On this page
|
| SUMMARY | |
| Protocol |
: |
Generic Routing Encapsulation |
| Protocol suite |
: |
TCP/IP |
| Layer |
: |
Network Layer |
| Type |
: |
encapsulation protocol |
| Ports |
: |
47 |
| Related protocols |
: |
IPv4 |
|
| DESCRIPTION |
The Generic Routing Encapsulation (GRE) protocol provides a mechanism for encapsulating arbitrary packets within an arbitrary transport protocol. In the most general case, a system has a packet that needs to be encapsulated and routed (the payload packet). The payload is first encapsulated in a GRE packet, which possibly also includes a route. The resulting GRE packet is then encapsulated in some other protocol and forwarded (the delivery protocol).
In the most general case, a system has a packet that needs to be encapsulated and delivered to some destination. We will call this the payload packet. The payload is first encapsulated in a GRE packet. The resulting GRE packet can then be encapsulated in some other protocol and then forwarded.
Overall packet
The entire encapsulated packet:
Delivery Header | GRE Header | Payload packet |
GRE header (version 0)
0 | 1 | 2 | 3 | 4 | 7 | 12 | 15 | 31 | C | R | K | S | s | Recur | Flags | Version | Protocol Type | Checksum (optional) | Offset (optional) | Key (optional) | Sequence Number (Optional) | Routing (Optional) |
- C, Checksum Present
The Checksum field is present and contains valid information if set. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present.
- R, Routing Present
If set then the Offset field is present and contains valid information. If either the Checksum Present bit or the Routing Present bit are set, the Checksum and Offset fields are both present.
- K, Key Present
If the Key Present bit is set to 1, then it indicates that the Key field is present in the GRE header. Otherwise, the Key field is not present in the GRE header.
- S, Sequence Number present
If the Sequence Number Present bit is set to 1, then it indicates that the Sequence Number field is present. Otherwise, the Sequence Number field is not present in the GRE header.
- s, Strict Source Route
The meaning of this bit is defined in other documents. It is recommended that this bit only be set if all of the the Routing Information consists of Strict Source Routes.
- Recur, Recursion Control
Recursion control contains a three bit unsigned integer which contains the number of additional encapsulations which are permissible. 0 is the default.
- Flags
These bits are reserved and must be transmitted as 0.
- Version
GRE protocol version. Must be cleared to 0.
- Protocol
Contains the protocol type of the payload packet. In general, the value will be the Ethernet protocol type field for the packet. Additional values may be defined in other documents.
- Checksum
Optional. Contains the IP (one's complement) checksum of the GRE header and the payload packet.
- Offset
Optional. Indicates the byte offset from the start of the Routing field to the first byte of the active Source Route Entry to be examined.
- Key
Optional. Contains a number which was inserted by the encapsulator. It may be used by the receiver to authenticate the source of the packet.
- Sequence Number
Optional. Contains a number which is inserted by the encapsulator. It may be used by the receiver to establish the order in which packets have been transmitted from the encapsulator to the receiver.
- Routing
The Routing field is present only if the Routing Present bit is set to 1. It is a list of Source Route Entries (SREs). Each SRE has the form:
15 | 23 | 31 | Address Family | SRE Offset | SRE Length | Routing Information |
- Address Family
Indicates the syntax and semantics of the Routing Information field. The values for this field and the corresponding syntax and semantics for Routing Information are defined in other documents.
- SRE Offset
Indicates the byte offset from the start of the Routing Information field to the first byte of the active entry to be examined.
- SRE Length
The number of bytes in the SRE. If set to 0, this indicates this is the last SRE in Routing.
- Routing Information
Contains data which may be used in routing this packet.
GRE header (version 1)
The GRE header used in PPTP is enhanced slightly from that specified in the current GRE protocol specification. The main difference involves the definition of a new Acknowledgment Number field, used to determine if a particular GRE packet or set of packets has arrived at the remote end of the tunnel. This Acknowledgment capability is not used in conjunction with any retransmission of user data packets. It is used instead to determine the rate at which user data packets are to be transmitted over the tunnel for a given user session.
0 | 1 | 2 | 3 | 4 | 7 | 8 | 12 | 15 | 31 | C | R | K | S | s | Recur | A | Flags | Version | Protocol | Payload Length | Call ID | Sequence Number | Acknowledgment Number |
- C, Checksum Present
Cleared to 0.
- R, Routing Present
Cleared to 0.
- K, Key Present
Set to 1.
- S, Sequence Number present
Set if a payload packet is present. Cleared if a payload packet is not present (GRE packet is an Acknowledgment only).
- s, Strict Source Route
Cleared to 0.
- Recur, Recursion Control
Set to 0.
- A, Acknowledgment sequence number present
Set to one if the packet contains an Acknowledgment Number to be used for acknowledging previously transmitted data.
- Flags
Must be set to 0.
- Version
Must be set to 1.
- Protocol
Always 0x880B. Contains the protocol type of the payload packet.
- Payload Length
Size of the payload not including the GRE header.
- Call ID
Contains the Peer's Call ID for the session to which this packet belongs.
- Sequence Number
Optional. Contains the sequence number of the payload. This field is present only if the S bit is set.
- Acknowledgment Number
Contains the sequence number of the highest numbered GRE packet received by the sending peer for this user session. This field is present only if the A bit is set.
GRE over IPv4 networks
When IPv4 is being carried as the GRE payload, the Protocol Type field must be set to 0x800.
When a tunnel endpoint encapsulates a GRE packet which has an IPv4 packet as the payload, the destination address in the IPv4 payload packet header MUST be used to forward the packet and the TTL of the payload packet must be decremented. Care should be taken when forwarding such a packet, since if the destination address of the payload packet is the encapsulator of the packet (i.e., the other end of the tunnel), looping can occur. In this case, the packet must be discarded.
The IPv4 protocol 47 is used when GRE packets are encapsulated in IPv4.
Security in a network using GRE should be relatively similar to security in a normal IPv4 network, as routing using GRE follows the same routing that IPv4 uses natively. Route filtering will remain unchanged. However packet filtering requires either that a firewall look inside the GRE packet or that the filtering is done on the GRE tunnel endpoints. In those environments in which this is considered to be a security issue it may be desirable to terminate the tunnel at the firewall.
|
 Top of Page
|
| EXAMPLES |
|
|
Top of Page
|
| PROTOCOL RELATIONS |
■ Parent layer
■ Child layer
|
Top of Page
|
| GLOSSARY |
|
Encapsulation
In programming, the process of combining elements to create a new entity. For example, a procedure is a type of encapsulation because it combines a series of computer instructions. Likewise, a complex data type, such as a record or class, relies on encapsulation. Object-oriented programming languages rely heavily on encapsulation to create high-level objects. Encapsulation is closely related to abstraction and information hiding.
GRE
Generic Routing Encapsulation (GRE) is an internet based term applied to the encapsulation of IP datagrams tunneled through the internet. The encapsulation includes security, typically in the form of IPSec, and is most commonly found in VPN (Virtual Private Network) implementation.
IPv4
IPv4 is version 4 of the Internet Protocol (IP). It was the first version of the Internet Protocol to be widely deployed, and forms the basis for most of the current Internet. IPv4 uses 32-bit addresses, limiting it to 4,294,967,296 unique addresses, many of which are reserved for special purposes such as local networks or multicast addresses, reducing the number of addresses that can be allocated as public Internet addresses.
PPTP
Point-to-Point Tunneling Protocol (PPTP) is a new technology for creating Virtual Private Networks (VPNs) , developed jointly by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies, known collectively as the PPTP Forum. A VPN is a private network of computers that uses the public Internet to connect some nodes. Because the Internet is essentially an open network, the Point-to-Point Tunneling Protocol (PPTP) is used to ensure that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their corporate network via the Internet.
Payload packet
In the most general case, a system has a packet that needs to be encapsulated and delivered to some destination. We will call this the payload packet. The payload is first encapsulated in a GRE packet.
TTL
TTL (Time to Live) is a field in the Internet Protocol (IP) that specifies how many more hops a packet can travel before being discarded or returned.
|
Top of Page
|
| REFERENCES |
RFCs:
[ RFC 1701] Generic Routing Encapsulation (GRE).
[ RFC 1702] Generic Routing Encapsulation over IPv4 networks.
[ RFC 2637] Point-to-Point Tunneling Protocol (PPTP).
[ RFC 2784] Generic Routing Encapsulation (GRE).
[ RFC 2890] Key and Sequence Number Extensions to GRE.
[ RFC 3095] RObust Header Compression (ROHC): Framework and four profiles: RTP, UDP, ESP, and uncompressed.
[ RFC 3147] Generic Routing Encapsulation over CLNS Networks.
|
Top of Page
|
| OTHER PROTOCOLS OF TCP/IP SUITE |
|
|
|
|
|
