Configuring a Tunnel with Generic Routing Encapsulation
Overview
9-2
Overview
The ProCurve Secure Router supports tunneling using Generic Routing
Encapsulation (GRE).
GRE is a Layer 2 protocol that encapsulates higher-level protocols and renders
them transparent. Routers use GRE to send traffic through an intervening
network that does not support such traffic.
For example, the Internet does not route multicast messages. However, many
routing protocols rely on multicasts. You can use GRE tunnels to send multi-
cast routing updates through the Internet. You can also tunnel non-IP traffic
through the Internet.
GRE Tunnels
A tunnel is a virtual point-to-point link across a multipoint-access network,
such as the Internet. In a sense, a tunnel emulates a WAN link. A tunneling
protocol:
encapsulates other protocols
sets up a point-to-point link
GRE encapsulates packets using other protocols within GRE packets. These
packets, in turn, are encapsulated within IP packets. (In this way, GRE is
similar to the IP Security [IPSec] protocols Authentication Header [AH] and
Encapsulation Security Payload [ESP]. However, unlike AH and ESP, GRE
does not ensure data integrity and confidentiality.)
GRE can encapsulate many kinds of Network Layer, Data Link Layer, or
multicast protocols into an IP packet. GRE uses the same protocol identifiers
that Ethernet uses. GRE then uses source routing to create a virtual point-to-
point link through an IP network (such as the Internet).
On the ProCurve Secure Router, GRE encapsulates IP packets. Because GRE
encapsulates packets and repackages them with a delivery IP header, it
renders the original IP header transparent. GRE establishes a point-to-point
link between two non-directly connected routers; these routers can then
tunnel packets from hosts on private networks through the public network.