Education Networking Tutorial Tutorial

Generic routing encapsulation (GRE)

Tunneling provides a mechanism to transport packets of one protocol within another protocol. Generic routing encapsulation (GRE) is a communication protocol used to establish a direct, point-to-point connection between network nodes. Generic routing encapsulation (GRE) provides a private, secure path for transporting packets through an otherwise public network by encapsulating (or tunneling) the packets.

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network.

GRE encapsulates data packets and redirects them to a device that de-encapsulates them and routes them to their final destination. This allows the source and destination switches to operate as if they have a virtual point-to-point connection with each other (because the outer header applied by GRE is transparent to the encapsulated payload packet).

Packet Header 

Image result for Packet header of gre


Checksum bit. Set to 1 if a checksum is present.

Key bit. Set to 1 if a key is present.
Sequence number bit. Set to 1 if a sequence number is present.
Reserved bits; set to 0.
GRE Version number; set to 0.
Protocol Type
Indicates the ether protocol type of the encapsulated payload. (For IPv4, this would be hex 0800.)
Present if the C bit is set; contains the checksum for the GRE header and payload.
Present if the K bit is set; contains an application-specific key value.
Sequence Number
Present if the S bit is set; contains a sequence number for the GRE packet.


  • In conjunction with PPTP to create VPNs.
  • In conjunction with IPsec VPNs to allow passing of routing information between connected networks.
  • In mobility protocols.
  • In A8/A10 interfaces to encapsulate IP data to/from Packet Control Function (PCF).
  • Linux and BSD can establish ad-hoc IP over GRE tunnels which are interoperable with Cisco equipment.
  • Distributed denial of service (DDoS) protected appliance to an unprotected endpoint.
  • Use of multiple protocols over a single-protocol backbone
  • Providing workarounds for networks with limited hops
  • Connection of non-contiguous subnetworks
  • Being less resource demanding than its alternatives (e.g. IPsec VPN)

NOTE * GRE is described in RFC 2784 (obsoletes earlier RFCs 1701 and 1702)

Leave a Reply

Your email address will not be published. Required fields are marked *