GRE tunnel function

Unanswered Question
Apr 27th, 2007

The nature of GRE tunnel is that it ping the destination in one hop. What i want to know is how does the intermidieate routers does not acknoledge the GRE packet ? Can somebody explain me this ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Paolo Bevilacqua Sat, 04/28/2007 - 00:32


intermediate routes never "acknowledge" packets. They transmit packet from an interface to another. When they do this, the GRE tunnel works. if they don't, the tunnel does not work.

minumathur Sat, 04/28/2007 - 03:00


In GRE configuration , one ip address is gre interfacfe ip address and other is loopback ip address , when you have done properly routing , it will reach in single hop


Richard Burts Sun, 04/29/2007 - 04:33


I am not sure that I understand your question. Ping does not report hop count so I am not sure what you are asking when you say that ping appears to be one hop away. The question would make more sense if you asked about traceroute which does report hops.

If we make the question about traceroute then there is an explanation. If you do a traceroute to the address of the other end of the tunnel, the router builds a traceroute packet and sets the TTL so that it will time out at the next hop. The router then sends the traceroute packet over the GRE tunnel. Sending the traceroute packet over the GRE tunnel means that the router then encapsulates the packet in a new IP header and sends it over the outbound interface. This new IP header has normal TTL. The traceroute encapsulated inside a new header is sent through the network where the intermediate routers do decrement the TTL of the new header as normal (but does not see the TTL of the encapsulated traceroute) and forwards it since it has not yet decremented to zero. The destination router receives the packet, de-encapsulates the GRE, processes the traceroute packet, generates a response, which it sends back over the GRE tunnel. So the traceroute reports that the destination is 1 hop away, even though physically it went through many hops.



rajaajmer Tue, 05/08/2007 - 12:33

Thanks a lot for your answer, may i ask if this explanation is same with IPSEC tunnel as well ?



Richard Burts Tue, 05/08/2007 - 12:54


I am glad that my answer helped you.

Since IPSec also encapsulates the original packet in a new header, yes the explanation would be the same for IPSec tunnel which would make the routers on the ends of the tunnel appear to be 1 hop away from each other.




This Discussion