GRE tunnels

Unanswered Question
Oct 30th, 2007

Hi all, can anyone tell me what these are, and why do people use them ? are they used over the internet or Wan ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ellis_b Tue, 10/30/2007 - 08:09

you can use them over both. I use a GRE tunnel from my house to my office to pass my VoIP traffic, whereas I pass my other data traffic through an IPSEC AES tunnel. The GRE tunnel has MUCH LESS overhead/latency than the IPSEC tunnel.


rajatsetia Tue, 10/30/2007 - 08:46

Tunnel as the word suggest is kind of virtual path defined (defined a virtual tunnel) in a shared network.

Now Internet is a shared network and WAN can also be shared network e.g. for diferent offices. So usage depend on need and can be used anywhere be it wan or internet.

In order to use isolate the defined traffic over a shared network you various tunneling techniques.

we can use GRE or IPSEC or both to make tunnel between two gateways, as Brad said , GRE has much less overhead than IPSEC tunnel but GRE only do the encapsulation and it does not provide the data encryption.

One of very frequent use of GRE is where you have to use routing protocols over the tunnel. As IPSEC doesnt support multicast ( most of the protocol talk over multicast) so GRE tunnel is deployed in order to use routing protocol.


rate if it helps.

carl_townshend Tue, 10/30/2007 - 10:28

so do they act the same as a site to site vpn without the encryption ? are they easy to set up ?

rajatsetia Tue, 10/30/2007 - 15:10

yes, you can say that gre tunnel is vpn without encryption.

easy setup is kind of relative term and if you say if they are easy to setup then ipsec, then i would say yes.


rate if it does


carl_townshend Mon, 11/05/2007 - 03:27

i cannot see why you would use them over the internet as they have no encryption, does isps use them, can you give me an example of the setup ?

rajatsetia Thu, 11/08/2007 - 07:16


you are quite right, mostly GRE+IPSEC has been used to built VPN tunnel over internet basically where they need GRE advantages with encryption.

about service provider, in my point of view , i donnt think so anybody is using pure gre tunnel over the internet.

but yeah they can use gre tunnel within their network to isolate various type of traffic.

below are the various doc which will give enuf information

IPSEC+GRE Tunnel, here they have used different devices for IPSEC and GRE, but you can have both on single device.

sorry, previously i have given wrong example of using gre in provider network, that has more to do with VRF in GRE tunnel ..


rate if does help



This Discussion