Generic Routing Encapsulation

Generic Routing Encapsulation (GRE) is a tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets. The original packet is the payload for the final packet. The protocol is used on the Internet to secure virtual private networks.

GRE was developed by Cisco and was designed to be stateless; the tunnel end-points do not monitor the state or availability of other tunnel end-points. This feature helps service providers support IP tunnels for clients, who won't know the service provider's internal tunneling architecture; and it gives clients the flexibility of reconfiguring their IP architectures without worrying about connectivity. GRE creates a virtual point-to-point link with routers at remote points on an IP internetwork.

One key difference between an encrypted GRE tunnel and an IPsec tunnel is the ability to make use of Multicast protocols over GRE tunnels. An example would be the use of OSPF over a GRE tunnel.

GRE uses IP protocol number 47.

Example uses

* Used in conjunction with PPTP to create virtual private networks.
* Used in conjunction with IPsec VPNs to allow passing of routing information between connected networks.
* Used in Mobility protocols.
* A8/A10 interfaces use GRE protocol to encapsulate IP data to/from Packet Control Function (PCF).
* Linux and BSD can establish ad-hoc IP over GRE tunnels which are interoperable with CISCO equipment.

Example Protocol Stack using GRE

RADIUS UDP IPv6 (2) GRE IPv4 (1) Ethernet

GRE Packet Header Details

0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ┌─┬─┬─┬─┬─┬─────┬─────────┬─────┬───────────────────────────────┐ │C│R│K│S│s│Recur│ Flags │ Ver │ Protocol Type │ ├─┴─┴─┴─┴─┴─────┴─────────┴─────┼───────────────────────────────┤ │ Checksum (optional) │ Offset (optional) │ ├───────────────────────────────┴───────────────────────────────┤ │ Key (optional) │ ├───────────────────────────────────────────────────────────────┤ │ Sequence Number (optional) │ ├───────────────────────────────────────────────────────────────┤ │ Routing (optional) │ └───────────────────────────────────────────────────────────────┘

C, Checksum Present. 1-bit.The Checksum field is present and contains valid information if set. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present.

R, Routing Present. 1-bit.If set then the Offset field is present and contains valid information. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present.

K, Key Present. 1-bit.If set then the Key field is present and contains valid information.

S, Sequence Number present. 1-bit.If set then the Sequence Number field is present and contains valid information.

s, Strict Source Route. 1-bit.The meaning of this bit is defined in other documents. It is recommended that this bit only be set if all of the Routing Information consists of Strict Source Routes.

Recur, Recursion Control. 3 bits, unsigned integer.Contains the number of additional encapsulations which are permitted. 0 is the default.

Flags. 5 bits.These bits are reserved and must be transmitted as 0.

Version. 3 bits.GRE protocol version. Normally must be cleared to 0 but in L2TP networks using 1.

Protocol. 16 bits.Contains the protocol type of the payload packet. In general, the value will be the Ethernet protocol type field for the packet. Additional values may be defined in other documents.

Checksum. 16 bits.Optional. Contains the IP (one's complement) checksum of the GRE header and the payload packet.

Offset. 16 bits.Optional. Indicates the byte offset from the start of the Routing field to the first byte of the active Source Route Entry to be examined.

Key. 32 bits.Optional. Contains a number which was inserted by the encapsulator. The Key field is intended to be used for identifying an individual traffic flow within a tunnel. Note that Key field is not involved in any sort or security (despite its name).

Sequence Number. 32 bits, unsigned integer.Optional. Contains a number which is inserted by the encapsulator. It may be used by the receiver to establish the order in which packets have been transmitted from the encapsulator to the receiver.

Routing. Variable length.Optional. This field is a list of SREs.

External links

* RFC 1701 Generic Routing Encapsulation (GRE) (INFORMATIONAL)
* RFC 1702 Generic Routing Encapsulation over IPv4 networks (INFORMATIONAL)
* RFC 2784 Generic Routing Encapsulation (GRE) (PROPOSED STANDARD - Updated by RFC 2890)
* RFC 2890 Key and Sequence Number Extensions to GRE (PROPOSED STANDARD)