How GRE Tunnels Work | VPN Tunnels Part 1
Рет қаралды 95,516
Күн бұрынHow GRE Works | VPN Tunnels | Computer Networking | Part 1
Have you ever wondered “How does a GRE Tunnel work?” “How do I encrypt GRE” “What are the best practices for improving GRE Stability?” If you answered yes to any of these questions, then this series is for you!
#GRE (Generic Routing Encapsulation) tunnels are one of the most versatile tools available to a network engineer.
They are a #VPN that can be used to tunnel through the internet, create virtual site to site WAN’s, bypass networks, run routing protocols like OSPF, EIGRP, and BGP, avoid RIP hop count issues, migrate to IPv6, and connect to DDoS scrubbers.
A pair of routers will build a tunnel between VTI’s (Virtual Tunnel Interfaces). This passes through a network called the underlay network. The underlay is transparent to traffic passing through the tunnel. The tunnel is the overlay network.
GRE added extra headers to the original packet. This leaves the original packet untouched while the encapsulated packet travels through the underlay. Remember to watch out for MTU and MSS!
Try it yourself in the lab!
networkdirection.net/labsandq...
GRE TUNNELS SERIES
Part 1: How GRE Works - See the encapsulation process, as a packet moves from one side of the network to another - • How GRE Tunnels Work |...
Part 2: GRE Encryption with IPSec - GRE is not encrypted by default! See the basics of IPSec, and how we can use it with GRE tunnels - coming September 7th 2018
Part 3: Improving GRE Stability - There are a few pitfalls to watch out for, including recursive routing. See some of the best practices that you can apply to make your tunnel stable - coming September 21st 2018
Thanks for watching Network Direction! Be sure not to miss out on Part 2 and 3 of our GRE Tunnel Series by subscribing here: goo.gl/Z9bk72
For more information, have a look at networkdirection.net/GRE+Tunnels
This video is useful for #Cisco #CCNA and #CCNP certifications
Be sure to check out our other Networking videos:
VxLAN Series: goo.gl/RjDuya
Network Direction Official Playlist: goo.gl/QGikwC
LET'S CONNECT
🌏 / networkdirection
🌏 / netwrkdirection
🌏 / networkdirection
🌏 / networkdirection
🌏 www.networkdirection.net
@TheLithGH 4 жыл бұрын
Thanks for creating and sharing with us!! Perfect explanation for us that are new to GRE!!! Cheers!
@PR-cn5bb 5 жыл бұрын
Finally some quality tutorials, great work!
@NetworkDirection 5 жыл бұрын
I appreciate the feedback Pawel, thanks!
@oliver1121 5 жыл бұрын
It is so weird how perfectly timed these videos are coming out to my studying. When I was looking into learning VRF's you released an excellent video series on VRF's. Now when I want to brush up on VPN's you release this video at the perfect time. Keep up the awesome work! Hopefully the next series will be MPLS.
@NetworkDirection 5 жыл бұрын
That is uncanny! I have been thinking about basic MPLS as a series. Won’t be next, but hopefully soon
@GamjaField 5 жыл бұрын
LOL same 😂
@NetworkDirection 5 жыл бұрын
Nice!
@namratatiwari1588 4 жыл бұрын
Best video on GRE ! Surfed over 5-6 videos before landing to this.
@teamstandyteamstandy9830 3 жыл бұрын
Very simple, high level overview of what a GRE tunnel is/does. Well done. Thank you!
@NetworkDirection 3 жыл бұрын
You're welcome!
@slamtoo11 4 жыл бұрын
Just saw this video after I had a question in CCNA about GRE. This is amazing. Thank you for putting this together.
@Neon-nv4oy 19 күн бұрын
May I ask what you're doing in life now with a bit over 4 years in the field ? (if you stuck to the field ofc) I just wanna get an idea
@DileepKumarMB 8 ай бұрын
Overlay network using GRE Tunnel- nicely explained, Thanks
@Jderama100 5 жыл бұрын
Thank you, very clear and easy to understand. Please continue to make videos like this - highly appreciate it.
@NetworkDirection 5 жыл бұрын
You're welcome! I'm currently working on extending this with DMVPN
@weaselfeet 5 жыл бұрын
This was fantastic, looking forward the the encryption component,
@NetworkDirection 5 жыл бұрын
I aim to please 😁
@varunkashyap5644 3 жыл бұрын
thanks buddy for creating this series. i read a lot but could not get through before , but today atlast i got. keep making such videos
@NetworkDirection 3 жыл бұрын
It's so good to hear that these videos are helping you
@jaronprovidence9484 4 жыл бұрын
Awesome video, thanks!
@mahendrakumarsahu4395 4 жыл бұрын
Awesome !!! I like very much the animated explanation ♥️ Thank you Sir
@NetworkDirection 5 жыл бұрын
Read more here: networkdirection.net/GRE+Tunnels Try the lab here: networkdirection.net/labsandquizzes/labs/lab-gre-tunnels/
@muhammadsiddique5892 5 жыл бұрын
Great Explanation.. Thanks.
@pin-fatsh9553 5 жыл бұрын
Thanks for this well-explained nuggets :)
@NetworkDirection 5 жыл бұрын
You're very welcome!
@TheMaro57 Жыл бұрын
I have no idea what you're talking about but you're better than a college professor definitely...
@Zbenesch 4 жыл бұрын
Nicely done!
@steveshawcross 6 ай бұрын
Good and simple explanation !!
@Amsj1166 4 жыл бұрын
Wow very nicely explained
@yusefskaff47 4 жыл бұрын
Excellent explanation!! I appreciate that 👍🏼
@NetworkDirection 4 жыл бұрын
Glad it was helpful!
@tommclaughlin7179 4 жыл бұрын
Thank you for simplifying gre!
@NetworkDirection 2 жыл бұрын
My pleasure!
@TheVillageShow 2 ай бұрын
Very beautiful. Thankyou so much 🎉🎉
@DDJThomas01 5 жыл бұрын
Another great explaination!
@NetworkDirection 5 жыл бұрын
Thanks Daniel! So happy that it makes sense. Looking forward to seeing GRE tunnels with IPSec?
@DDJThomas01 5 жыл бұрын
@@NetworkDirection Definitely! Always enjoy your well presented and explained videos
@alexandercullum6632 2 жыл бұрын
super helpful video, thank you!
@NetworkDirection Жыл бұрын
Good to hear, thanks!
@peterruppert7856 2 жыл бұрын
Thank you so much!!! Great video!!
@NetworkDirection 2 жыл бұрын
You're welcome!
@EpisonicProject Ай бұрын
Amazing video I understand gre now
@user-qo8js3qk5z 3 жыл бұрын
Excellent video thank you so much for the breakdown.
@NetworkDirection 2 жыл бұрын
Glad to help!
@noelgriffiths7561 3 жыл бұрын
I am currently learning CCNP Enterprise Encor and found this video series on 'GRE' along with the 'VXLan' and 'VRF' videos very informative with clear explanations. Thank you for posting these videos, will you be posting any others that will be helpful with the CCNP Enterprise course?
@samsonv9332 Жыл бұрын
Awesome explanation, thanks!
@NetworkDirection Жыл бұрын
Glad you enjoyed it!
@Robertorossell 3 жыл бұрын
Thanks great material
@mmobini1803 8 ай бұрын
Thank you!
@mdsameer2774 3 күн бұрын
very good. Keep going,
@ahmedareem9599 3 жыл бұрын
man, that's a fantastic video!
@NetworkDirection 3 жыл бұрын
Thanks!
@allien5329 5 жыл бұрын
best explained !!!
@NetworkDirection 2 жыл бұрын
Thank you!
@markusscott6696 4 жыл бұрын
It is a nice explanation of packet encapsulation (starts from 6 min), but i dont understand where is the role of a tunnel - 192.168.1.0 network???
@narendrajayram1317 5 жыл бұрын
great explanation!
@NetworkDirection 5 жыл бұрын
Thanks!
@amitkala6382 2 жыл бұрын
The way you demonstrated is simply amazing.... Would you mind to share low level stuff on ikev1 &2..... Thanks again.
@NetworkDirection 2 жыл бұрын
Thank you! I might revisit IKE. I'll add it to my list, thanks again
@jahedbenbarka9008 5 жыл бұрын
Thank u man.....
@p4pryk 5 жыл бұрын
There is a mistake with address on topology and set for tunnel src/dst addr. 20.20.20.20 and 10.20.20.20. Anyway, great series :) thx for that.
@NetworkDirection 5 жыл бұрын
You're absolutely right! Sorry everyone, the topology says 20.20.20.20 when it should say 10.20.20.20 Thanks for noticing this
@jnev9046 5 жыл бұрын
@@NetworkDirection would this type of mis-configuration show a tunnel up/down or a reset/up? BTW, Great Explanation!
@NetworkDirection 5 жыл бұрын
@@jnev9046 Do you mean if we put in the wrong destination IP? I think this would mark the tunnel as up, but it wouldn't work
@ithereos9554 3 жыл бұрын
@@NetworkDirection But, if the router did have reachability to 20.20.20.20 (and 20.20.20.20 was the correct destination IP), the GRE tunnel will go up without issues no?
@ivanarteaga3282 8 ай бұрын
pin this comment! :P
@GamjaField 5 жыл бұрын
Thank you. Great explanation as always. Will you cover the IPSec tunnel in this series?
@NetworkDirection 5 жыл бұрын
Absolutely! Give me two weeks, and you’ll have a video on adding IPSec to the GRE tunnel, including the basics of how IPSec works
@GamjaField 5 жыл бұрын
Network Direction Awesome! :)
@YeshwanthSimhadri 5 жыл бұрын
very nice explanation - may be a LAB would have been an icing on the cake
@NetworkDirection 5 жыл бұрын
Thanks, that's a good suggestion. I'm working on a couple of GRE labs now
@NetworkDirection 5 жыл бұрын
Here's the lab: networkdirection.net/labsandquizzes/labs/lab-gre-tunnels/
@MohanKumar-wp8kc 2 жыл бұрын
good series
@NetworkDirection 2 жыл бұрын
Thank you!
@digiground7613 3 жыл бұрын
nice...
@NetworkDirection 3 жыл бұрын
Thanks!
@sarvesh81s 4 жыл бұрын
Thanks for Very good Explanation , how did you put IP address in tunnel source command ?? it should be interface
@NetworkDirection 3 жыл бұрын
You can use either, but using the IP allows the router to choose the best interface based on the address. In some cases this will improve stability (covered in the following videos)
@babakvelamkon 5 жыл бұрын
Thanks. Plz emphasis more on vpn vs gre application, similarity and differences
@NetworkDirection 5 жыл бұрын
I'm not sure I understand correct... GRE is a type of VPN. It's different to the app that you install on your computer to connect into the office from home. GRE is different, as you're not connecting a single device to the network virtually. Instead, you're creating a virtual link between entire networks. Does that help?
@babakvelamkon 5 жыл бұрын
Network Direction Thanks. The confusion I have is why to go for site-2-site Vpn and not gre/ipsec. Is there any reason that most people deploy the vpn and not secure gre?
@NetworkDirection 5 жыл бұрын
Ah, I understand now. Not everything supports GRE. GRE is kind of a routing technology. So, you'll commonly find it on routers. An IPSec VPN was developed from the security point of view, so it is mor common on firewalls. ASA's for example, support IPSec VPN's, not GRE + IPSec. As to why vendors decide to support one technology but not another... I'm not sure.
@babakvelamkon 5 жыл бұрын
Network Direction Thanks alot
@NetworkDirection 5 жыл бұрын
You’re welcome
@arunrkrishnan9833 3 жыл бұрын
perfect
@NetworkDirection 2 жыл бұрын
Thank you!
@AeroAngle 8 ай бұрын
enabling jumbo frames help with GRE and why or why not?
@Mike-ci5io Жыл бұрын
How does lowering mtu avoid fragmentation infact it will increase it so you want highest mtu interface can support
@RichardHandle 2 жыл бұрын
Does GRE tunnels work with Virtual Networks also? So two virtual networks could communicate on a SD-WAN via GRE Tunneling?
@NetworkDirection 2 жыл бұрын
SD-WAN uses a lot of technologies 'under the hood', including tunnels (possibly GRE), MPLS, VXLAN, and thinkg like these. Each provider implements it differently though
@exmundi 3 жыл бұрын
Those virtual interfaces build an ARP cache? If yes, how do they seem?
@NetworkDirection 3 жыл бұрын
The ARP cache will build for anything with L2 adjacency
@daveycrockett9447 2 жыл бұрын
only problem with this description - is you have a RFC 1911 on the left that will NOT route across the Internet. Would have been nice if the example was more realistic in such a way that it would work in a real world scenario.
@NetworkDirection 2 жыл бұрын
Do you mean RFC1918?
@jairusan 3 жыл бұрын
I appreciate the effort and time spent to make this video, however, there are just too many mistakes in the content for this specific demonstration, which is dangerous and frustrating for those who really took the time to understand the configuration and even emulate the exercise. I think there are mistakes in the destination IP address: 20.20.20.20/24 > 10.20.20.20/24. In the explanation of how the packets travel through the OVERLAY VTI's or GRE tunnel, NOT UNDERLAY as you mentioned in the video, and also I am not sure if you meant 172.16.1.1 and 172.16.1.2 and forgot to specify the CIDR here...as well. Again, not trying to troll or anything but I think this video should be removed, corrected, and re-posted for the sake of all members subscribed. There are a lot of people commenting on things like, great work, awesome video, great explanation, and we know that they definitely didn't understand what they just watched. Thank you for all you do, as I am subscribed and love some of the other videos you have put together, but, unfortunately, after checking this GRE one very carefully, I will have to be very careful going forward when following the videos you post. Hope this feedback is helpful.
@jordantaylor3788 Жыл бұрын
Is this still true? I didn't think you could advertise OSPF over GRE as the interfaces would be flapping when trying to send ospf packets to the endpoint?
@NetworkDirection Жыл бұрын
Hi Jordan Thanks for your comment! What you are describing is route recursion. This can happen if you do it wrong, but OSPF over GRE is just fine if you do it right. I believe the next video in this series discusses this further. 😃 Have a great day!
@eksadiss 5 жыл бұрын
5:28 you said 1436 when I think you meant to say 1476
@mabsahmed786 3 жыл бұрын
i think you missed the static route explanation thats needed here
@NetworkDirection 3 жыл бұрын
Do you mean explaining what static routes are, or how they're used for this application?
@mabsahmed786 3 жыл бұрын
@@NetworkDirection yeah i meant for this application, ie how do the two edges know how to get to each other and how do we force traffic over the tunnel. also how not to cause recursive routing issues. but the video was information nonetheless.
@leonelsimoes2616 2 жыл бұрын
Destination address should be 192.168.2.1 instead of 192.168.1.2
@NetworkDirection 2 жыл бұрын
Thank you! Unfortunately, I can't go back and change it
@rohanofelvenpower5566 4 жыл бұрын
aha so very very simple. Basically it adds what is called "Outer IP" header which has the ISPs routers IPs which are PUBLIC IPs so the routers over the Internet (/WAN) KNOW where they are. And there is also the small gre header that says what the original IP version is being used by the private hosts with private, non-routable IP addresses. So you stick public IPs on top of the packet and route it as normal. By the time it arrives at the destination and it is de-encapsulated the private host will see it's private ip (non-routable) that it knows. So easy it's a joke haha
BalcevMMA_BOXING
Рет қаралды 11 МЛН
Tips Workshop
Рет қаралды 14 МЛН
Sikandar Shaik
Рет қаралды 58 М.
Sikandar Shaik
Рет қаралды 175 М.
spline
Рет қаралды 586 М.
STICKY Art Shorts
Рет қаралды 1,3 МЛН