GRE Tunnel

The_guroo_2 · ‎03-26-2008

quick question why would we use a GRE tunnel.....as its not encrypted so what is the major factor which force us to use GRE.....secondlu why we use null0......what is the benifit of routing a network to null0......i m v new to this as well....can someone help me out plz.....benifits etc....thnaks in advance....secondly

francisco_1 · ‎03-26-2008

you need to let us know what you are trying to do and what platform you are using.

There are different reasons why you would choose one VPN protocol over another when implementing a VPN connection. One big difference between the two that you mention, GRE , is that IPSEC can only pass IP traffic across the tunnel, while a GRE (Generic Routing Encapsulation) can pass multiple types of protocols across the tunnel that are encapsulated within IP. A good example of wanting to use GRE over IPSEC is if you need to pass routing protocol information across a tunnel. This can be done by encapsulating the routing protocol packets within IP packets, something that cannot be done with IPSEC.

Another capability that GRE has over IPSEC is that it can pass non-IP traffic such as IPX and Appletalk. If you have a heterogeneous network, then GRE may be employed to get different protocol types across VPN connections.

GRE tunnel would handle the routing protocol traffic. As far as being independent of one another, GRE and IPSEC are both tunneling protocols

francisco_1 · ‎03-26-2008

The null interface is the "bit bucket " or "black hole" interface. All traffic sent to this interface is discarded. It is most useful for filtering unwanted traffic, because you can discard traffic simply by routing it to the null interface . You could achieve the same goal using access lists, but access lists require more CPU overhead. If you have fairly simple filtering requirements, it may be more effective to route the offending traffic to the null interface

Jon Marshall · ‎03-26-2008

Hi

There are a number of uses for GRE tunnels

1) To transport a non-IP protocol across an IP network.

2) To transport multicast traffic across an IP network not supporting multicast - some MPLS providers don't.

3) To isolate one network from another eg. site 1 may have a dev network that is also in site2. But you you don't want all the dev routes on the rest of your network so you create a GRE tunnel between the 2 sites.

Routing to null0 is to often used to ensure there are no routing loops eg.

You have advertised a summary address from a router saying to get to anything in network 172.16.0.0/16 come to me. The assumption is that this router has all the more specific routes to subnets within the 172.16.0.0/16 network. When this summary route gets advertised on the originating router a route is entered into the routing table

ip route 172.16.0.0 255.255.0.0 Null0

If a packet arrives for a subnet contained within 172.16.0.0/16 but the router has no more specific route then the packet is routed to Null0 ie. it is dropped on that router.

If a packet arrives for a subnet contained within the 172.16.0.0/16 network and the router has a more specific route the packet is forwarded on.

Hope this makes sense

Jon

guruprasadr · ‎03-26-2008

HI Guroo, [Pls Rate if HELPS]

NULL0 Interface:

================

Refer link below for detailed explanation:

http://www.cisco.com/en/US/tech/tk364/technologies_tech_note09186a00801c9a6e.shtml

GRE Tunnel:

============

Yes, GRE Tunnel is not encrypted. The encryption can be added using IPSec methods. GRE will carry both IP & NON-IP Traffic.

In Normal Scenario the Usage of GRE Tunnel for a basic VPN or Tunnel over Internet-VPN is not recommend and it involves security risk.

Neverthless, in-case of MPLS-VPN Circuits using BGP, the GRE Tunnel is added to route traffic over the Tunnel. Since the MPLS Labels add's security to the Packet.

Tunnels are used for routing specific traffic pertain to certain destination over a Pipe.

Hope I am Informative.

Pls Rate if HELPS

Best Regards,

Guru Prasad R

royalblues · ‎03-26-2008

GRE tunnels provide virtual connections without hiding the communication.

The payload of the packet becomes the entire data payload for an IP tunnel carrier packet.

GRE is essentially a packaging protocol, intended to be able to package any protocol's packets into generic data packages that can be carried by any other protocol.

NUll0 routing is also referred to as blackhole routing i.e packet that are sent nowhere. It is basically used as a security feature as well sometimes for loop prevention

EIGRP for example would create a route to the null0 whenever you do summarization

HTH

Narayan

Danilo Dy · ‎03-26-2008

Hi,

One of the use of GRE Tunnel is to have a logical P2P link.

- This is useful in MPLS network, if for every new route that you add, you need to pay your service provider to add the route.

- This is useful when using Internet/VPN or MPLS as backup/redundant path with auto-failover

Uses of null0 interface

- Static route to null0 for loop prevention

- Blackhole

- Route summarization

Regards,

Dandy