Generic Routing Encapsulation
GRE is the standard tunneling protocol for carrying routing protocols (OSPF, EIGRP) across IPsec links. AWS Transit Gateway, SD-WAN overlays, and many enterprise networks use GRE+IPsec. Also the basis for PPTP's data channel.
What It Defines
Defines GRE — a tunneling protocol that encapsulates arbitrary network-layer packets inside IP. A GRE header (4 bytes minimum: protocol type of the inner packet) is inserted between the outer and inner IP headers. GRE (IP protocol 47) provides no encryption or authentication on its own — it is purely a tunneling mechanism. Commonly combined with IPsec (GRE-over-IPsec) to get both routing flexibility and encryption. GRE supports multicast and routing protocols, which raw IPsec tunnel mode does not.
Canonical (Normative)
Related References
The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.
Related Specs
IPsec is the dominant VPN technology for enterprise site-to-site links (AWS VPN, Azure VPN Gateway, on-prem firewalls). Understanding tunnel vs transport mode, SAs, and the SPD is essential for configuring and debugging VPN connectivity.
ESP is the workhorse of IPsec — every encrypted VPN tunnel uses it. When your cloud VPN shows 'Phase 2 SA established', that's an ESP SA. Understanding ESP's SPI, sequence numbers, and algorithm negotiation is key to VPN troubleshooting.
PPTP is a cautionary tale in protocol design. Understanding why it's broken (DES key space in MS-CHAPv2, RC4 key reuse in MPPE) teaches important lessons about protocol-level cryptographic failures. Never deploy it.