Generic Routing Encapsulation (GRE), developed by Cisco, is a tunneling mechanism which is used to transport packets from network A to network B through an intermediate network which appears as if it is a single, shared link between networks A and B.
Awesome! So, what would I use a GRE Tunnel for?
- You can utilize all the dynamic routing protocols over a public network like the internet through the tunnel interface as if it were a physical interface. The tunnel serves as a virtual point-to-point link that has two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.
- If you need to encrypt multicast traffic like routing protocols or video feeds, GRE tunnels can carry multicast packets—just like real network interfaces—as opposed to using IPSec by itself, which can’t encrypt multicast traffic.
- GRE tunneling uses IP as the transport protocol and can be used for carrying many different passenger protocols such as a non-routable protocol or non-IPv4 traffic like IPv6 across and IPv4 cloud.
- GRE allows you to connect two similarly addressed networks through a network with different IP addressing. For example, two sites using private addressing can communicate across a public network like the Internet.
- You can merge both VPNs and GRE tunnels together as a way to provide the security of a VPN with the benefits of GRE. Configuring GRE over IPSec VPN tunnels allows traffic to traverse across the VPN tunnel and only creates a single IPSec association regardless of the number of subnets that need to traverse the tunnel.