What is GRE and how does it differ from IP-in-IP?
In this article we will explain what GRE and IP-in IP tunnels and how they differ from one another.
What is Generic Routing Encapsulation (GRE)?
Generic Routing Encapsulation (GRE) is a simple protocol for encapsulating internet packets to route protocols over IP networks as defined by RFC 2784. It has been developed as a tool for conveying a tunneling OSI Layer 3 protocol over an IP network. In essence, the GRE creates a point-to-point private connection like a virtual private network (VPN).
Generic Routing Encapsulation works by encapsulating a payload - that is, an internal packet to be delivered to a destination network - within an outer IP packet. GRE tunnel endpoints send payloads into GRE tunnels for routing packets to other IP networks. Other IP routers along the path do not analyze the payload (the inner packet); they analyze the external IP packet as they send to the end of the GRE tunnel. After reaching the end point GRE tunnel encapsulation is removed and the payload is transmitted along its final destination.
In contrast to IP-in-IP, GRE tunnels have following advantages:
- GRE tunnels wrap multiple protocols on a single backbone protocol.
- GRE tunnels provide solutions for networks with limited hops.
- GRE tunnels connecting discontinuous subnets.
- GRE tunnels allow VPN wide area networks (WAN).
- Better support on devices and systems that miss-interoperate IP-in-IP packets or are unable to forward them.
- When using the optional tunnel identifier field can support up to 64K tunnels between two unique endpoints (IPv4 pairs)
- An optional checksum field can be utilized for integrity checking of the contained packet
- An optional sequence field for ensuring order of received packets is maintained over the tunnel, this may be useful for some UDP applications
The additional key field that is available in the GRE protocol can be used to provide additional tunnel authentication which increases security by increasing key-space which the 32-bit source address represents.
What is IP-in-IP?
IP-in-IP is an even simpler encapsulating protocol, using this technique IP packets are encapsulated only in an additional IP header. So unlike GRE tunnels an IP-in-IP tunnel cannot carry multicast traffic, other protocols or IPv6 between networks.
In contrast to GRE tunnels, IP-in-IP tunnels have the following advantages:
- Lower overhead due to less layers encapsulated
- Use of IP packets for encapsulation can allow for support (e.g. forwarding) on devices not supporting the GRE protocol
- Supports a single tunnel between two endpoints.
In modern times IP-in-IP has decreased in popularity as the overheads of GRE are minimal at best. However there remains niche applications where IP-in-IP remains in use.
Both protocols are supported natively on Linux and BSD via iputils. Windows does not support either natively, however with the aid of our Windows tunnel client (available to all customers) our customers are able to use either.
Unless you are encapsulating non-IP protocols, such as routing protocols or protocols used for research purposes IP-in-IP encapsulation is often a suitable protocol at a lower overhead to GRE, however GRE has slightly better security. Given that the overhead difference is minor we would recommend that if you can you use GRE instead of IP-in-IP encapsulation.