GRE description (an example of GRE Tunnel Configuration for a Cisco router)

GREs (Generic Routing protocol encapsulation) were submitted to IETF by Cisco, net-smiths, and other companies on September 10, 1994, marked as rfc1701 and rfc1702. Currently, most network devices support the GRE tunnel protocol.
GRE specifies how to use one network protocol to encapsulate another network protocol. The GRE tunnel is defined by the source IP address and destination IP address at both ends. You can use an IP package to encapsulate IP addresses, IPX, and appletalk packets, and support all routing protocols (such as rip2 and OSPF ). Through GRE, you can use public IP networks to connect to IPX and appletalk networks. You can also use reserved IP addresses to connect networks or hide cen ip addresses from public networks.

---- GRE contains the protocol type in the header, which is used to indicate the type of the passenger protocol; the checksum includes the header of the GRE and the complete passenger.

Protocols and data; keys are used to verify the received data at the receiving end; Serial numbers are used to sort and control the packets at the receiving end; routes are used

The route of this packet.

---- GRE only provides encapsulation of data packets. It does not have encryption to prevent network listening and attacks. Therefore, in the actual environment, it often corresponds to an IP address.

When the SEC is used together, IPSec provides encryption of user data to provide users with better security.

The GRE protocol has two main purposes: internal protocol encapsulation and private address encapsulation. In China, CEN uses almost all TCP/IP protocols, so there is no market demand for internal protocol encapsulation when establishing tunnels in China. The only reason for enterprises to use GRE should be the encapsulation of internal addresses. When the carrier provides this VPN service to multiple users, there is a possibility of address conflict.

Configure a gre tunnel for a Cisco Router

Route encapsulation (GRE) was first proposed by Cisco, and has become a standard defined in RFC 1701, RFC 1702, and RFC 2784. In short, GRE is a tunneling protocol used to transmit data packets from one network to another.

If you think it is similar to a virtual private network (VPN), it is only because the GRE tunnel is a type of VPN technically, but not a security tunnel. However, you can also use some encryption protocol to encrypt the GRE tunnel, such as the IPSec protocol commonly used in the VPN network.

In fact, Point-to-Point Tunneling (PPTP) uses GRE to create a VPN tunnel. For example, if you want to create a Microsoft VPN tunnel, PPTP is used by default, and GRE is used.

Why GRE?

Why use GRE for tunnel transmission? The reason is as follows:

Sometimes you need encrypted multicast transmission. The GRE tunnel can transmit multicast data packets as the real network interface does. However, when IPSec is used separately, multicast transmission cannot be encrypted. Multicast Transmission examples include OSPF, OSPF, and r1_2. In addition, a large number of video, VoIP, and music stream programs use multicast.
 
Some protocols you use cannot be routed, such as NetBIOS or non-IP transmission over an IP network. For example, you can use GRE in an IP network to support IPX or appletalk.
 
You need to use a different IP address to connect the other two similar networks.
 
How to configure the GRE tunnel?

Configuring the GRE tunnel on a Cisco router is a simple task. You only need to enter several lines of commands. The following is a simple example.

Router:

Interface ethernet0/1
IP address 10.2.2.1 255.255.255.0

Interface serial0/0
IP address 192.168.4.1 255.255.255.0

Interface tunnel0
IP address 1.1.1.2 255.255.255.0
Tunnel source serial0/0
Tunnel destination 192.168.4.2

Router B:

Interface fastethernet0/1
IP address 10.1.1.1 255.255.255.0

Interface serial0/0
IP address 192.168.4.2 255.255.255.0

Interface tunnel0
IP address 1.1.1.1 255.255.255.0
Tunnel source serial0/0
Tunnel destination 192.168.4.1

In this example, Both routers have virtual interfaces, namely, tunnel interfaces. This interface belongs to its own network, just like a point-to-point T1 loop. Data transmitted over a tunnel network is transmitted over a serial network.

Each vro has two ways to transmit data to the other end, namely through the serial interface and through the tunnel interface (passing data through the tunnel ). This tunnel can transmit non-route protocol data, such as NetBIOS or appletalk. If data needs to be encrypted over the Internet, you can use IPsec to encrypt it.

The following information shows that the tunnel interface on vrob B is no different from other network interfaces:

Routerb # SH ip int Brie

Interface IP-address OK? Method Status Protocol
Ethernet0 10.1.1.1 Yes manual up down
Serial0 192.168.4.2 Yes manual up
Serial1 unassigned Yes unset administratively down
Tunnel0 1.1.1.1 Yes manual up
Routerb #

Solve the GRE tunnel Problem

Since GRE encapsulates a data packet into another data packet, you may encounter a situation where the GRE data packet is larger than the maximum size of the data packet set by the network interface. The approach to this problem is to configure ip tcp adjust-MSS 1436 on the tunnel interface.

In addition, although GRE does not support encryption, you can use the tunnel key command to set a key at both ends of the tunnel. This key is actually a plaintext password.

Because the GRE tunnel has no status control, one end of the tunnel may be closed, and the other end is still enabled. The solution to this problem is to enable keepalive packets at both ends of the tunnel. It allows one end of the tunnel to regularly send keepalive data to the other end to ensure that the port is enabled. If a certain end of the tunnel does not receive keepalive data on time, the tunnel port on this side will also be closed.