Generic Routing Encapsulation
Encyclopedia
Generic Routing Encapsulation (GRE) is a tunneling protocol
developed by Cisco Systems
that can encapsulate
a wide variety of network layer
protocols inside virtual point-to-point links over an Internet Protocol
internetwork.
GRE tunnels are designed to be completely stateless
. This means that each tunnel end-point does not keep any information about the state or availability of the remote tunnel end-point. A consequence of this is that the local tunnel end-point router does not have the ability to bring the line protocol of the GRE tunnel interface down if the remote end-point is unreachable. In such a case, a network administrator
can manually bring the interface down in order to remove any routes (specifically static routes) in the routing table
that use that interface as the outbound interface. This allows for an alternate route with a higher metric (where a higher metric means a lower priority) or for policy-based routing
(PBR) to select an alternate next-hop or interface.
Normally, a GRE tunnel interface comes up as soon as it is configured and it stays up as long as there is a valid tunnel source address or interface which is up. The tunnel destination IP address must also be routable, which is true even if the other side of the tunnel has not been configured. This means that a static route or PBR forwarding of packets via the GRE tunnel interface remains in effect even though the GRE tunnel packets do not reach the other end of the tunnel.
mechanism is slightly different than for Ethernet
or serial
interfaces. It gives the ability for one side to originate and receive keepalive packets to and from a remote router even if the remote router does not support GRE keepalives. Since GRE is a packet tunneling mechanism for tunneling IP inside IP, a GRE IP tunnel packet can be built inside another GRE IP tunnel packet. For GRE keepalives, the sender pre-builds the keepalive response packet inside the original keepalive request packet so that the remote end only needs to do standard GRE decapsulation of the outer GRE IP header and then forward the inner IP GRE packet. This mechanism causes the keepalive response to forward out the physical interface rather than the tunnel interface. This means that the GRE keepalive response packet is not affected by any output features on the tunnel interface.
Another attribute of GRE tunnel keepalives is that the keepalive timers on each side are independent and do not have to match. The problem with the configuration of keepalives only on one side of the tunnel is that only the router that has keepalives configured marks its tunnel interface as down if the keepalive timer expires. The GRE tunnel interface on the other side, where keepalives are not configured, remains up even if the other side of the tunnel is down. The tunnel can become a black-hole for packets directed into the tunnel from the side that did not have keepalives configured. In a large hub-and-spoke GRE tunnel network, it might be appropriate to only configure GRE keepalives on the spoke side and not on the hub side. This is because it is often more important for the spoke to discover that the hub is unreachable and therefore switch to a backup path (Dial Backup for example).
Before GRE keepalives were implemented, there were only three reasons for a GRE tunnel to shut down:
These three rules (missing route, interface down and mis-routed tunnel destination) are problems local to the router at the tunnel endpoints and do not cover problems in the intervening network. For example, these rules do not cover the case in which the GRE tunneled packets are successfully forwarded, but are lost before they reach the other end of the tunnel. This causes data packets that go through the GRE tunnel to be "black holed", even though an alternate route that uses PBR or a floating static route via another interface is potentially available. Keepalives on the GRE tunnel interface are used in order to solve this issue in the same way as keepalives are used on physical interfaces.
With Cisco IOS
Software Release 12.2(8)T, it is possible to configure keepalives on a point-to-point GRE tunnel interface. With this change, the tunnel interface dynamically shuts down if the keepalives fail for a certain period of time.
From what can be seen in the diagram above, protocol encapsulation (not specifically GRE) breaks the layering order in the OSI model terms. It may be viewed as a separator between two different protocol stacks, one acting as a carrier for another.
will use IP protocol type 47.
The packet fields are as follows:
Checksum Present (C), 1-bit : The Checksum field is present and contains valid information if set. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present.
Routing Present (R), 1-bit : If set then the Offset field is present and contains valid information. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present. This field has been deprecated as per the latest RFC 2784.
Key Present (K), 1-bit : If set then the Key field is present and contains valid information.
Sequence Number present (capital S), 1-bit : If set then the Sequence Number field is present and contains valid information.
Strict Source Route (s), 1-bit : The meaning of this bit is defined in other documents. It is recommended that this bit only be set if all of the Routing Information consists of Strict Source Routes. This field has been deprecated as per the latest RFC 2784.
Recursion Control (Recur), 3 bits : Contains the number of additional encapsulations which are permitted. 0 is the default.
Flags, 5 bits : These bits are reserved and must be transmitted as 0.
Version, 3 bits : GRE protocol version. Normally must be cleared to 0 but in the case of PPTP it is set to 1.
Protocol, 16 bits : Contains the protocol type of the payload packet. In general, the value will be the Ethernet protocol type field for the packet. Additional values may be defined in other documents.
Checksum, 16 bits : Contains the IP (ones' complement) checksum of the GRE header and the payload packet.
Offset, 16 bits : Indicates the byte offset from the start of the Routing field to the first byte of the active source route
entries to be examined. However, as per the latest RFC 2784, this field must be transmitted as zero.
Key, 32 bits : Contains a number which was inserted by the encapsulator. The Key field is intended to be used for identifying an individual traffic flow within a tunnel. Note that Key field is not involved in any sort of security (despite its name.)
Sequence Number, 32 bits : Contains a number which is inserted by the encapsulator. It may be used by the receiver to establish the order in which packets have been transmitted from the encapsulator to the receiver.
Routing, variable length : This field is a list of source route
entries. This field has been deprecated as per the latest RFC 2784.
Tunneling protocol
Computer networks use a tunneling protocol when one network protocol encapsulates a different payload protocol...
developed by Cisco Systems
Cisco Systems
Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...
that can encapsulate
Encapsulation (networking)
In computer networking, encapsulation is a method of designing modular communication protocols in which logically separate functions in the network are abstracted from their underlying structures by inclusion or information hiding within higher level objects....
a wide variety of network layer
Network layer
The network layer is layer 3 of the seven-layer OSI model of computer networking.The network layer is responsible for packet forwarding including routing through intermediate routers, whereas the data link layer is responsible for media access control, flow control and error checking.The network...
protocols inside virtual point-to-point links over an Internet Protocol
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
internetwork.
Overview
Generic Routing Encapsulation (GRE), defined by RFC 2784, is a simple IP packet encapsulation protocol. A GRE tunnel is used when IP packets need to be sent from one network to another, without being parsed or treated like IP packets by any intervening routers.GRE tunnels are designed to be completely stateless
State (computer science)
In computer science and automata theory, a state is a unique configuration of information in a program or machine. It is a concept that occasionally extends into some forms of systems programming such as lexers and parsers....
. This means that each tunnel end-point does not keep any information about the state or availability of the remote tunnel end-point. A consequence of this is that the local tunnel end-point router does not have the ability to bring the line protocol of the GRE tunnel interface down if the remote end-point is unreachable. In such a case, a network administrator
Network administrator
A network administrator, network analyst or network engineer is a person responsible for the maintenance of computer hardware and software that comprises a computer network...
can manually bring the interface down in order to remove any routes (specifically static routes) in the routing table
Routing table
In computer networking a routing table, or Routing Information Base , is a data table stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics associated with those routes. The routing table contains information about the...
that use that interface as the outbound interface. This allows for an alternate route with a higher metric (where a higher metric means a lower priority) or for policy-based routing
Policy-based routing
In computer networking, policy-based routing is a technique used to make routing decisions based on policies set by the network administrator....
(PBR) to select an alternate next-hop or interface.
Normally, a GRE tunnel interface comes up as soon as it is configured and it stays up as long as there is a valid tunnel source address or interface which is up. The tunnel destination IP address must also be routable, which is true even if the other side of the tunnel has not been configured. This means that a static route or PBR forwarding of packets via the GRE tunnel interface remains in effect even though the GRE tunnel packets do not reach the other end of the tunnel.
Tunnel keepalives
The GRE tunnel keepaliveKeepalive
A keepalive is a message sent by one device to another to check that the link between the two is operating, or to prevent this link from being broken.-Description:...
mechanism is slightly different than for Ethernet
Ethernet
Ethernet is a family of computer networking technologies for local area networks commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies....
or serial
Serial communication
In telecommunication and computer science, serial communication is the process of sending data one bit at a time, sequentially, over a communication channel or computer bus. This is in contrast to parallel communication, where several bits are sent as a whole, on a link with several parallel channels...
interfaces. It gives the ability for one side to originate and receive keepalive packets to and from a remote router even if the remote router does not support GRE keepalives. Since GRE is a packet tunneling mechanism for tunneling IP inside IP, a GRE IP tunnel packet can be built inside another GRE IP tunnel packet. For GRE keepalives, the sender pre-builds the keepalive response packet inside the original keepalive request packet so that the remote end only needs to do standard GRE decapsulation of the outer GRE IP header and then forward the inner IP GRE packet. This mechanism causes the keepalive response to forward out the physical interface rather than the tunnel interface. This means that the GRE keepalive response packet is not affected by any output features on the tunnel interface.
Another attribute of GRE tunnel keepalives is that the keepalive timers on each side are independent and do not have to match. The problem with the configuration of keepalives only on one side of the tunnel is that only the router that has keepalives configured marks its tunnel interface as down if the keepalive timer expires. The GRE tunnel interface on the other side, where keepalives are not configured, remains up even if the other side of the tunnel is down. The tunnel can become a black-hole for packets directed into the tunnel from the side that did not have keepalives configured. In a large hub-and-spoke GRE tunnel network, it might be appropriate to only configure GRE keepalives on the spoke side and not on the hub side. This is because it is often more important for the spoke to discover that the hub is unreachable and therefore switch to a backup path (Dial Backup for example).
Before GRE keepalives were implemented, there were only three reasons for a GRE tunnel to shut down:
- There is no route to the tunnel destination address.
- The interface that anchors the tunnel source is down.
- The route to the tunnel destination address is through the tunnel itself.
These three rules (missing route, interface down and mis-routed tunnel destination) are problems local to the router at the tunnel endpoints and do not cover problems in the intervening network. For example, these rules do not cover the case in which the GRE tunneled packets are successfully forwarded, but are lost before they reach the other end of the tunnel. This causes data packets that go through the GRE tunnel to be "black holed", even though an alternate route that uses PBR or a floating static route via another interface is potentially available. Keepalives on the GRE tunnel interface are used in order to solve this issue in the same way as keepalives are used on physical interfaces.
With Cisco IOS
Cisco IOS
Cisco IOS is the software used on the vast majority of Cisco Systems routers and current Cisco network switches...
Software Release 12.2(8)T, it is possible to configure keepalives on a point-to-point GRE tunnel interface. With this change, the tunnel interface dynamically shuts down if the keepalives fail for a certain period of time.
Example uses
- In conjunction with PPTPPoint-to-point tunneling protocolThe Point-to-Point Tunneling Protocol is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets....
to create VPNs. - In conjunction with IPsecIPsecInternet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
VPNs to allow passing of routing information between connected networks. - In Mobility protocols.
- In A8/A10A12 AuthenticationA12 Authentication is a CHAP-based mechanism used by a CDMA2000 Access Network to authenticate a 1xEV-DO Access Terminal . A12 authentication occurs when an AT first attempts to access the AN and is repeated after some authentication timeout period...
interfaces to encapsulate IP data to/from Packet Control Function (PCF). - LinuxLinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
and BSDBerkeley Software DistributionBerkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
can establish ad-hoc IP over GRE tunnels which are interoperable with Cisco equipment. - Aruba Access Points use GRE tunnels to establish a connection with their respective Aruba Mobility Controller. User data is transferred through this tunnel.
Example protocol stack
| OSI model OSI model The Open Systems Interconnection model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar... layer |
Protocol |
|---|---|
| 5. Session Session layer The session layer is layer 5 of the seven-layer OSI model of computer networking.The session layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. Communication sessions consist of requests and responses... |
X.225 |
| 4. Transport Transport layer In computer networking, the transport layer or layer 4 provides end-to-end communication services for applications within a layered architecture of network components and protocols... |
UDP User Datagram Protocol The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring... |
| 3. Network Network Layer The network layer is layer 3 of the seven-layer OSI model of computer networking.The network layer is responsible for packet forwarding including routing through intermediate routers, whereas the data link layer is responsible for media access control, flow control and error checking.The network... (GRE-encapsulated) |
IPv6 IPv6 Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4... |
| Encapsulation Encapsulation (networking) In computer networking, encapsulation is a method of designing modular communication protocols in which logically separate functions in the network are abstracted from their underlying structures by inclusion or information hiding within higher level objects.... |
GRE |
| 3. Network Network Layer The network layer is layer 3 of the seven-layer OSI model of computer networking.The network layer is responsible for packet forwarding including routing through intermediate routers, whereas the data link layer is responsible for media access control, flow control and error checking.The network... |
IPv4 IPv4 Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet... |
| 2. Data Link Data link layer The data link layer is layer 2 of the seven-layer OSI model of computer networking. It corresponds to, or is part of the link layer of the TCP/IP reference model.... |
Ethernet Ethernet Ethernet is a family of computer networking technologies for local area networks commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies.... |
| 1. Physical Physical layer The physical layer or layer 1 is the first and lowest layer in the seven-layer OSI model of computer networking. The implementation of this layer is often termed PHY.... |
Ethernet physical layer Ethernet physical layer The Ethernet physical layer is the physical layer component of the Ethernet family of computer network standards.The Ethernet physical layer evolved over a considerable time span and encompasses quite a few physical media interfaces and several magnitudes of speed... |
From what can be seen in the diagram above, protocol encapsulation (not specifically GRE) breaks the layering order in the OSI model terms. It may be viewed as a separator between two different protocol stacks, one acting as a carrier for another.
IP as a delivery protocol
GRE packets which are encapsulated within IPInternet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
will use IP protocol type 47.
Packet header
A GRE packet header structure is represented in the diagram below.| Bits 0–4 | 5–7 | 8–12 | 13–15 | 16–31 | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| C | R | K | S | s | Recur | Flags | Version | Protocol Type | |||||||||||||||||||||||
| Checksum Checksum A checksum or hash sum is a fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage. The integrity of the data can be checked at any later time by recomputing the checksum and... (optional) |
Offset (optional) | ||||||||||||||||||||||||||||||
| Key (optional) | |||||||||||||||||||||||||||||||
| Sequence Number (optional) | |||||||||||||||||||||||||||||||
| Routing (optional) | |||||||||||||||||||||||||||||||
The packet fields are as follows:
Checksum Present (C), 1-bit : The Checksum field is present and contains valid information if set. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present.
Routing Present (R), 1-bit : If set then the Offset field is present and contains valid information. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present. This field has been deprecated as per the latest RFC 2784.
Key Present (K), 1-bit : If set then the Key field is present and contains valid information.
Sequence Number present (capital S), 1-bit : If set then the Sequence Number field is present and contains valid information.
Strict Source Route (s), 1-bit : The meaning of this bit is defined in other documents. It is recommended that this bit only be set if all of the Routing Information consists of Strict Source Routes. This field has been deprecated as per the latest RFC 2784.
Recursion Control (Recur), 3 bits : Contains the number of additional encapsulations which are permitted. 0 is the default.
Flags, 5 bits : These bits are reserved and must be transmitted as 0.
Version, 3 bits : GRE protocol version. Normally must be cleared to 0 but in the case of PPTP it is set to 1.
Protocol, 16 bits : Contains the protocol type of the payload packet. In general, the value will be the Ethernet protocol type field for the packet. Additional values may be defined in other documents.
Checksum, 16 bits : Contains the IP (ones' complement) checksum of the GRE header and the payload packet.
Offset, 16 bits : Indicates the byte offset from the start of the Routing field to the first byte of the active source route
Source routing
In computer networking, source routing allows a sender of a packet to partially or completely specify the route the packet takes through the network...
entries to be examined. However, as per the latest RFC 2784, this field must be transmitted as zero.
Key, 32 bits : Contains a number which was inserted by the encapsulator. The Key field is intended to be used for identifying an individual traffic flow within a tunnel. Note that Key field is not involved in any sort of security (despite its name.)
Sequence Number, 32 bits : Contains a number which is inserted by the encapsulator. It may be used by the receiver to establish the order in which packets have been transmitted from the encapsulator to the receiver.
Routing, variable length : This field is a list of source route
Source routing
In computer networking, source routing allows a sender of a packet to partially or completely specify the route the packet takes through the network...
entries. This field has been deprecated as per the latest RFC 2784.
External links
- RFCs
- RFC 1701 — Generic Routing Encapsulation (GRE) (INFORMATIONAL)
- RFC 1702 — Generic Routing Encapsulation over IPv4 networks (INFORMATIONAL)
- RFC 2784 — Generic Routing Encapsulation (GRE) (PROPOSED STANDARD - Updated by RFC 2890)
- RFC 2890 — Key and Sequence Number Extensions to GRE (PROPOSED STANDARD)
- Cisco Systems
- Generic Routing Encapsulation, Subprotocol homepage at Cisco
- Generic Routing Encapsulation, Entry in Cisco DocWiki (formerly known as the "Internetworking Technology Handbook")