Add to Cart
GRE Tunneling Protocol with IPSec in Network Packet Broker Protect
Multicast Data
GRE Tunneling Protocol Identify Technology in Network Packet Broker
Supported automatically identify various tunneling protocols such
as GTP / GRE / PPTP / L2TP / PPPOE. According to the user
configuration, the traffic output strategy can be implemented
according to the inner or outer layer of the tunnel
What is GRE Tunneling Protocol?
GRE(Generic Routing Encapsulation)can encapsulate Data packets of
some network layer protocols (such as IPX, ATM, IPv6, AppleTalk,
etc.) so that these encapsulated data packets can be transmitted in
another network layer protocol (such as IPv4).GRE provides a
mechanism for encapsulating messages of one protocol in another. It
is a three-layer tunneling technique that allows messages to be
transmitted transparently through the GRE tunnel, solving the
transmission problem of heterogeneous networks.
GRE implementation mechanism is simple, the tunnel at both ends of
the equipment burden.The GRE tunnel can connect to the local
network of various network protocols through the IPv4 network,
effectively utilizing the original network architecture and
reducing the cost.The GRE tunnel extends the scope of hop-limited
network protocols to enable flexible enterprise network
topologies.The GRE tunnel can encapsulate multicast data and ensure
the security of voice, video and other multicast services when
combined with IPSec.GRE tunnel support enables MPLS LDP. GRE tunnel
is used to carry MPLS LDP messages, LDP LSP is established, and
MPLS backbone network is interoperable.The GRE tunnel connects
discrete subnets and is used to set up VPNS for secure connections
between corporate headquarters and branches.
The protocol responsible for forwarding encapsulated packets is
called the transport protocol.
GRE header | Fields Explain |
C | Check and verify bits |
K | Keyword bits. |
Recursion | Represents the number of encapsulated layers of a GRE message. Add
1 to this field after completing a GRE package. Discard the text if
the number of packages is greater than 3.The purpose of this field
is to prevent messages from being encapsulated an infinite number
of times. |
Flags | Reserved fields. Must be set to 0 currently |
Version | Version field. It has to be 0 |
Protocol Type | Identifies the protocol type of passenger agreement. The common passenger protocol is the IPv4 protocol with the protocol code 0x0800 |
Checksum | Checksum fields for GRE headers and their loads. |
Key | Keyword field, the tunnel receiver is used to verify the received message. |
Network Packet Broker Tuneling Label stripping at GRE Application
Scenarios
1) Multi-protocol local network can be transmitted through this GRE
tunnel
As shown in the figure above, Term1 and Term2 are local networks
running IPv6, while Term3 and Term4 are local networks running IP.
Subnetworks in different regions need to communicate with each
other through the common IP network.Term1 and Term2, Term3 and
Term4 can communicate independently through a tunnel encapsulated
in the GRE protocol between Router_1 and Router_2.
2) Use GRE to expand the scope of network work with limited hops
In the figure above, the network runs the IP protocol, assuming
that the IP protocol limits the number of hops to 255. If the
number of hops between two PCS exceeds 255, they will not be able
to communicate.Select two devices in the network to create the GRE
tunnel, which can hide the number of hops between devices, thus
expanding the network's working range.
For example, a RIP route with 16 hops indicates that the route is
unreachable.At this point, the GRE tunnel can be established on the
two devices to realize the logical direct connection, so that the
RIP routing hops through the GRE tunnel can be reduced to below 16
to ensure the routing is accessible.
3) GRE is combined with IPSec to protect multicast data. IPSec is
IP Protocol Security.
The GRE can encapsulate multicast data and transmit it in the GRE
tunnel.
As shown in the figure above, in the application of GRE over IPSec
tunnel, if multicast data needs to be transmitted in IPSec tunnel,
GRE tunnel can be established first, GRE encapsulation of multicast
data can be carried out, and then IPSec encryption can be carried
out on the encapsulated message, so as to realize encrypted
transmission of multicast data in IPSec tunnel.
What kind Network Packet Broker and Network Taps support Tunneling Protocol Identify Technology?
Network Packet Broker Specification and Module Type
Component type | Product Model | Basic Parameter | Remarks |
Chassis | NTCA-CHS-7U7S-DC | Height:7U,7 slots, ATCA Chassis, double star 100G backplane, 3 high voltage DC(240VDC~280VDC) input,3* 2+1 redundant 3000W power modular | Must choose one |
NTCA-CHS-7U7S-AC | Height:7U,7 slots, ATCA Chassis, double star 100G backplane, 3 high voltage AC(240VDC~280VDC) input,3* 2+1 redundant 3000W power modular | ||
Service card | NT-TCA-SCG10 | 100G exchange card,10*QSFP28 interface | Choose according to actual business needs |
NT-TCA-CG10 | 100G service card,10*QSFP28 interface | ||
NT-TCA-XG24 | 10G service card,24*SFP+ interface | ||
NT-TCA-RTM-CG10 | 100G RTM card,10*QSFP28 interface | ||
NT-TCA-RTM-EXG24 | 10G RTM card,24*SFP+ interface | ||
TCA Visibility Embedded software system | NT-TCA-SOFT-PKG | must |