gre checksum
Function
The gre checksum command enables the end-to-end checksum function between both ends of a GRE tunnel.
The undo gre checksum command disables the end-to-end checksum function.
By default, the checksum function is disabled on the GRE tunnel.
Usage Guidelines
Usage Scenario
You can configure an end-to-end check between both ends of a GRE tunnel to improve the GRE tunnel security. This mechanism prevents the device from incorrectly identifying and receiving invalid packets.
You can configure the checksum function on the two ends of the tunnel as required to determine whether to trigger the checksum function.
Prerequisites
The tunnel interface view has been displayed using the interface tunnel command.
The tunnel type has been set to GRE using the tunnel-protocol gre command.
Precautions
After this command is executed, the integrity of packets can be checked.
If the checksum function is configured on the local end:
The local end calculates the checksum according to the GRE header and payload.
The local end sends a packet containing the checksum to the remote end.
The remote end calculates the checksum based on the packet and then compares the result with the checksum contained in the packet.
If the two checksum values are the same, the packet is processed.
If the two checksum values are different, the packet is discarded.
If the checksum function is enabled on the local end and disabled on the remote end, the local end does not perform checksum on received packets, but performs checksum on locally transmitted packets. If the checksum function is disabled on the local end and enabled on the remote end, the local end performs checksum on received packets, but does not perform checksum on locally transmitted packets.
