header and a delivery header. The delivery header includes new source IP address of 63.1.27.2 (the IP address of R1’s physical interface which is used to create tunnel) and new destination IP address of 85.5.24.10 (the IP address of R2’s physical interface which is used to create tunnel).

It is important to note that the GRE tunnel does not encrypt the packet, only encapsulate it. If we want to encrypt the packet inside GRE Tunnel we must use IPSec but it is out of CCNA scope so we will not mention here.

When the GRE packet arrives at the other end of the tunnel (R2 in this case), the receiving router R2 needs to remove the GRE header and delivery header to get the original packet.

Unlike VPN which does not support multicast, GRE tunnel does support multicast so many popular routing protocols (like OSPF, EIGRP) can operate along with.

Note: The IP addresses of the two ends of GRE Tunnel (63.1.27.2 & 85.5.24.10 in this case) can be in the same subnet or different subnet (like over the Internet with public IP addresses), provided that two routers know how to reach each other’s tunnel IP address. For example in this case R1 must know how to reach 85.5.24.10 and R2 must reach 63.1.27.2.

Now you learned the basis of GRE Tunnel. It is important to show you the related GRE configuration of the example above. Suppose OSPF is used in our company.

R1 (GRE config only)
interface s0/0/0
ip address 63.1.27.2 255.255.255.0
interface tunnel0
ip address 10.0.0.1 255.255.255.0
tunnel mode gre ip //this command can be ignored
tunnel source s0/0
tunnel destination 85.5.24.10
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
R2 (GRE config only)
interface s0/0/0
ip address 85.5.24.10 255.255.255.0
interface tunnel1
ip address 10.0.0.2 255.255.255.0
tunnel source 85.5.24.10
tunnel destination 63.1.27.2
router ospf 1
network 192.168.1.0 0.0.0.255 area 0

In the above R1 configuration, the command interface tunnel0 create the virtual tunnel 0 interface, which is called a tunnel interface. We can use any number. The tunnel numbers do not need to match on two routers so on R2 we can use “interface tunnel1” without any problem.

The next line assigns the IP address for the tunnel interface: 10.0.0.1/24. The IP addresses of two tunnel interfaces must be in the same subnet (10.0.0.1/24 on R1 & 10.0.0.2/24 on R2 in this case).

The command tunnel mode gre ip is in fact not necessary as this is the default setting. We just want to show you this command and let you know that we are configuring a traditional point-to-point GRE. There are other GRE modes like “tunnel mode gre multipoint” used in DMVPN or “tunnel mode gre ipv6” to encapsulate IPv4 packets in an IPv6 infrastructure.

Next we have to specify the tunnel source and tunnel destination with “tunnel source …” and “tunnel destination” commands. For “tunnel source” command, we can either specify the interface or the IP address of the interface. When we define the tunnel source and tunnel destination in the tunnel interface, the router will add these IP addresses to the GRE packet generated by the tunnel interface. At the receiving end, the router looks for the tunnel destination and decapsulates the packet, then forwards it to the specific tunnel interface.

GRE_tunnel_source_destination.jpg

Note: We can use loopback interface as the tunnel source or destination. Traffic will flow through the best physical path toward the tunnel destination.

One last note, GRE tunnels are stateless which means the tunnel endpoint does not keep any information about the state or availability of the remote tunnel endpoint. Therefore the local tunnel endpoint does not bring the line protocol of the GRE tunnel interface down if the remote tunnel endpoint is unreachable. For example, if R2 tunnel interface is brought down for some reason, R1 tunnel interface will remain in up state.

If you are interested in full config for GRE please read our GRE tunnel Lab to have detailed knowledge of how to configure GRE tunnel.

Comments (47) Comments
Comment pages
1 2 4084
  1. 123
    August 22nd, 2018

    Hey guys, can I get the latest CCNA dump to help a brother out? jrandall1685 (at) yahoo (dot) com

  2. Anonymous
    August 23rd, 2018

    hi guys , can i get the latest CCNA dumb ? {email not allowed}

  3. Hombre
    August 30th, 2018

    Hi
    Router R2 config:
    router ospf 1
    network 192.168.1.0 0.0.0.255 area 0 – is it correct?

  4. Andy
    August 31st, 2018

    Hey, Could I have get the new CCNA 200-125 exam question dump. My exam is in a few day. Please help me. <>

  5. Andy Garcya
    August 31st, 2018

    Hey, Could I have get the new CCNA 200-125 exam question dump. My exam is in a few day. Please help me. westbam1983 (at) outlook (dot) com

  6. sulkab
    August 31st, 2018

    @9tut : why we have used s0/0/0 instead of s0/0 (as shown in the topology)?

    Thanks!

  7. 9tut
    September 1st, 2018

    @sulkab: It is just a typo as we copied the config from real devices. Thanks for your detection, we have just updated it to match the theory.

  8. esfs
    September 3rd, 2018

    The questions have been updated. I failed the exam and I have to retake the exam. They sent me the latest questions. I confirmed that it is the latest.

  9. Anonymous
    September 8th, 2018

    Could someone please send me the latest dumps
    rasisfreelance @ yahoo. Com

  10. sa
    September 8th, 2018

    @esfs Please send me the latest Dups to sus89400 AT Gmail.com

  11. Anonymous
    September 10th, 2018

    Hello could someone please send the latest CCNA dump for 200-125 to machineman888 AT gmail.com

  12. sharon
    September 19th, 2018

    hey guys can someone assist me with 200-125

    thaks in advance

  13. zzz
    September 21st, 2018

    Hi gus. Can someone send me the latest CCNA R&S dump to
    mzakwansubki @ gmail.com

  14. Anonymous
    September 22nd, 2018

    please forwarded the latest dumps at my ID
    gulati.ishu @ gmail.com

  15. Bongani Ntini
    September 24th, 2018

    Hello guys can someone please send me the latest dump at {email not allowed} Thanks in advance my certification expires on the 7th of October

  16. Anonymous
    September 24th, 2018

    bnntini @ gmail.com

  17. GeekMaster
    September 26th, 2018

    I think GRE is not secured, there is no encyrption method on both ends in the configuration. highly unsecured!

  18. 9tut
    September 26th, 2018

    @GeekMaster: To secure GRE we can implement IPSec but this is out of scope of this tutorial.

  19. Anonymous
    September 26th, 2018

    Is this the current for the CCNA 200-125 study guide?

  20. MUN
    October 2nd, 2018

    anyone needs dumps. message me

  21. Adeojo Gboyega
    October 4th, 2018

    @MUN please I need the dumps my exam is tomorrow. Thank you..

    My email is gadeojo @ Gmail . Com

  22. Hoang
    October 4th, 2018

    Hello, Can I get latest CCNA dump please? {email not allowed}

  23. Anonymous
    October 4th, 2018

    Hello, Can I get latest CCNA dump please? hoangphucthtt @ gmail . com

  24. Anonymous
    October 8th, 2018

    has anyone noticed that the labs have been silently changed?

  25. Anonymous
    October 8th, 2018

    latest at madinah nakuya oneword @gmail

  26. Anonymous
    October 8th, 2018

    @ESFS could you kindly send me the latest labs. thank you in advance madinahnakuyaATgmail.com

  27. Anonymous
    October 9th, 2018

    R1
    network 192.168.2.0 0.0.0.255 area 0

    FIXIT

  28. arsalan
    October 13th, 2018

    kindly send latest dumps {email not allowed}

  29. arsalan
    October 13th, 2018

    kindly send latest dumps of ccna r&S 200-125 arsalan_ameen At yahoo dot com

  30. Eagle
    October 13th, 2018

    Hi gus. Can someone send me the latest CCNA R&S dump to thegreeeneagle AT gmail.com

  31. edwin
    October 16th, 2018

    kindly send latest dumps edwinyiowaliasgmail.com

  32. jihad
    October 17th, 2018

    Hi gus. Can someone send me the latest CCNA R&S dump to jihad18musadag @ gmail.co

  33. Anonymous
    October 26th, 2018

    I HEAR THE QUESTIONS HAVE BEEN CHANGED. SOMEONE DID THE EXAM TODAY

  34. miszcz
    October 27th, 2018

    The IP addresses of two tunnel interfaces must be in the same subnet. What do you want fix ???

  35. Help seeker
    October 29th, 2018

    Hello friends
    Plz help me to send the latest dumb . My exam is in this week. I need to pass this. Because I failed twice. Plz email me timenesh2007 at yahoo con

  36. anonymous?
    October 31st, 2018

    Does anyone ever respond to the requests?

  37. Mark
    November 5th, 2018

    @9tut Can i request for the latest CCNA r&s dump machoy1200 @ gmail dot com

  38. ken
    November 5th, 2018

    hello guys, someone can help me whit the latest version dump please my email ariask93 @ gmail . com , put together

  39. Anonymous
    November 12th, 2018

    hello guys can someone help me with the latest version dump please my email {email not allowed}, thanks in advance

  40. Anonymous
    November 14th, 2018

    Hello guy can u please help me with the latest dump please
    200-125
    God bless in advance

  41. Anonymous
    November 14th, 2018

    Hello guy can u please help me with the latest dump please
    200-125
    God bless in advance my email: {email not allowed}

  42. Panter
    November 14th, 2018

    Can some kind person send me the latest dump of exam 200-125 I take my exam in two days kindlefire4 AT gmail dot com

  43. Ravi Ranjan
    November 18th, 2018

    Hi Al…

  44. Anonymous
    November 22nd, 2018

    hello guys can someone help me with the latest version dump please my email Conagf AT GMAIL dot com, thanks in advance

  45. SERGIO08
    November 22nd, 2018

    Hi gus. Can someone send me the latest CCNA R&S dump to {email not allowed}

  46. Ciscology
    December 8th, 2018

    Thank you 9tut. Nice article

  47. Masterkey
    December 17th, 2018

    latest dumps frankmayores83(at)gmail(dot)com

Comment pages
1 2 4084
Add a Comment