GRE tunnel

chiragom2341 · ‎11-27-2015

Hi, as we know GRE is one of VPN technology. I'm preparing the CCNP exam and would like to know in real environment/production network, who is actully set up the GRE connection, if company decide to go with GRE technology ?

The service provider or company network admin ?

I know, the service provider provides the public address and path to internet but would like to know who is actully set up the VPN connections.

Thank you !

Chirag

Venkatesh Perumal · ‎11-27-2015

Hi Chirag,

would suggest you to go through the below docs, as these would clear most of your doubts on gre tunnelling in a network.

http://www.cisco.com/c/en/us/td/docs/ios/12_4/interface/configuration/guide/inb_tun.html

https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel

Regards,

-Do rate helpful posts.

chiragom2341 · ‎12-03-2015

Many thnaks, really good source :)

Masoud Pourshabanian · ‎12-03-2015

Hello,

GRE is used for several reasons.

I just give you some examples.

1-You have a company and you have several branches. You have some connections to one or more service providers. You want to have your own network and run routing protocol. Because network of service provider is in the middle, you can not run routing protocol between your branches. Here GRE helps. You use GRE between branches and run routing protocols over GRE.

2-You are using IPv6 and need to communite over an IPV4 network. one of the solution is using GRE.

3-You want to have a multicast network over an IP network which does not support multicast.

4- Sometimes you use GRE tunnel between two sites and perform IPsec encryption over the tunnel.

and so on

Service providers usually does not use GRE. GRE is mostly used when you want to kind of skip a public network which is in the middle. So usually companies which use public network use GRE. Remember GRE does not provide security.

Nowadays, service providers use MPLS VPN to seperate different customers traffic in IP layer.

VPN is very broad. VPN means Virtual private network on a public network. VPN can be provided in different layers.

If you get a E1 or T1 link from your service provider. You are provided a L1 private network on service provider public network.

GRE can provide a virtual provivate network also.

You can create a private network with many other protocols and technologies.

Hope it helps,

Masoud

chiragom2341 · ‎12-03-2015

Excellent !

Got it.

Many thanks for your broad explanation.

Masoud Pourshabanian · ‎12-03-2015

I am glad it helped.

Masoud

Joseph W. Doherty · ‎11-28-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

In my experience, in the "real world", the company using GRE would be the one to choose it, i.e. it's not suggested by a service provider. (BTW, a service provider also might choose to use it for its own internal needs.)

A service provider is more likely to offer more advanced VPN technology to a customer, like VPN over MPLS.

chiragom2341 · ‎12-03-2015

Okay, got it.

Thanks for reply.