Communication between two private networks is not possible as the ISP is not aware of the private IP and moreover ACL is created on the ISP side which denies the private network. However, we can make communication possible with GRE.
- It stands for Generic Router Encapsulation.
- GRE is a Layer 3 Protocol.
- It uses IP Protocol number 47.
- It adds 24-byte extra information.
In the above diagram, there are two private networks 10.1.1.0/24 and 10.1.2.0/24 at respective site A and B. Router 1 and Router 2 is connected to the ISP with public IP 220.127.116.11/24 and 18.104.22.168/24 respectively.
Configure PAT on R1 and R2 which translate the private IP into public IP. When user 10.1.1.1 ping 10.1.2.1, the router translates source 10.1.1.1 to 22.214.171.124 but the destination remains the same 10.1.2.1. A default route is configured on the router towards the ISP. As the packet reaches ISP, it gets dropped as ISP does not have any information about the private IP.
To overcome this problem, we create a tunnel interface with a private IP, specify the tunnel source and destination IP. Configure static routes 10.1.2.0/24 and 10.1.1.0/24 towards the tunnel interface on routers 1 & 2 respectively. A default route is still configured towards the ISP.
[NOTE- Tunnel source will be wan link IP and destination will be another end wan IP.]
Requirements for GRE Tunnel
- WAN link should be reachable.
- WAN IP should be static.
Configuration on Router
[NOTE- Tunnel source will be wan link IP and de]
When user 10.1.1.1 ping 10.1.2.1, traffic goes to the gateway which is a router. Router 1 check the routing table and the longest prefix gets a match with the static route, so the router forwards the packet towards the tunnel interface. Then tunnel interface adds an extra IP header with the Packet of 24 bytes. The new IP header source will be the tunnel source and the destination will be the tunnel destination.
Again, a router looks in the routing table destination IP 126.96.36.199 matches with the default route. The packet gets forwarded towards the ISP. ISP opens extra IP header see the destination as 188.8.131.52 which is public IP so it forward towards R2.
R2 open external IP header accepts at 184.108.40.206. Then open the internal header sees it as 10.1.2.1 and forward it to the LAN.
We can enable routing protocol and advertise the private network over the ISP instead of giving a static route towards the tunnel interface. Neighborship will be formed on the tunnel interface.
Configuration on Router
EIGRP hello message will forward out of tunnel interface, adding extra IP header as below.
Now advertise the LAN network in eigrp.
The routing table of R2
Drawbacks of GRE
- GRE tunnel is a point to point
- GRE is not scalable
- Require static WAN IP on each site which will be costly
NOTE: – If a LAN network wants to communicate with 50 other private networks. Then 50 such tunnels need to be created which will increase administrative work. So, GRE is not a scalable solution.
In the next blog, we are going to discuss DMVPN Phase 1,2, and 3.
There is a lot of information about GRE, that you can read here
Zindagi Technologies is an IT consulting company having engineers with decades of experience in planning, designing, and implementing Data Centers along with Managed IT Services, cybersecurity, and cloud services. If you want to avail yourself of any of the mentioned services, we are just a call away give us a call or WhatsApp us on +91 97739 73971. You can reach out to us on our mail too.