Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
701702703704705706707708709710
7-186
Virtual Private Networks
Generic Routing Encapsulation (GRE) Concepts
Generic Routing Encapsulation (GRE)
Concepts
GRE is a Layer 2 protocol that can encapsulate any protocol that Ethernet can
encapsulate. GRE tunneling establishes a virtual point-to-point connection
between two devices across an intervening network. For example, you could
use GRE to tunnel FTP or HTTP traffic between two networks across an
intervening network.
When the TMS zl Module selects traffic for the GRE tunnel, it encapsulates
the traffic with a GRE header and a new IP header. The new IP header includes
the destination address of the remote tunnel endpoint.
GRE can tunnel both multicast and unicast traffic. Therefore, one of the
primary reasons to use GRE is to tunnel multicast traffic through an environ-
ment (such as the Internet) that does not allow multicasts. In fact, you can
even configure the TMS zl module to exchange dynamic routing messages
through the GRE tunnel. To send routing messages (RIP and OSPF) through
a GRE tunnel, you must enable RIP or OSPF on the GRE tunnel.
Because GRE tunnels do not encrypt traffic, you should configure GRE over
IPsec for traffic that requires data integrity or data privacy. GRE over IPsec
can also tunnel both unicast and multicast traffic, so you might use a GRE
over IPsec connection in conjunction with a site-to-site IPsec VPN. The IPsec
VPN would carry most traffic, but the GRE over IPsec connection could carry
routing updates and other multicast traffic.
GRE Tunnel Keepalives
GRE tunnels are designed to be completely stateless, meaning neither tunnel
endpoint keeps any information about the state or availability of the other
tunnel endpoint. In other words, the tunnel interface on the local endpoints
does not go “down” when the other endpoint is unreachable.
A GRE tunnel normally comes “up” as soon as the following items were
configured:
The local tunnel endpoint has a route to the remote tunnel endpoint (that
is not through the tunnel itself).
The interface serving as the local tunnel endpoint is up.