To improve system security, GRE introduces GRE keys to identify individual traffic flows. The GRE key is a 32-bit string with a value range of 0 to 4294967295. It is configured on the transmit end and written into the GRE header of a GRE packet to be sent. After receiving the packet, the receive end decapsulates it and compares the key with the locally configured key. If the keys are the same, a GRE tunnel can then be established. The GRE key can be configured in either ciphertext or cleartext. A ciphertext key is displayed in ciphertext in the configuration file.
GRE also supports the checksum verification of GRE-encapsulated packets. If the checksum is configured on both ends of a GRE tunnel, the local end calculates the checksum based on the GRE header and payload information and sends the packet containing the checksum to the peer end. The peer then calculates the checksum of the received packet and compares it with the checksum in the packet. If the two checksum values match, the packet continues to be processed; otherwise, it is discarded. If the checksum function is enabled only on the local end, the local end does not check the checksum for received packets, but instead calculates a checksum for packets to be sent. If the checksum function is enabled only on the peer end, the local end checks the checksum for received packets but does not calculate a checksum for packets to be sent.
system-view
interface tunnel interface-number
gre checksum
gre key { simple key-number-simple | [ cipher ] key-number-cipher }
Run the display interface tunnel [ interface-number ] command to check the operating status of the tunnel interface.