Generic Routing Encapsulation is a protocol for encapsulation of an arbitrary network layer protocol over another arbitrary network layer protocol.

In the most general case, a system has a packet that needs to be encapsulated and delivered to some destination, which is called payload . The payload is first encapsulated in a GRE packet. The resulting GRE packet can then be encapsulated in some other protocol and then forwarded. This outer protocol is called the delivery protocol.

When IPv4 is being carried as the GRE payload, the Protocol Type field MUST be set to 0x800. When a tunnel endpoint decapsulates a GRE packet which has an IPv4 packet as the payload, the destination address in the IPv4 payload packet header must be used to forward the packet and the TTL of the payload packet MUST be decremented. Care should be taken when forwarding such a packet, since if the destination address of the payload packet is the encapsulator of the packet (i.e., the other end of the tunnel), looping can occur. In this case, the packet must be discarded. The IPv4 protocol 47 [is used when GRE packets are encapsulated in IPv4.

Security in a network using GRE should be relatively similar to security in a normal IPv4 network, as routing using GRE follows the same routing that IPv4 uses natively. Route filtering will remain unchanged. However packet filtering requires either that a firewall look inside the GRE packet or that the filtering is done on the GRE tunnel endpoints. In those environments in which this is considered to be a security issue it may be desirable to terminate the tunnel at the firewall.

Protocol Structure - GRE: Generic Routing Encapsulation

Related protocols:IPv4

Sponsor Source:

GRE is defined by IETF (http://www.ietf.org) in RFC 2784.

Reference:http://www.javvin.com/protocol/rfc2784.pdf: Generic Routing Encapsulation (GRE).