Application Note 2002
GRE and Virtual Private
Network iQ routers from Allied Telesyn can utilise Generic Routing
Encapsulation to provide virtual private networks across the Internet.
Organisations intending to connect to the Internet may have private or illegal
IP addresses or they may simply wish to connect across the Internet without
changing their systems and yet construct a virtual private network within
another public network. Allied Telesyn provides Generic Routing
Encapsulation (GRE) in the Network iQ family of multi-protocol routers as a
mechanism to do this.
NOTE: Following the acquisition of the Network iQ product range from Teltrend, Inc.,
Allied Telesyn have renamed the Network iQ Router as the AR Router.
The Internet is a global network comprising some 50,000 member networks in
100 countries. Estimates put the total user population at 30 million, with
thousands of new users being connected every day.
Generic Routing Encapsulation (GRE) is a mechanism for encapsulating
network layer protocols over any other network layer protocol. The general
specification is described in RFC 1701, and the encapsulation of IP packets over
IP is defined in RFC 1702 as a specific implementation of GRE.
In the general case, a network layer packet, called the payload packet, is
encapsulated with a GRE packet, which may also include source route
information. The resulting GRE packet is then encapsulated in some other
network layer protocol, called the delivery protocol, and then forwarded.
The only currently specified standard for GRE encapsulation is IP over IP (RFC
1702) and this is the standard supported by all Network iQNetwork iQ router
models. The main purpose of the RFC 1702 standard is to enable routing of IP
packets between private IP networks across an Internet that uses globally
assigned IP addresses. Private IP networks may either use IP addresses from
the ranges of IP addresses reserved for private networks in RFC 1597 (Table 1),
or worse, any randomly selected range of IP addresses.
2 Application Note 2002: GRE and Virtual Private Networks
Table 1: IP address ranges reserved for private IP networks (As specified in RFC 1597).
Network Class Reserved IP Address Range
In either of the above situations it is imperative that the administrator of a
private IP network ensure that packets using such IP addresses are not
transmitted to external networks, to prevent the possibility of routing conflicts.
The GRE protocol allows hosts in one private IP network to communicate with
hosts in another private IP network by effectively providing a communication
tunnel between two routers across an Internet.
In the example shown in Figure 1 below, IP packets from the private IP
network 10.2.1.0 destined for a host in the private IP network 10.3.1.0 are
encapsulated by Router A and forwarded to Router B. Intermediate routers
route the packets using addresses in the delivery protocol header. Router B
extracts the original payload packet and routes it to the appropriate destination
within network 10.3.1.0.
Additionally, a workstation or host at location A may have an assigned public
host address, so it can communicate with a host using a valid address in the
public network, or conversely be encapsulated with GRE and be forwarded to
Support for GRE
Network iQ routers support RFC 1702, which defines the encapsulation of IP
packets over IP. This configuration is flexible and supports inclusion or
exclusion host as well as network lists. The use of GRE in combination with
packet filters firewalling available on all Network iQ routers allows network
managers to construct effective virtual private networks over existing public
networks. Thus they are able to provide internet access without unnecessary
compromise of the security of corporate data and yet to maintain a high level
of cost efficiency.
Network iQ routers offer a total solution for secure LAN internetworking and
LAN access using both primary rate and basic rate ISDN, PSTN, frame relay,
X.25 and leased lines. The Network iQ router also supports channel
aggregation using the PPP multilink protocol, bridging, data compression,
bandwidth-on-demand, communications server and terminal/printer server
capabilities, and many more features for cost-effective connectivity.
Software Release 7.6
Application Note 2002: GRE and Virtual Private Networks 3
Figure 2: An example internetwork utilising GRE.
Router A Router B
LAN A LAN B
(Private Network=10.2.1.0) (Private Network=10.3.1.0)
Software Release 7.6