HP VPN Firewall Appliances VPN Configuration Guide
2
• GRE over IPv4—The transport protocol is IPv4, and the passenger protocol is any network layer
protocol.
• GRE over IPv6—The transport protocol is IPv6, and the passenger protocol is any network layer
protocol.
In the Web interface, you can configure only GRE over IPv4 tunnels.
GRE encapsulation and de-encapsulation
The following sections use Figure 3 to describe how an X protocol packet traverses an IP network through
a GRE tunnel.
Figure 3 X protocol networks interconnected through a GRE tunnel
Encapsulation process
1. After receiving an X protocol packet from the interface connected to Group 1, Device A submits it
to the X protocol for processing.
2. The X protocol checks the destination address field in the packet header to determine how to route
the packet.
3. If the packet must be tunneled to reach its destination, Device A sends the packet to the GRE tunnel
interface.
4. Upon receiving the packet, the tunnel interface encapsulates the packet with GRE and then with IP.
5. Device A looks up the routing table according to the destination address in the IP header and
forwards the IP packet.
De-encapsulation process
De-encapsulation is the reverse of the encapsulation process:
1. Upon receiving an IP packet from the tunnel interface, Device B checks the destination address.
2. If the destination is itself and the protocol number in the IP header is 47 (the protocol number for
GRE), Device B removes the IP header of the packet and submits the resulting packet to GRE for
processing (such as checking the GRE key, checksum, and sequence number in the packet).
3. After GRE finishes the processing, Device B removes the GRE header and submits the payload to
the X protocol for forwarding.
NOTE:
GRE encapsulation and de-encapsulation can decrease the forwarding efficiency of tunnel-end devices.
GRE security features
GRE supports the following security features to ensure GRE tunnel security: