Generic routing encapsulation

Generic routing encapsulation
Communication protocol
Purpose	Network tunneling
Developer(s)	Cisco Systems
Introduction	1994
RFC(s)	1701, 1702, 2784

Last updated October 08, 2024

Generic routing encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.^[2]

Example uses

In conjunction with PPTP to create VPNs.
In conjunction with IPsec VPNs to allow passing of routing information between connected networks.
In mobility management protocols.
In A8/A10 interfaces to encapsulate IP data to/from Packet Control Function (PCF).
Linux and BSD can establish ad-hoc IP over GRE tunnels which are interoperable with Cisco equipment.
Distributed denial of service (DDoS) protected appliance to an unprotected endpoint.

Example protocol stack

OSI model layer	Protocol example
7. Application	HTTP
4. Transport	TCP
3. Network (GRE-encapsulated)	IPv4
Encapsulation	GRE
3. Network	IPv6
2. Data link	Ethernet
1. Physical	Ethernet physical layer

Based on the principles of protocol layering in OSI, protocol encapsulation, not specifically GRE, breaks the layering order. It may be viewed as a separator between two different protocol stacks, one acting as a carrier for another.

Delivery protocols

GRE packets that are encapsulated within IP directly, use IP protocol type 47 in the IPv4 header's Protocol field^[3] or the IPv6 header's Next Header field.^[4]

For performance reasons, GRE can also be encapsulated in UDP packets.^[5] Better throughput may be achieved by using Equal-cost multi-path routing.

Packet header

Extended GRE packet header (RFC 2890)

The extended version of the GRE packet header ^[6] is represented below:

Extended GRE header format
Offsets	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	C		K	S	Reserved 0									Version			Protocol Type
4	32	Checksum (optional)																Reserved 1 (optional)
8	64	Key (optional)
12	96	Sequence Number (optional)

C (1 bit): Checksum bit. Set to 1 if a checksum is present.
K (1 bit): Key bit. Set to 1 if a key is present.
S (1 bit): Sequence number bit. Set to 1 if a sequence number is present.
Reserved 0 (9 bits): Reserved bits; set to 0.
Version (3 bits): GRE Version number; set to 0.
Protocol Type (16 bits): Indicates the ether protocol type of the encapsulated payload. (For IPv4, this would be hex 0800.)
Checksum (16 bits): Present if the C bit is set; contains the checksum for the GRE header and payload.
Reserved 1 (16 bits): Present if the C bit is set; is set to 0.
Key (32 bits): Present if the K bit is set; contains an application-specific key value.
Sequence Number (32 bits): Present if the S bit is set; contains a sequence number for the GRE packet.

Standard GRE packet header (RFC 2784)

A standard GRE packet header structure^[7] is represented in the diagram below.

Standard GRE header format
Offsets	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	C	Reserved 0												Version			Protocol Type
4	32	Checksum (optional)																Reserved 1 (optional)

C (1 bit)

Checksum bit. Set to 1 if a checksum is present.

Reserved 0 (12 bits)

Reserved bits; set to 0.

Version (3 bits)

GRE Version number; set to 0.

Protocol Type (16 bits)

Indicates the ether protocol type of the encapsulated payload. (For IPv4, this would be hexadecimal 0x0800; for IPv6, it would be 0x86DD.^[4])

Checksum (16 bits)

Present if the C bit is set; contains the checksum for the GRE header and payload.

Reserved 1 (16 bits)

Present if the C bit is set; its contents is set to 0.

Original GRE packet header (RFC 1701)

The newer structure superseded the original structure:^[1]

Original GRE header format
Offsets	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	C	R	K	S	s	Recur			Flags					Version			Protocol Type
4	32	Checksum (optional)																Offset (optional)
8	64	Key (optional)
12	96	Sequence Number (optional)
16	128	Routing (optional, variable length)

The original GRE RFC defined further fields in the packet header which became obsolete in the current standard:

C (1 bit): Checksum bit. Set to 1 if a checksum is present.
R (1 bit): Routing Bit. Set to 1 if Routing and Offset information are present.
K (1 bit): Key bit. Set to 1 if a key is present.
S (1 bit): Sequence number bit. Set to 1 if a sequence number is present.
s (1 bit): Strict source route bit.
Recur (3 bits): Recursion control bits.
Flags (5 bits): Reserved for future use, set to 0.
Version (3 bits): Set to 0.
Protocol Type (16 bits): Indicates the ether protocol type of the encapsulated payload.
Checksum (16 bits): Present if the C bit is set; contains the checksum for the GRE header and payload.
Offset (16 bits): Present if R bit or C bit is set; contains valid information, only if R bit is set. An offset field indicating the offset within the Routing field to the active source route entry.
Key (32 bits): Present if the K bit is set; contains an application-specific key value.
Sequence Number (32 bits): Present if the S bit is set; contains a sequence number for the GRE packet.
Routing (variable): Present if R bit is set; contains a list of source route entries, therefore is of variable length.

PPTP GRE packet header

The Point-to-Point Tunneling Protocol (PPTP) ^[8] uses a variant GRE packet header structure, represented below. PPTP creates a GRE tunnel through which the PPTP GRE packets are sent.

PPTP GRE header format
Offsets	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	C	R	K	S	s	Recur			A	Flags				Version			Protocol Type
4	32	Key Payload Length																Key Call ID
8	64	Sequence Number (optional)
12	96	Acknowledgement Number (optional)

C (1 bit)

Checksum bit. For PPTP GRE packets, this is set to 0.

R (1 bit)

Routing bit. For PPTP GRE packets, this is set to 0.

K (1 bit)

Key bit. For PPTP GRE packets, this is set to 1. (All PPTP GRE packets carry a key.)

S (1 bit)

Sequence number bit. Set to 1 if a sequence number is supplied, indicating a PPTP GRE data packet.

s (1 bit)

Strict source route bit. For PPTP GRE packets, this is set to 0.

Recur (3 bits)

Recursion control bits. For PPTP GRE packets, these are set to 0.

A (1 bit)

Acknowledgment number present. Set to 1 if an acknowledgment number is supplied, indicating a PPTP GRE acknowledgment packet.

Flags (4 bits)

Flag bits. For PPTP GRE packets, these are set to 0.

Version (3 bits)

GRE Version number. For PPTP GRE packets, this is set to 1.

Protocol Type (16 bits)

For PPTP GRE packets, this is set to hex 880B.

Key Payload Length (16 bits)

Contains the size of the payload, not including the GRE header.

Key Call ID (16 bits)

Contains the Peer's Call ID for the session to which the packet belongs.

Sequence Number (32 bits)

Present if the S bit is set; contains the GRE payload sequence number.

Acknowledgement Number (32 bits)

Present if the A bit is set; contains the sequence number of the highest GRE payload packet received by the sender.

Standards

RFC 1701: Generic Routing Encapsulation (GRE) (informational)
RFC 1702: Generic Routing Encapsulation over IPv4 networks (informational)
RFC 2637: Point to Point Tunneling Protocol (informational)
RFC 2784: Generic Routing Encapsulation (GRE) (proposed standard, updated by RFC 2890)
RFC 2890: Key and Sequence Number Extensions to GRE (proposed standard)
RFC 8086: GRE-in-UDP Encapsulation (proposed standard)

Related Research Articles

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address. For example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.

Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on labels rather than network addresses. Whereas network addresses identify endpoints, the labels identify established paths between endpoints. MPLS can encapsulate packets of various network protocols, hence the multiprotocol component of the name. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.

In computer networking, Point-to-Point Protocol (PPP) is a data link layer communication protocol between two routers directly without any host or any other networking in between. It can provide loop detection, authentication, transmission encryption, and data compression.

ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software.

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.

6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6) and a system that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks.

In computer networking, the Datagram Congestion Control Protocol (DCCP) is a message-oriented transport layer protocol. DCCP implements reliable connection setup, teardown, Explicit Congestion Notification (ECN), congestion control, and feature negotiation. The IETF published DCCP as RFC 4340, a proposed standard, in March 2006. RFC 4336 provides an introduction.

Internet Control Message Protocol version 6 (ICMPv6) is the implementation of the Internet Control Message Protocol (ICMP) for Internet Protocol version 6 (IPv6). ICMPv6 is an integral part of IPv6 and performs error reporting and diagnostic functions.

The Internet checksum, also called the IPv4 header checksum is a checksum used in version 4 of the Internet Protocol (IPv4) to detect corruption in the header of IPv4 packets. It is carried in the IP packet header, and represents the 16-bit result of summation of the header words.

IP in IP is an IP tunneling protocol that encapsulates one IP packet in another IP packet. To encapsulate an IP packet in another IP packet, an outer header is added with Source IP, the entry point of the tunnel, and Destination IP, the exit point of the tunnel. While doing this, the inner packet is unmodified. The Don't Fragment and the Type Of Service fields should be copied to the outer packet. If the packet size, including the outer header, is greater than the Path MTU, the encapsulator fragments the packet. The decapsulator will reassemble the packet.

An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). Packets consist of control information for addressing and routing and a payload of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer or link layer instead.

Generic Stream Encapsulation, or GSE for short, is a Data link layer protocol defined by DVB. GSE provides means to carry packet oriented protocols such as IP on top of uni-directional physical layers such as DVB-S2, DVB-T2 and DVB-C2.

References

1 2 S. Hanks; T. Li; D. Farinacci; P. Traina (October 1994). Generic Routing Encapsulation (GRE). Network Working Group. doi: 10.17487/RFC1701 . RFC 1701.Informational.
↑ US 7801021B1,Nikolaos Triantafillis; Robert J. Ordemann& Simon D. Barber,"Generic routing encapsulation tunnel keepalives",issued 2010-09-21, assigned to Cisco Technology Inc.
↑ S. Hanks; T. Li; D. Farinacci; P. Traina (October 1994). Generic Routing Encapsulation over IPv4 networks. Network Working Group. doi: 10.17487/RFC1702 . RFC 1702.Informational.
1 2 C. Pignataro; R. Bonica; S. Krishnan (October 2015). IPv6 Support for Generic Routing Encapsulation (GRE). Internet Engineering Task Force (IETF). doi: 10.17487/RFC7676 . ISSN 2070-1721. RFC 7676.Proposed Standard.
↑ E. Crabbe; E. Crabbet; T. Herbert (March 2017). L. Yong (ed.). GRE-in-UDP Encapsulation. Internet Engineering Task Force (IETF). doi: 10.17487/RFC8086 . ISSN 2070-1721. RFC 8086.Proposed Standard.
↑ G. Dommety (September 2000). Key and Sequence Number Extensions to GRE. Network Working Group. doi: 10.17487/RFC2890 . RFC 2890.Proposed Standard.
↑ D. Farinacci; T. Li; S. Hanks; D. Meyer; P. Traina (March 2000). Generic Routing Encapsulation (GRE). Network Working Group. doi: 10.17487/RFC2784 . RFC 2784.Proposed Standard. Updated by RFC 2890.
↑ K. Hamzeh; G. Pall; W. Verthein; J. Taarud; W. Little; G. Zorn (July 1999). Point-to-Point Tunneling Protocol (PPTP). Network Working Group. doi: 10.17487/RFC2637 . RFC 2637.Informational.

External links

Generic Routing Encapsulation, Subprotocol homepage at Cisco
Generic Routing Encapsulation Archived 2018-12-29 at the Wayback Machine , Entry in Cisco DocWiki (formerly known as the "Internetworking Technology Handbook")

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[rfc1701-1] 1 2 S. Hanks; T. Li; D. Farinacci; P. Traina (October 1994). Generic Routing Encapsulation (GRE). Network Working Group. doi: 10.17487/RFC1701 . RFC 1701.Informational.

[2] US 7801021B1,Nikolaos Triantafillis; Robert J. Ordemann& Simon D. Barber,"Generic routing encapsulation tunnel keepalives",issued 2010-09-21, assigned to Cisco Technology Inc.

[rfc1702-3] S. Hanks; T. Li; D. Farinacci; P. Traina (October 1994). Generic Routing Encapsulation over IPv4 networks. Network Working Group. doi: 10.17487/RFC1702 . RFC 1702.Informational.

[rfc7676-4] 1 2 C. Pignataro; R. Bonica; S. Krishnan (October 2015). IPv6 Support for Generic Routing Encapsulation (GRE). Internet Engineering Task Force (IETF). doi: 10.17487/RFC7676 . ISSN 2070-1721. RFC 7676.Proposed Standard.

[rfc8086-5] E. Crabbe; E. Crabbet; T. Herbert (March 2017). L. Yong (ed.). GRE-in-UDP Encapsulation. Internet Engineering Task Force (IETF). doi: 10.17487/RFC8086 . ISSN 2070-1721. RFC 8086.Proposed Standard.

[rfc2890-6] G. Dommety (September 2000). Key and Sequence Number Extensions to GRE. Network Working Group. doi: 10.17487/RFC2890 . RFC 2890.Proposed Standard.

[rfc2784-7] D. Farinacci; T. Li; S. Hanks; D. Meyer; P. Traina (March 2000). Generic Routing Encapsulation (GRE). Network Working Group. doi: 10.17487/RFC2784 . RFC 2784.Proposed Standard. Updated by RFC 2890.

[rfc2637-8] K. Hamzeh; G. Pall; W. Verthein; J. Taarud; W. Little; G. Zorn (July 1999). Point-to-Point Tunneling Protocol (PPTP). Network Working Group. doi: 10.17487/RFC2637 . RFC 2637.Informational.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]