Encapsulation process, Decapsulation process, 3 applications of gre – Panasonic NN46240-710 User Manual
Page 57: 3 applications of gre -3, Applications of gre, Figure 2-2
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
Nortel Secure Router 8000 Series
Troubleshooting - VPN___________
2 GRE troubleshooting
Figure 2-2 Two networks interconnecting through the GRE tunnel
Encapsulation process
After receiving an IP datagram, the interface on Nortel A that connects with Group 1 sends the
datagram to the IP module for processing.
The IP module determines how to route this datagram based on the destination address
contained in the IP header. If the network with the network number 1f passes its destination
address (the virtual network ID of the tunnel), this datagram is sent to the tunnel interface of
that network.
After receiving this datagram, the GRE module encapsulates it and sends it to the IP module.
The IP module appends an IP header to the datagram and then sends it to the corresponding
network interface based on the packet destination address and the routing table.
Decapsulation process
The decapsulation process is the reverse of the encapsulation process.
After receiving an IP packet from the GRE tunnel interface, Nortel B checks for the destination
address of the packet. If the destination is found to be a local router, the IP header of the packet
is removed. According to the protocol field in the IP header, the packet is determined to be a
GRE packet and sent to the GRE module. After processing, the GRE module removes the GRE
header and sends the datagram to the IP module according to the protocol field. The IP module
then handles this datagram.
2.1.3 Applications of GRE
You can use GRE to perform the following functions:
•
Transmit packets from multiprotocol local networks over a backbone network that runs a
single protocol
•
Connect discontinuous subnets to extend the operation space of the network whose routing
protocol is limited in hops.
•
Build VPNs.
•
Resolve the defect of IPSec that cannot protect multicast packets in combination with
IPSec.
•
Provide two less strong security mechanisms, namely, checksum verification and key
verification.
Issue 5.3 (30 March 2009)
Nortel Networks Inc.
2-3