GRE Tunneling is an encryption method developed by Cisco Systems as a solution to the high costs of Ethernet trunking. It encodes a packet of data into a random key, rather than an IP packet. This random key is then negotiated between the two communicating networks and an encryption algorithm is used to encrypt the data before forwarding it on. This form of encryption is much more efficient than any other known.
The term ‘GRE’ (generalized forwarding encryption) refers to the method and it was first documented in 1994. Cisco has been using it for many years, and it is a part of all its products. The goal of generic routing encapsulation is to enable network devices to communicate with each other more efficiently and securely, both for internal operations and for external connections.
The idea behind this is to have one layer of encryption, which is much less complicated than the entire stack of layer one firewall filters. This is accomplished by having the Ethernet data packets go through an encryption generator, a pre-determined code which is then used in the destination network. An example of this is the MAC address, which is used by all wireless devices. These MAC address keying material can be generated at any time during the session, and is only altered at the end of the session, to prevent eavesdroppers from intercepting the confidential information. As long as there are no other firewalls or security measures in place to prevent this, encapsulation becomes very effective.
This is done at layer 2 of the routing protocols. The device must forward the packet of data to the destination address within the protected network. The client will receive an IP packet which has an embedded secret key which is only known by the network it is going to and only the owner knows it. All the while, this key is only known by the one device which is able to trace it back to the original source. Once this is known, it will use the MAC address and encrypt the packet before forwarding it on to the right destination.
This security measure, which is called the generic routing encapsulation, is also implemented in the WAN topology. In the case of the corporate world, it is applied mostly in BSD networks like the CCNA or the Cisco CCSA. With it, companies will be able to secure their internal network without worrying about whether they are performing the right procedures in securing their data. There are some disadvantages though. One of them is that it slows down the transfer of data packets.
In addition to that, it can also affect the rate at which the traffic can be captured. This is due to the fact that the WAN interface uses QoS (Quality of Service) which involves allowing some packets of data to be freely transmitted and received. If de-encapsulation happens to be applied to this type of WAN interface, the probability that some packets will be dropped becomes higher. At the same time, the probability of all the data packets being lost becomes higher. Thus, the rate at which the traffic is being captured may drop.
Another form of GRE de-encapsulation used in Ethernet are the bridged mode and the QoS (Quality of Service) modes. In the bridged mode, it enables both the user computers and the routers to perform the encryption and decryption operation in an inter layer. On the other hand, in the QoS mode, packets are allowed to cross between the two tunnels only once. This is done through the use of the QoS or Quality of Service commands.
There are still more types of GRE tunnel technology that are being developed. However, this is the major form of packet injection technology used in the network. It has proven to be very useful and efficient in many networking environments. GRE tunneling can also bring significant benefits to the network, as long as proper implementation and configuration of the software involved are performed.