This document seeks to prepare students for the topics of GRE and mGRE for the CCIE Written Exam version 3.0. These are important technologies to master as part of the General Networking section of this exam blueprint.
Generic Routing Encapsulation (GRE)
Cisco developed the Generic Routing Encapsulation (GRE) protocol to encapsulate network layer protocols over a virtual point-to-point (P2P) link. RFC 2784 details this useful protocol.
GRE is desirable anytime routers must be “tricked” into handling packets they would otherwise normally not handle. For example, multicast traffic cannot be natively protected by IP Security (IPSec), so GRE can encapsulate this traffic initially, and then it can be protected by an IPSec VPN.
GRE uses IP protocol type 47.
Multipoint Generic Routing Encapsulation (mGRE)
The “classic” GRE tunnel described above is considered a point-to-point structure. Multipoint Generic Routing Encapsulation (mGRE) relaxes this concept to include multiple destinations in the GRE process.
Consider the classic and popular hub and spoke topology. Perhaps GRE needs to function in this environment. For each new additional spoke that might be added, a new P2P GRE tunnel must be constructed. This new tunnel would need its own logical IP subnet. This leads to an obvious waste of IP address space, and perhaps far worse, it leads to excessive overhead on the hub device.
Multipoint GRE arrives to the rescue. Thanks to this GRE technique, the hub and spoke devices may use a single tunnel. This tunnel is one logical IP subnet. At this point, you can consider this design and functionality similar to a non-broadcast multi-access (NBMA) technology like Frame-Relay.
With mGRE, you need a name resolution mechanism that can map the logical tunnel IP addresses to the underlying physical IP addresses in the topology. This is what the Next Hop Reachability Protocol (NHRP) is used for. I will cover this important technology in an upcoming blog post.
mGRE and NHRP are critically important for mastery in the CCIE Security 3.0 because they are two of the necessary protocol components used in the construction of the Dynamic Multipoint VPN (DMVPN).
Anthony Sequeira CCIE, CCSI