Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Why do we use GRE tunnel rather than ipsec?

user-image
Question added by haroon shah , IT Engineer , NESMA Electric/Telecom and technology
Date Posted: 2016/01/02
Mostafa Khamies Dakam
by Mostafa Khamies Dakam , Network Specialist , Libyan Fertilizer Company

GRE is like a virtual interface, so any packet that would be routed out this interface will be completely wrapped into a new packet.  This packet would prepend a GRE header and a NEW IP header and the source IP of whatever interface that it used to egress the router.  This interface handles multicasts as one would expect.

 

IPSec on the other hand is a suite of protocols that we put together to achieve a goal.  This goal is to enforce a policy.  IPSec does not really support multicast in and of itself.  Now there are ways around this.  For example, we might decide that we wish to encrypt the GRE packet that we created above.  In that case, we might add an ESP header in the above mix.  In that case, multicast would still work, but we are only encrypting a unicast packet from the perspective of IPSEC (or more specifically the ESP protocol).  Your question with GRE is specific.

More Questions Like This