No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Ethernet over GRE

Ethernet over GRE

Generic Routing Encapsulation (GRE) provides a mechanism to encapsulate packets of a protocol into packets of another protocol. This allows packets to be transmitted over heterogeneous networks. A channel for transmitting heterogeneous packets is called a tunnel.

A GRE tunnel can be established using the following tunnel interfaces:
  • GRE tunnel interface

    A GRE tunnel interface is a point-to-point virtual interface used to encapsulate packets, and has the source address, destination address, and tunnel interface IP address.

  • mGRE tunnel interface

    An mGRE tunnel interface is a point-to-multipoint virtual interface used in Dynamic Smart VPN (DSVPN) applications, and has the source address, destination address, and tunnel interface IP address.

    The destination IP address of a GRE tunnel interface is manually configured, whereas the destination IP address of an mGRE tunnel is resolved by the next hop resolution protocol (NHRP). An mGRE tunnel interface has multiple remote ends because there are multiple GRE tunnels on the interface.

In Figure 3-3, the enterprise headquarters and branch use Ethernet networks and are connected by an IP backbone network. Ethernet over GRE can be deployed to transparently transmit Ethernet packets over a GRE tunnel, enabling communication between the enterprise headquarters and branch.

Figure 3-3  Ethernet over GRE networking

Ethernet over GRE encapsulates Ethernet packets using GRE and transmits the encapsulated packets over a network running another network layer protocol, such as IPv4. The detailed working process is as follows:

  1. Layer 2 virtual Ethernet (VE) interfaces VE0/0/2 and VE0/0/1 are bound to the LAN-side physical Ethernet interface GE2/0/0 and WAN-side tunnel interface Tunnel0/0/1 of the routers, respectively.
  2. LAN-side GE2/0/0 on Router_1 receives an Ethernet packet containing a VLAN tag from the branch network.
  3. GE2/0/0 forwards the packet to VE0/0/2. VE0/0/2 processes the VLAN tag, forwards the packet at Layer 2 based on the MAC address and VLAN tag, and finds the outbound interface VE0/0/1.
  4. VE0/0/1 processes the VLAN tag in the Ethernet packet and forwards it to the bound Tunnel0/0/1. Tunnel0/0/1 encapsulates the Ethernet packet using GRE (with the protocol code 0x6558) and forwards the encapsulated packet over a GRE tunnel.
  5. Tunnel0/0/1 on Router_2 decapsulates the received packet using GRE, finds that the protocol code is 0x6558, and forwards the decapsulated Ethernet packet to the inbound interface VE0/0/1.
  6. VE0/0/1 processes the VLAN tag in the packet and forwards it to the outbound interface VE0/0/2. VE0/0/2 processes the VLAN tag in the packet and sends it to the outbound interface GE2/0/0.
  7. GE2/0/0 sends the Ethernet packet containing a new VLAN tag to the headquarters network.
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 151159

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next