GRE - Tunnel Interface

Discussion in 'Cisco' started by Darren Green, Mar 15, 2005.

  1. Darren Green

    Darren Green Guest

    I am trying to grasp the purpose of the 'interface tunnel#' command, where #
    = the specific number of the interface I assign.

    I understand how to configure the interface and that I need a Tunnel Source
    & Destination address. I note that I would have a LAN Ip address and a WAN
    Ip address. I simply want to understand the relevance of the Tunnel
    Interface command as it clearly doesn't route traffic.

    My colleague explained that it is needed to allow the router to use the
    specific method of encapsulation e.g. GRE.

    Has anyone go a really good WWW site that they could point me at, or,
    provide a more detailed explanation.

    Darren Green, Mar 15, 2005
    1. Advertisements

  2. Darren Green

    RobO Guest

    Hi Darren!

    It definitely routes traffic!!!
    As far as I am aware today its mostly used in MultiPoint
    Hub-and-Spoke/Spoke-to-Spoke Dunamic Multipoint GRE/IPSEC VPN's.(DMVPN)
    This allows for mutlicast and broadcast traffic to be encapsulated and
    sent across the tunnel through the virtual interface IPSEC protected,
    whereas standard site-to-site IPSEC VPN's
    won't do that...please correct me if I'm wrong.
    But definitely routes traffic.
    One can setup a site-to-site GRE tunnel and then you encrypt the

    Check the link out for some more technical definitions....

    RobO, Mar 15, 2005
    1. Advertisements

  3. Darren Green

    Merv Guest

    Tunneling provides a way to encapsulate arbitrary packets inside a
    transport protocol. This feature is implemented as a virtual interface
    to provide a simple interface for configuration. The tunnel interface
    is not tied to specific "passenger" or "transport" protocols, but
    rather, it is an architecture that is designed to provide the services
    necessary to implement any standard point-to-point encapsulation
    scheme. Because tunnels are point-to-point links, you must configure a
    separate tunnel for each link.

    Tunneling has the following three primary components:

    Passenger protocol, which is the protocol that you are encapsulating
    (AppleTalk, Banyan VINES, CLNS, DECnet, IP, or IPX)
    Carrier protocol, which is one of the following encapsulation
    Generic route encapsulation (GRE), Cisco's multiprotocol carrier
    Cayman, a proprietary protocol for AppleTalk over IP
    EON, a standard for carrying CLNP over IP networks
    NOS, IP over IP compatible with the popular KA9Q program
    Distance Vector Multicast Routing Protocol (DVMRP) (IP in IP tunnels)
    Transport protocol, which is the protocol used to carry the
    encapsulated protocol (IP only)

    One of the most common uses of GRE tunnels is for VPNs over the
    IP traffic with private address gets encasuplated in packet that has
    routable public IP address. That what the tunnel source and tunnel
    destionation confiuration commands are for.

    And these GRE tunnels are defintiely for routing traffic
    Merv, Mar 15, 2005
  4. Darren Green

    Darren Green Guest

    Thanks for the replies.

    I am starting to understand a little better now. I was happy with the fact
    that the Tunnel routed traffic between networks, my confusion was that the
    actual Tunnel Interface seemed to be doing nothing.

    On a given router I was trying to picture the interfaces (logical &

    Interface Ethernet -----Interface Tunnel#----Interface Tunnel
    Source-----Interface WAN----Tunnel Destination

    Whilst I could picture that data left the Tunnel Source 'interface' en route
    to it's destination, I made the mistake of thinking that data left the
    Ethernet onward somehow via the Tunnel# interface before hopping out of the
    Source Interface to it's destination. Confusing me even more was the fact
    that each of the above networks can have completely different subnet ranges.

    It's a difficult concept to grasp.


    Darren Green, Mar 15, 2005
  5. Darren Green

    Merv Guest

    Yes it is a bit difficult to concetualize.

    A tunnel interface is a logical interface which causes an extra IP
    header to be added to a packet that goes into the tunnel.

    An tunnel encapsulated packet will be routed out the physical interface
    that has the best route to tunnel destination IP address.
    Merv, Mar 16, 2005
  6. Darren Green


    Oct 4, 2010
    Likes Received:
    hey i have a very basic doubt, why should i use gre protocol to make packet routable. I could directly use ip header over it and give a next protocol field as something useful.
    I dont get why do we need to use gre for that.
    prateek, Oct 4, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.