Solved: Re: What is the use of GRE tunnel? (Newbie)

Rica Chan · ‎07-13-2018

Based from what I have searched, GRE is used to create a virtual link between routers and allow them to be directly connected, even if they physically aren’t.

"Suppose R1 and R2 are routers at two far ends of our company. They are connected to two computers who want to communicate. Although R1 and R2 are not physically connected to each other but with GRE Tunnel, they appear to be" (source: 9tut)

QUESTION:

What's the use of being connected even they are far apart, though they can still be able to communicate with each other via routing protocols.

suppose a host in R1 wants to communicate with R2 (that is far), the host in R1 can still communicate with R2 because of routing protocols.

so, what is the sense of using GRE tunnel????

Can someone enlighten me.

Thank you so much!!

if you can explain it in the most simplest way please do so.

Georg Pauwen · ‎07-13-2018

Hello,

originally GRE tunnels were used to send multicast, broadcast, or other non IP traffic to other locations. Nowadays they are mainly used in conjunction with IPSec VPNs, and mainly for security...

Below is a fairly nice explanation of the concept...

https://www.incapsula.com/blog/what-is-gre-tunnel.html

View solution in original post

Joseph W. Doherty · ‎07-13-2018

To expand a bit on a.alekseev's post, the GRE connected networks don't have to be private, the important aspect is the transit network doesn't need to "know" (and often doesn't) about the network being used across a GRE tunnel.

Also to add a bit to the information that Georg provided, sometimes a GRE tunnel is used to transport a protocol that the transit network won't do natively. For example, George mentions multicast. Two networks might actually "know" of each other, and support unicast, but one might not support multicast. GRE allows you to send multicast, via the tunnel, across the network that doesn't support it.

View solution in original post

Richard Burts · ‎07-13-2018

There is another use of GRE which is to connect networks that are discontiguous. Perhaps an example will help. Think of an organization that has an office in Tampa Florida which uses network 192.168.10.0 and has another office in Dallas Texas which uses network 192.168.20.0. The offices need to communicate but how do we connect the offices to provide the network communication. Do we connect them using a dedicated private link? (how expensive would this be?) Or do we connect each one of them to a local Service Provider? (how much less expensive?) But how does 192.168.10.0 communicate with 192.168.20.0 over Internet connections? You can not route those networks over the Internet. But you can certainly set up a GRE tunnel between the offices using the Internet connection. And with GRE the two networks easily communicate.

HTH

Rick

HTH

Rick

View solution in original post

Georg Pauwen · ‎07-13-2018

Hello,

originally GRE tunnels were used to send multicast, broadcast, or other non IP traffic to other locations. Nowadays they are mainly used in conjunction with IPSec VPNs, and mainly for security...

Below is a fairly nice explanation of the concept...

https://www.incapsula.com/blog/what-is-gre-tunnel.html

a.alekseev · ‎07-13-2018

You can connet two private networks through public network using GRE tunnel.

And this public network knows nothing about your private networks.

Joseph W. Doherty · ‎07-13-2018

To expand a bit on a.alekseev's post, the GRE connected networks don't have to be private, the important aspect is the transit network doesn't need to "know" (and often doesn't) about the network being used across a GRE tunnel.

Also to add a bit to the information that Georg provided, sometimes a GRE tunnel is used to transport a protocol that the transit network won't do natively. For example, George mentions multicast. Two networks might actually "know" of each other, and support unicast, but one might not support multicast. GRE allows you to send multicast, via the tunnel, across the network that doesn't support it.

Richard Burts · ‎07-13-2018

There is another use of GRE which is to connect networks that are discontiguous. Perhaps an example will help. Think of an organization that has an office in Tampa Florida which uses network 192.168.10.0 and has another office in Dallas Texas which uses network 192.168.20.0. The offices need to communicate but how do we connect the offices to provide the network communication. Do we connect them using a dedicated private link? (how expensive would this be?) Or do we connect each one of them to a local Service Provider? (how much less expensive?) But how does 192.168.10.0 communicate with 192.168.20.0 over Internet connections? You can not route those networks over the Internet. But you can certainly set up a GRE tunnel between the offices using the Internet connection. And with GRE the two networks easily communicate.

HTH

Rick

HTH

Rick

Rica Chan · ‎07-14-2018

Thank you for this info. !! :D

Richard Burts · ‎07-14-2018

You are quite welcome. I am glad that you found our explanations helpful. These forums are excellent places to ask questions and to learn about networking. I hope to see you continue to be active in the forums.

HTH

Rick

HTH

Rick

Rica Chan · ‎07-17-2018

Thank you so much Sir! :D

I have a follow up question, does the source and destination address in GRE tunnel should be public address? while the ip address of GRE tunnel interface should be a private address??

when to use private address and public address ?

a.alekseev · ‎07-17-2018

You can use any, public or private but it depends on....

To form a tunnel: source and destination tunnel IP addresses must be reachable.
Suppose you have to form a tunnel between R1 and R2.
So R2's tunnel source (which is also R1's tunnel destination) must be reachable from R1's tunnel source.

Joseph W. Doherty · ‎07-18-2018

For Internet GRE tunnels, usually tunnel IPs will be private and tunnel endpoint IPs will be public, but it's as a.alekseev notes, i.e. it could really be almost anything because it depends on what/how you're using the tunnel.

Richard Burts · ‎07-18-2018

The question of whether to use public or private IP addressing for GRE tunnels is an interesting question. It is quite possible to use entirely public IP, or to use entirely private IP, and frequently is public IP for source and destination and private IP for tunnel interface address. It is to some extent dependent on your organization and their standard approach to IP addressing. I have worked with customers who have Public IP addresses and use Public IP on all the devices in their network. So it would be common for them to use Public IP for both source and destination and interface address.

A very important point is the point that the tunnel destination address must be reachable from the tunnel source address. Keeping that in mind we would find that it is very common to use Public IP for source and destination and Private IP for tunnel interface address, especially when the GRE tunnel is over the Internet as in the example I suggested in my original response.

HTH

Rick

HTH

Rick