Overview of GRE
This section describes the basic concepts and applications of General Routing Encapsulation (GRE).
GRE is a type of Layer 3 VPN encapsulation technology. GRE encapsulates the packets of a wide variety of network layer protocols, such as Internetwork Packet Exchange (IPX), IP, and AppleTalk, into IP tunneling packets, so that these packets can be transmitted over heterogeneous networks. The channel for transmitting heterogeneous packets is called a tunnel. As shown in Figure 1, the GRE tunnel established over the IPv4 network enables the two IPv6 networks to communicate.
Besides network-layer protocol packets, GRE can encapsulate multicast packets. Because packets of dynamic routing protocols are transmitted in multicast mode, GRE is used to transmit multicast routing information. This is the origin of GRE. The following describes several scenarios where GRE is used to encapsulate the packets of dynamic routing protocols.
GRE over IPSec
As shown in Figure 2, if the IP networks at both ends of the IPSec tunnel need to communicate, they need to obtain each other's private routing information. If the IP networks at both end of the IPsec tunnel run dynamic routing protocols, the IPSec tunnel needs to transmit the packets of these protocols in multicast mode. IPSec itself is unable to encapsulate multicast packets. In this case, GRE is required to encapsulate these packets into unicast packets so that the IP networks at both ends of the IPSec tunnel can communicate. Then the tunnel between the two IP networks is called a GRE over IPSec tunnel.
Enlarging the Operation Scope of the Network with Limited Hops
As shown in Figure 3, RIP runs on the network. If the hop count between the two PCs exceeds 15, the PCs cannot communicate. You can use a GRE tunnel to hide certain hops, which expands the scope of the network.
For example, after a GRE tunnel is established between FW_A and FW_B, FW_A and FW_B are similar to neighboring routers, and the distance between them is considered as one hop. This tunnel hides the actual hops between FW_A and FW_B and expands the network scope.
