3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

121

122

123

124

125

126

127

128

129

130

CONFIGURATION OF GRE

Brief Introduction to

GRE

GRE overview

Generic Routing Encapsulation protocol (GRE) can encapsulate datagrams of some

network layer protocols (e.g. IP and IPX) and allow these encapsulated datagrams

to be transferred in another network layer protocol (e.g. IP). GRE is a layer 3

Tunnel protocol of VPN, adopting a technique called Tunnel between protocol

layers. Each Tunnel is a virtual point-to-point connection and can be regarded as a

virtual interface only supporting point-to-point connection in actual situation. The

interface provides a Tunnel where encapsulated datagrams can be transmitted.

And it can also encapsulate and de-encapsulate datagrams at both ends of the

Tunnel.

To move in a Tunnel, a packet must undergo the processes of encapsulation and

decapsulation, which are illustrated in

Figure 28:

Figure 28 IPX network interconnection through GRE Tunnel

1 The process of encapsulation

After receiving an IPX packet, the interface connected to Novell group1 first sends

it to IPX for processing. IPX decides how to route it by examining the destination

address field in its IPX header. If IPX finds that the packet should pass the network

1f (virtual network number of the Tunnel) in order to reach the destination, it

delivers the packet to the Tunnel interface with the network number of 1f. After

receiving the packet, the Tunnel interface performs GRE encapsulation before

forwarding it to the IP module for processing. After the IP header is encapsulated,

the packet will be forwarded to the appropriate network interface according to its

destination address and the routing table.

2 The process of decapsulation

The process of decapsulation is contrary to that of encapsulation. The system

examines the destination address of each IP packet received from the Tunnel

interface; if it is this security gateway, the system removes the IP header of the

packet and sends it to the GRE module for processing (verifying key, checksum,

and serial number of the packet, etc.). After completing all the works, the GRE

module removes the GRE header of the packet and sends it to the IPX module

where it is handled just as a common one.

Internet

Novell IPX

Protocol

Group1

Novell IPX

Protocol

Group2

Tunnel

Internet

Novell IPX

Protocol

Group1

Novell IPX

Protocol

Group2

Tunnel

Switch 8800 A

Switch 8800 B