HP VPN Firewall Appliances VPN Configuration Guide
3
• GRE key—Ensures packet validity. The sender adds a GRE key into a packet. The receiver compares
the GRE key with its own GRE key. If the two keys are the same, the receiver accepts the packet.
Otherwise, it drops the packet.
• GRE checksum—Ensures packet integrity. The sender calculates a checksum for the GRE header
and payload and sends the packet containing the checksum to the tunnel peer. The receiver
calculates a checksum for the received packet and compares it with that carried in the packet. If the
checksums are the same, the receiver considers the packet intact and continues to process the
packet. Otherwise, the receiver discards the packet.
GRE application scenarios
The following shows typical GRE application scenarios:
Connecting private networks running different protocols over a single backbone
As shown in Figure 4, Group 1 and Group 2 are IPv6 networks, and Team 1 and Team 2 are IPv4
networks. Through the GRE tunnel between Device A and Device B, Group 1 can communicate with
Group 2 and Team 1 can communicate with Team 2, without affecting each other.
Figure 4 Network diagram
Enlarging network scope
In an IP network, the maximum TTL value of a packet is 255. If two devices have more than 255 hops in
between, they cannot communicate with each other. By using a GRE tunnel, you can hide some hops to
enlarge the network scope. As shown in Figure 5, onl
y the tunnel-end devices (De
vice A and Device D)
of the GRE tunnel are counted in hop count calculation. Therefore, there are only three hops between
Host A and Host B.
IPv6 protocol
Group 1
Internet
IP protocol
Team 1
IPv6 protocol
Group 2
IP protocol
Team 2
Device A Device B
GRE tunnel