Generic Routing Encapsulation

GRE tunnels are used to hide the complexity of network. It works exactly like VPN tunnel and the only difference between GRE & VPN is encryption. As GRE does not do encryption, it sends data in plaintext.

Question: The question is why do we bother to use this if it does not support encryption and work exactly like VPN?

Answer: The answer is that we use this because it is easier and it does not requires complex configuration as VPN does.

GRE is used in a scenario where you have your home network and you have your office network. You need to get connected to the office network but there is ISP between you and you loss the control over data that goes to the ISP. We use this to hide the ISP and connect routers directly by making a tunnel. We can run the routing protocols such as EIGRP and OSPF to perform routing over GRE tunnel, so the router does not know the intermediary network which is ISP.

image002

This is the network diagram where we only control R1 and R6 and all the other intermediary routers belong to ISP. Now what I can do to hide this ISP is make a GRE tunnel and then the R1 and R6 will not know whether there are other hops in between us.

We can go very simple by just make one tunnel, or we can go harder to make two tunnels, do the load balancing and other things.

Note: We know the RIP has 15 hops count and the data gets destroyed beyond 15 hops, so we can also use GRE here to hide all the routers and run RIP.

GRE has many features excluding security .

Before configuring GRE lets run a traceroute from R6 to make sure all the intermediary routers are visible and no tunnel has been established.

image004

Configuration

First we need to create the tunnel interface, it is a virtual interface. Keep in mind that the tunnel is created on the public IP, the IP that is given to you by your ISP. We are using private because it is a lab not a real world scenario.

image006

image008

Now I have to assign IP address, source of the tunnel, destination of the tunnel, and MTU. MTU is needed to be defined because GRE takes some extra bytes for its processing.

image010

I am all done with R1 now I need to move to R2 and do the same with opposite IP addresses.

image012

Note that the tunnel interface ID could be different at both ends but MTU has to match.

Now we are good with tunnels but we still have to hide the intermediary network the ISP. This is done by running a routing protocol and specifically configuring the protocol on interfaces not on networks, because if we run the protocol on networks there will be collision between tunnel network and the ISP network and the networks will go up and down as called route flapping.

image014

Look we configured the OSPF on just interfaces not on networks.

We have to do the same thing on R6 as well.

image016

There is another this that we see the two bandwidths on tunnel interface.

image018

The line bandwidth is being shown of 100Kb and the tunnel bandwidth as 8000 Kb.

We can change the bandwidth but keep in mind that the bandwidth does not change the actual bandwidth if you have a low bandwidth supportive link. Meaning that if you have 100 Mb link and you change the bandwidth on the router to 1 Gb, it will do not affect the actual bandwidth rate.

image020

Now after configuring all the components lets do another traceroute.

image022

Notice that we have hidden all the intermediary and connected through a tunnel.

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo