GRE tunnels are by far most common tunnelling technology. Very easy to setup, troubleshoot and operate. But in large scale deployment, configuring GRE tunnels become cumbersome, because GRE tunnel is a point to point tunnel.
GRE Tunnel Characteristics
• GRE tunnels are manual point to point tunnels. Tunnel end points are not automatically derived. Network operator needs to configure the tunnel end points manually.
• Supports routing protocols to run over. You can run any routing protocols on top of GRE tunnels.
• IPv4 and IPv6 can be transported over GRE. Some VPN technologies may not support IPv6 or IPv6 routing protocols.
• Non-IP protocols such as IPX, SNA etc. can be carried over GRE tunnel as well. Most of the tunnelling technologies cannot carry Non- IP traffic. For example, IPSEC tunnel cannot carry Non-IP Traffic.
• If there are too many sites that need to communicate with each other, GRE is not scalable. But in Hub and Spoke topologies it can be used since whenever new spoke site is added, only new site and hub should be revisited. Not all the spokes need configuration.
• Even though in Hub and Spoke topologies, the configuration can be too long on the Hub site.
mGRE (Multipoint GRE) version of GRE tunnel reduces the configuration on the Hub site greatly.
￼￼￼• GRE tunnel adds 24 bytes to the IP Packet. 4 byte GRE header and 20 bytes new IP header is added; this increases MTU size of the IP packet. Careful planning on the interface MTU is necessary.
Gre Tunnel Headers
• GRE doesn’t come by default with encryption so in order to encrypt the packet; IPSEC should be enabled over GRE tunnel.
GRE Tunnel Uses Cases:
• Classical use cases of GRE tunnel is over Internet with IPSEC, VRF- lite to carry different VPN information separately in the Campus, WAN or datacenter and IPv6 tunnelling over IPv4 transport.
• GRE is used mostly together with IPSEC to support the traffic that is not supported by IPSEC by default. For example IPSEC tunnels don’t support Multicast by default but together with GRE, GRE over IPSEC supports multicast traffic.
Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021
He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.
Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.
Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers.