What is the purpose of a GRE tunnel Between two CE equipment

dppagcdppagc Member Posts: 293
when they are able to ping each other?
Can anyone enlighten me?


  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    As an example, between the CEs you have an IGP, both CEs are connected to a private network whose ip range you don't want to advertise into your IGP. By adding the GRE header you are giving these packets a routable address within the IGP core.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • dppagcdppagc Member Posts: 293
    so there is one igp process between PE to PE and another one between the CEs. Is that correct?
  • fredrikjjfredrikjj Member Posts: 879
    You questions barely make sense. Maybe you need to look into this a bit closer first, and then write more detailed questions.
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    *scratches head*

    Maybe I'm misunderstanding the original question too but if I'm not, how did you pass the CCNP R&S in the last year or so if you don't understand what the purpose is for GRE? Even back three versions ago, the CCNP Route material and blueprint had a whole section on GRE Tunnel theory and configuration and less than a year later, you're wondering what the purpose of GRE is? I'm super confused here. I'm really hoping I'm reading your question wrong which I might...
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • lostindaylightlostindaylight Member Posts: 43 ■■□□□□□□□□

    Do you know what a VPN is and what it's used for?
  • KrekenKreken Member Posts: 284
    Assuming we are talking about MPLS CEs than it is used to support multicast. It can also be used to link two VRFs.

    Edit: clarification - to link one vrf instance across MPLS.
  • Node ManNode Man Member Posts: 668 ■■■□□□□□□□
    OK, taking the question at face value, the magic of a GRE is when a traceroute is run. Even if there are 12 devices between the ends. Each side will appear to be the next hop in a trace.

    GRE's are great way for an ISP to segment traffic and a great way for a customer to protect their own packets.
  • pevangelpevangel Member Posts: 342
    The purpose of establishing GRE between CE to CE is when you are utilizing an L3VPN for WAN connectivity and have some need for point-to-point connectivity between your CEs. Like if you want to run iBGP, LDP, and/or some IGP between your CEs.
  • CCIE #50693CCIE #50693 Member Posts: 6 ■□□□□□□□□□
    I'm gonna go out on a limb here. I had a question like this recently, the client wanted to know if DMVPN over MPLS L3VPN is possible. It is, and used quite often. If that is the direction, even tho L3VPN is private WAN, it's not encrypted, which maybe needed for compliance.

    At face value, there is no purpose. If it's CE to CE, you might be trying to run an IGP, like OSPF or EIGRP. If the CE is a router, you don't have to worry about the Multicast aspect, Both EIGRP and OSPF support Unicast adjacency with the neighbor command, GRE is not needed.

    If you are looking to leverage IGP on the CE, I would recommend a L2VPN solution like AToM. The 2 CEs appear directly connected to each other. So you could run OSPF/EIGRP/RIP on that connection. Choice is really yours. The L2VPN solution also allows for GigE speeds and above, typically for DCI.
  • pevangelpevangel Member Posts: 342
    The problem with getting an L2VPN from a provider when you're already getting an L3VPN is that the customer would have to pay for another service. If the customer already has an L3VPN, then they can utilize GRE to create point-to-points between CEs without paying for another service.

    A use case would be if the customer wants to run MPLS applications between their sites, but only pay for one L3VPN from the provider. They can create a GRE tunnel between CEs then run an IGP, LDP, and MP-BGP. This would allow them to create MPLS L2VPNs and/or L3VPNs over the existing L3VPN from the provider.

    Here's a packet capture from a PE showing a customer running AToM over GRE over the provider's L3VPN:


    Utilizing SAFI 4 would be a better solution for running MPLS applications on top of an L3VPN but some service providers will not do label exchange with their customers.
Sign In or Register to comment.