Generic Routing Encapsulation (GRE) Tunnel Defined
What is a GRE tunnel? Let's begin with a technical definition. Generic routing encapsulation (or GRE) is a communication protocol. You can use it to share data directly through network nodes, rather than over the public network. That communication happens through a GRE tunnel.
You might use a GRE tunnel to communicate with a device (like a router) that is incompatible with your computer. Or you might use a GRE tunnel to ensure that a message gets to a recipient despite any protocol challenges you think might exist, even if you're not sure.
But hackers can also use GRE tunnels in sophisticated attacks that take down critical systems for days. If you choose to either use or accept tunnels, you should understand the risks.
GRE explained
To break down what a GRE tunnel is and how it works, we'll need to define a few critical terms.
Any GRE protocol involves:
- Nodes: A device that can accept or send information (like computers, routers, printers, and switches) is a node.
- Packets: Information sent from one device to another is split into packets.
- Headers: Each packet contains a header with information about the sender, the recipient, and the order of the message.
- Payload: The payload includes important contents of the message.
During GRE, a data packet essentially gets wrapped up inside a new packet. The payload never changes, but the process adds two headers.
- Identification: This header notifies recipients that they're dealing with a GRE packet.
- Directions: The second header includes source and recipient information.
With encapsulation complete, GRE tunnelling can begin. Think of this as a form of direct, protected communication between two nodes. Even if the packet must zoom past other nodes, it's never inspected or held up along the way. It moves swiftly to the target.
GRE tunnel setup explained
In most cases, you'll set up a GRE tunnel by tapping into your router setup. But you'll need two pieces of information to get started.
GRE tunnels rely on:
- Your IP address. This isn't the same as a human-friendly web address (like www.okta.com/au/). An IP address is made up of numbers and decimals.
- Your recipient's IP address. You'll need that same data for the node you want to connect to.
GRE standards were set up by the Network Working Group back in 2000. Developers can look over this very technical document and understand just how to set up new headers and configure messages to move through without disruption.
GRE protocols at work: an example
Many of us deal with incompatible devices. For example, Google Nest users dealing with low batteries or power issues may be dealing with an incompatibility issue. Typically, solving that means buying new equipment. But what if there was another way?
If you know the IP address of your target server, you could reconfigure your router and send your messages along, even if you never buy one new thing to smooth the process.
In essence, you'll trick your incompatible devices into believing that they can get along nicely and communicate like old friends. You'll wrap your messages in the proper code and experience no delays.
Let’s give a simplistic example to describe how this works. You have a package tied to the back of your bicycle that you need to get to the post office across the river. Unfortunately, no bridge exists, and your bike can't ride across the water. But you can put your bike on a ferry. Doing so doesn't mean changing your package or your bike. You just wrap your package in another system for the journey.
GRE protocols in computing work much the same way (with a lot more coding, of course).