Generic routing encapsulation (GRE) is a communication protocol used to establish a direct, point-to-point connection between network nodes. Being a simple and effective method of transporting data over a public network, such as the Internet, GRE lets two peers share data they wouldn’t be able to share over the public network itself.
GRE protocol offers a number of advantages, including:
- Use of multiple protocols over a single-protocol backbone
- Providing workarounds for networks with limited hops
- Connection of non-contiguous subnetworks
- Being less resource demanding than its alternatives (e.g. IPsec VPN)
Imperva Incapsula uses GRE to establish a direct connection to our clients’ servers, after virtually deploying our DDoS mitigation solution at the edge of their network.
Regardless of the DDoS attack type or target, this enables us to provide protection for every type of network infrastructure, across all communication protocols—because of GRE’s ability to transmit packets of all types.
In this post we shed some light on the GRE protocol: how it works, what it is capable of and how it can be effectively utilized.
Like Mailing a Package
Before diving into GRE, let’s discuss how Internet communication works in general. When one computer needs to send information to another over a network, the data is divided into a series of packets—small bits of the original data. Each packet contains both user data and control information.
User data, (a.k.a., the payload), is the actual content being sent. Control information, on the other hand, comprises instructions required for the content to reach its destination—including source and destination IP addresses, error codes, etc.
In this way, a network packet is similar to a package being delivered in the mail, with user data representing the content inside the package and control information as the delivery instructions found on it.
Network packets and mailed packages also resemble each other in the way they travel from their point of origin to their final destination.
When a package is sent, it makes several stops during the delivery process, passing through at least two post offices. The same goes for data packets, which need to journey between several ISP networks as they move across the globe.
Certain rules have to be observed in both cases. For example, your package must have the correct stamps and be of a certain size and weight. Similarly, data packets need to comply with the rules of a given network in which they are passing through, which may or may not support certain packet sizes and communication protocol types (e.g., AppleTalk).
If the rules aren’t observed, your packet can’t be delivered. This is where GRE is useful.