GRE - Generic Routing Encapsulation - is the lightest-weight tunnel encapsulation in widespread use. It takes an IP packet, wraps it in another IP packet plus a small GRE header, and ships it across whatever underlay routing happens to exist. No security, no encryption, just simple encapsulation. This lab builds a GRE tunnel between R1 and R3 over the base topology, with R2 as a transit router that has no idea the tunnel exists.
What you will learn
- The structure of a GRE tunnel: a Tunnel interface with source, destination, and a tunnel-side IP
- The underlay vs. overlay distinction - the physical routing that gets packets between source and destination, vs. the virtual link the tunnel creates
- How to verify a tunnel is up and forwarding traffic with
show interfaces tunnel - Why a tunnel transport MTU is 1476 bytes (1500 - 24 bytes of overhead)
- The "single-hop overlay" property - traceroute across a GRE tunnel shows one hop even when the underlay is multi-hop
What this lab does NOT cover
- IPsec encryption. GRE has no security - that is IPsec's job. Lab sec-09 covers it.
- DMVPN (Dynamic Multipoint VPN). The complex cousin of GRE.
- Routing protocols over the tunnel. Static or dynamic. We use static for simplicity.
