What is GRE (Generic Routing Encapsulation)?

Generic Routing Encapsulation (GRE) is the IP encapsulation protocol that is used to transport IP packets over the network. Generic routing encapsulation was initially developed by Cisco, but later become industry standard (RFC 1701, RFC 2784, RFC 2890). GRE can tunnel any Layer 3 protocol including the IP. In GRE an IP datagram is encapsulated within another IP datagram.

One great advantage of GRE is that it allows routing of IP packets between private IPv4 networks which are separated over public IPv4 internet. GRE also supports encapsulating IPv4 broadcast and multicast traffic. GRE tunnels are not secure because Generic routing encapsulation does not encrypt its Data payload. In mealtime, GRE used together with other secure tunneling protocols like IPsec provides network security.

Following are key fields of the GRE Header.

Flag C (Checksum Present): Used to indicate that the Checksum field is present and contains valid information, when set to 1.

Flag R (Routing Present): Used to indicate that the Routing fields are present and contain valid information, when set to 1.

Flag K (Key Present): Used to indicate that the Key field is present in the GRE header, when set to 1.

Flag S (Sequence Number Present): Used to indicate that the Sequence Number field is present, when set to 1.

Flag s (Strict Source Route): Set to 1 the routing information consists of Strict Source Routes.

Recursion Control and Version Number are normally set to 0

Protocol Type: Protocol Type field is used to mention the protocol payload of the GRE packet. For IP, this field is set to 0x800

Checksum: Checksum field value is used to check the integrity of the GRE header and the payload.

Key: Key field value is used to authenticate the GRE packets encapsulate.

Sequence Number: Sequence Number filed value is used to track the sequence of GRE packets.

Below is a diagram shows Wireshark capture image of a GRE Encapsulation and GRE Header fields.

Generic routing encapsulation provides a private, secure path for transporting packets through an otherwise public network by encapsulating or tunneling the packets. GRE encapsulates data packets and redirects them to a device that de-encapsulates them and routes them to their final destination. It allows source and destination switches to operate as if they have a virtual point-to-point connection with each other because the outer header applied by GRE is transparent to the encapsulated payload packet.