What is the use of only using GRE internally or externally?

I know what GRE does, but why would you want to use it on itself externally (without IPSEC). It has no protecting against sniffing? Then again, why would you want to use it in your own network? Shouldn't your network be secure enough to not use GRE? Why would you tunnel traffic through your own network?

So I'm wondering in what cases you would use GRE on it's own, without IPSEC?

Find more posts tagged with

Comments

networker050184

So first look at what GRE actually does. It hides the actual IP header so forwarding decisions are made on the outside Ip header only.

Why would you want to do this? Say you want traffic to go to a device and then be routed from there. For example you have a server sending probes to test latency to providers from multiple edge routers. You could connect a server to each edge router directly and route out there. Or you could have a single server with GRE tunnels to each edge device and send your probes that way. They arrive directly at the specific edge device (via the GRE tunnel) and routed out. You don't have to worry about routing through your infrastructure on a source basis.

Many other applications as well.

joetest

I guess you could use it to create a point-to-point connection using a tunnel if you wanted to. You'd use the IP adresses of the tunnel instead of going through all the different routes in your internetwork the tunnel is crossing.

*edit* too late, Networker said pretty much the same

theodoxa

GRE allows you to create a tunnel between sites that supports Multicast, which allows routing protocols to be run over it. Personally, I would only use GRE [without IPsec] where privacy isn't required. It can also be used to tunnel IPv6 over an IPv4 only network. I don't believe Manual IPv6 Tunnels (tunnel mode ipv6ip) support Multicast traffic, but GRE does.

Hondabuff

That's all I setup is GRE with IPsec between branch offices. We use a lot of Video in our company and it only uses multicast. Standard IPsec tunnel will not allow it. We also use GRE tunnels to our Vendors between our edge routers then use IPsec tunnels from the firewall though the edge router.