GRE_tunnel
Generic Routing Encapsulation
Cisco tunneling protocol
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.[2]
Communication protocol | |
Purpose | Network tunneling |
---|---|
Developer(s) | Cisco Systems |
Introduction | 1994[1] |
RFC(s) | RFC1701, RFC1702, RFC2784 |
- In conjunction with PPTP to create VPNs.
- In conjunction with IPsec VPNs to allow passing of routing information between connected networks.
- In mobility management protocols.
- In A8/A10 interfaces to encapsulate IP data to/from Packet Control Function (PCF).
- Linux and BSD can establish ad-hoc IP over GRE tunnels which are interoperable with Cisco equipment.
- Distributed denial of service (DDoS) protected appliance to an unprotected endpoint.
Example protocol stack
OSI model layer | Protocol |
---|---|
6. Session | X.225 |
5. Transport | UDP |
4. Network (GRE-encapsulated) | IPv4 |
Encapsulation | GRE |
3. Network | IPv6 |
2. Data link | Ethernet |
1. Physical | Ethernet physical layer |
Based on the principles of protocol layering in OSI, protocol encapsulation, not specifically GRE, breaks the layering order. It may be viewed as a separator between two different protocol stacks, one acting as a carrier for another.
GRE packets that are encapsulated within IP directly, use IP protocol type 47 in the IPv4 header's Protocol field[3] or the IPv6 header's Next Header field.[4]
For performance reasons, GRE can also be encapsulated in UDP packets.[5] Better throughput may be achieved by using Equal-cost multi-path routing.
Extended GRE packet header (RFC 2890)
The extended version of the GRE packet header[6] is represented below:
Offsets | Octet | 0 | 1 | 2 | 3 | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Octet | Bit | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
0 | 0 | C | K | S | Reserved 0 | Version | Protocol Type | ||||||||||||||||||||||||||
4 | 32 | Checksum (optional) | Reserved 1 (optional) | ||||||||||||||||||||||||||||||
8 | 64 | Key (optional) | |||||||||||||||||||||||||||||||
12 | 96 | Sequence Number (optional) |
- C (1 bit)
- Checksum bit. Set to 1 if a checksum is present.
- K (1 bit)
- Key bit. Set to 1 if a key is present.
- S (1 bit)
- Sequence number bit. Set to 1 if a sequence number is present.
- Reserved 0 (9 bits)
- Reserved bits; set to 0.
- Version (3 bits)
- GRE Version number; set to 0.
- Protocol Type (16 bits)
- Indicates the ether protocol type of the encapsulated payload. (For IPv4, this would be hex 0800.)
- Checksum (16 bits)
- Present if the C bit is set; contains the checksum for the GRE header and payload.
- Reserved 1 (16 bits)
- Present if the C bit is set; is set to 0.
- Key (32 bits)
- Present if the K bit is set; contains an application-specific key value.
- Sequence Number (32 bits)
- Present if the S bit is set; contains a sequence number for the GRE packet.
Standard GRE packet header (RFC 2784)
A standard GRE packet header structure[7] is represented in the diagram below.
Offsets | Octet | 0 | 1 | 2 | 3 | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Octet | Bit | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
0 | 0 | C | Reserved 0 | Version | Protocol Type | ||||||||||||||||||||||||||||
4 | 32 | Checksum (optional) | Reserved 1 (optional) |
- C (1 bit)
- Checksum bit. Set to 1 if a checksum is present.
- Reserved 0 (12 bits)
- Reserved bits; set to 0.
- Version (3 bits)
- GRE Version number; set to 0.
- Protocol Type (16 bits)
- Indicates the ether protocol type of the encapsulated payload. (For IPv4, this would be hexadecimal 0x0800; for IPv6, it would be 0x86DD.[4])
- Checksum (16 bits)
- Present if the C bit is set; contains the checksum for the GRE header and payload.
- Reserved 1 (16 bits)
- Present if the C bit is set; its contents is set to 0.
Original GRE packet header (RFC 1701)
The newer structure superseded the original structure:[1]
Offsets | Octet | 0 | 1 | 2 | 3 | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Octet | Bit | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
0 | 0 | C | R | K | S | s | Recur | Flags | Version | Protocol Type | |||||||||||||||||||||||
4 | 32 | Checksum (optional) | Offset (optional) | ||||||||||||||||||||||||||||||
8 | 64 | Key (optional) | |||||||||||||||||||||||||||||||
12 | 96 | Sequence Number (optional) | |||||||||||||||||||||||||||||||
16 | 128 | Routing (optional, variable length) |
The original GRE RFC defined further fields in the packet header which became obsolete in the current standard:
- C (1 bit)
- Checksum bit. Set to 1 if a checksum is present.
- R (1 bit)
- Routing Bit. Set to 1 if Routing and Offset information are present.
- K (1 bit)
- Key bit. Set to 1 if a key is present.
- S (1 bit)
- Sequence number bit. Set to 1 if a sequence number is present.
- s (1 bit)
- Strict source route bit.
- Recur (3 bits)
- Recursion control bits.
- Flags (5 bits)
- Reserved for future use, set to 0.
- Version (3 bits)
- Set to 0.
- Protocol Type (16 bits)
- Indicates the ether protocol type of the encapsulated payload.
- Checksum (16 bits)
- Present if the C bit is set; contains the checksum for the GRE header and payload.
- Offset (16 bits)
- Present if R bit or C bit is set; contains valid information, only if R bit is set. An offset field indicating the offset within the Routing field to the active source route entry.
- Key (32 bits)
- Present if the K bit is set; contains an application-specific key value.
- Sequence Number (32 bits)
- Present if the S bit is set; contains a sequence number for the GRE packet.
- Routing (variable)
- Present if R bit is set; contains a list of source route entries, therefore is of variable length.
PPTP GRE packet header
The Point-to-Point Tunneling Protocol (PPTP) [8] uses a variant GRE packet header structure, represented below. PPTP creates a GRE tunnel through which the PPTP GRE packets are sent.
Offsets | Octet | 0 | 1 | 2 | 3 | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Octet | Bit | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
0 | 0 | C | R | K | S | s | Recur | A | Flags | Version | Protocol Type | ||||||||||||||||||||||
4 | 32 | Key Payload Length | Key Call ID | ||||||||||||||||||||||||||||||
8 | 64 | Sequence Number (optional) | |||||||||||||||||||||||||||||||
12 | 96 | Acknowledgement Number (optional) | |||||||||||||||||||||||||||||||
- C (1 bit)
- Checksum bit. For PPTP GRE packets, this is set to 0.
- R (1 bit)
- Routing bit. For PPTP GRE packets, this is set to 0.
- K (1 bit)
- Key bit. For PPTP GRE packets, this is set to 1. (All PPTP GRE packets carry a key.)
- S (1 bit)
- Sequence number bit. Set to 1 if a sequence number is supplied, indicating a PPTP GRE data packet.
- s (1 bit)
- Strict source route bit. For PPTP GRE packets, this is set to 0.
- Recur (3 bits)
- Recursion control bits. For PPTP GRE packets, these are set to 0.
- A (1 bit)
- Acknowledgment number present. Set to 1 if an acknowledgment number is supplied, indicating a PPTP GRE acknowledgment packet.
- Flags (4 bits)
- Flag bits. For PPTP GRE packets, these are set to 0.
- Version (3 bits)
- GRE Version number. For PPTP GRE packets, this is set to 1.
- Protocol Type (16 bits)
- For PPTP GRE packets, this is set to hex 880B.
- Key Payload Length (16 bits)
- Contains the size of the payload, not including the GRE header.
- Key Call ID (16 bits)
- Contains the Peer's Call ID for the session to which the packet belongs.
- Sequence Number (32 bits)
- Present if the S bit is set; contains the GRE payload sequence number.
- Acknowledgement Number (32 bits)
- Present if the A bit is set; contains the sequence number of the highest GRE payload packet received by the sender.
- RFC 1701: Generic Routing Encapsulation (GRE) (informational)
- RFC 1702: Generic Routing Encapsulation over IPv4 networks (informational)
- RFC 2637: Point to Point Tunneling Protocol (informational)
- RFC 2784: Generic Routing Encapsulation (GRE) (proposed standard, updated by RFC 2890)
- RFC 2890: Key and Sequence Number Extensions to GRE (proposed standard)
- RFC 8086: GRE-in-UDP Encapsulation (proposed standard)
- Network Virtualization using Generic Routing Encapsulation - carries L2 packets over GRE
- GPRS Tunnelling Protocol - GTP-U is similar to GRE and used in cellular networks
- S. Hanks; T. Li; D. Farinacci; P. Traina (October 1994). Generic Routing Encapsulation (GRE). Network Working Group. doi:10.17487/RFC1701. RFC 1701. Informational.
- US 7801021B1, Nikolaos Triantafillis; Robert J. Ordemann & Simon D. Barber, "Generic routing encapsulation tunnel keepalives", issued 2010-09-21, assigned to Cisco Technology Inc.
- S. Hanks; T. Li; D. Farinacci; P. Traina (October 1994). Generic Routing Encapsulation over IPv4 networks. Network Working Group. doi:10.17487/RFC1702. RFC 1702. Informational.
- C. Pignataro; R. Bonica; S. Krishnan (October 2015). IPv6 Support for Generic Routing Encapsulation (GRE). Internet Engineering Task Force (IETF). doi:10.17487/RFC7676. ISSN 2070-1721. RFC 7676. Proposed Standard.
- E. Crabbe; E. Crabbet; T. Herbert (March 2017). L. Yong (ed.). GRE-in-UDP Encapsulation. Internet Engineering Task Force (IETF). doi:10.17487/RFC8086. ISSN 2070-1721. RFC 8086. Proposed Standard.
- G. Dommety (September 2000). Key and Sequence Number Extensions to GRE. Network Working Group. doi:10.17487/RFC2890. RFC 2890. Proposed Standard.
- D. Farinacci; T. Li; S. Hanks; D. Meyer; P. Traina (March 2000). Generic Routing Encapsulation (GRE). Network Working Group. doi:10.17487/RFC2784. RFC 2784. Proposed Standard. Updated by RFC 2890.
- K. Hamzeh; G. Pall; W. Verthein; J. Taarud; W. Little; G. Zorn (July 1999). Point-to-Point Tunneling Protocol (PPTP). Network Working Group. doi:10.17487/RFC2637. RFC 2637. Informational.
- Generic Routing Encapsulation, Subprotocol homepage at Cisco
- Generic Routing Encapsulation, Entry in Cisco DocWiki (formerly known as the "Internetworking Technology Handbook")