It is so weird how perfectly timed these videos are coming out to my studying. When I was looking into learning VRF's you released an excellent video series on VRF's. Now when I want to brush up on VPN's you release this video at the perfect time. Keep up the awesome work! Hopefully the next series will be MPLS.
@@NetworkDirection But, if the router did have reachability to 20.20.20.20 (and 20.20.20.20 was the correct destination IP), the GRE tunnel will go up without issues no?
I am currently learning CCNP Enterprise Encor and found this video series on 'GRE' along with the 'VXLan' and 'VRF' videos very informative with clear explanations. Thank you for posting these videos, will you be posting any others that will be helpful with the CCNP Enterprise course?
I'm not sure I understand correct... GRE is a type of VPN. It's different to the app that you install on your computer to connect into the office from home. GRE is different, as you're not connecting a single device to the network virtually. Instead, you're creating a virtual link between entire networks. Does that help?
Network Direction Thanks. The confusion I have is why to go for site-2-site Vpn and not gre/ipsec. Is there any reason that most people deploy the vpn and not secure gre?
Ah, I understand now. Not everything supports GRE. GRE is kind of a routing technology. So, you'll commonly find it on routers. An IPSec VPN was developed from the security point of view, so it is mor common on firewalls. ASA's for example, support IPSec VPN's, not GRE + IPSec. As to why vendors decide to support one technology but not another... I'm not sure.
SD-WAN uses a lot of technologies 'under the hood', including tunnels (possibly GRE), MPLS, VXLAN, and thinkg like these. Each provider implements it differently though
I appreciate the effort and time spent to make this video, however, there are just too many mistakes in the content for this specific demonstration, which is dangerous and frustrating for those who really took the time to understand the configuration and even emulate the exercise. I think there are mistakes in the destination IP address: 20.20.20.20/24 > 10.20.20.20/24. In the explanation of how the packets travel through the OVERLAY VTI's or GRE tunnel, NOT UNDERLAY as you mentioned in the video, and also I am not sure if you meant 172.16.1.1 and 172.16.1.2 and forgot to specify the CIDR here...as well. Again, not trying to troll or anything but I think this video should be removed, corrected, and re-posted for the sake of all members subscribed. There are a lot of people commenting on things like, great work, awesome video, great explanation, and we know that they definitely didn't understand what they just watched. Thank you for all you do, as I am subscribed and love some of the other videos you have put together, but, unfortunately, after checking this GRE one very carefully, I will have to be very careful going forward when following the videos you post. Hope this feedback is helpful.
You can use either, but using the IP allows the router to choose the best interface based on the address. In some cases this will improve stability (covered in the following videos)
only problem with this description - is you have a RFC 1911 on the left that will NOT route across the Internet. Would have been nice if the example was more realistic in such a way that it would work in a real world scenario.
Is this still true? I didn't think you could advertise OSPF over GRE as the interfaces would be flapping when trying to send ospf packets to the endpoint?
Hi Jordan Thanks for your comment! What you are describing is route recursion. This can happen if you do it wrong, but OSPF over GRE is just fine if you do it right. I believe the next video in this series discusses this further. 😃 Have a great day!
@@NetworkDirection yeah i meant for this application, ie how do the two edges know how to get to each other and how do we force traffic over the tunnel. also how not to cause recursive routing issues. but the video was information nonetheless.
aha so very very simple. Basically it adds what is called "Outer IP" header which has the ISPs routers IPs which are PUBLIC IPs so the routers over the Internet (/WAN) KNOW where they are. And there is also the small gre header that says what the original IP version is being used by the private hosts with private, non-routable IP addresses. So you stick public IPs on top of the packet and route it as normal. By the time it arrives at the destination and it is de-encapsulated the private host will see it's private ip (non-routable) that it knows. So easy it's a joke haha
What a great video. Really useful the commands were at the bottom and you explained the difference between source and destination
It is so weird how perfectly timed these videos are coming out to my studying. When I was looking into learning VRF's you released an excellent video series on VRF's. Now when I want to brush up on VPN's you release this video at the perfect time. Keep up the awesome work! Hopefully the next series will be MPLS.
That is uncanny!
I have been thinking about basic MPLS as a series. Won’t be next, but hopefully soon
LOL same 😂
Nice!
Best video on GRE ! Surfed over 5-6 videos before landing to this.
Thanks for creating and sharing with us!! Perfect explanation for us that are new to GRE!!! Cheers!
thanks buddy for creating this series. i read a lot but could not get through before , but today atlast i got.
keep making such videos
It's so good to hear that these videos are helping you
Very simple, high level overview of what a GRE tunnel is/does. Well done. Thank you!
You're welcome!
Thank you, very clear and easy to understand. Please continue to make videos like this - highly appreciate it.
You're welcome! I'm currently working on extending this with DMVPN
Finally some quality tutorials, great work!
I appreciate the feedback Pawel, thanks!
Overlay network using GRE Tunnel- nicely explained, Thanks
There is a mistake with address on topology and set for tunnel src/dst addr. 20.20.20.20 and 10.20.20.20.
Anyway, great series :) thx for that.
You're absolutely right! Sorry everyone, the topology says 20.20.20.20 when it should say 10.20.20.20
Thanks for noticing this
@@NetworkDirection would this type of mis-configuration show a tunnel up/down or a reset/up? BTW, Great Explanation!
@@jnev9046 Do you mean if we put in the wrong destination IP?
I think this would mark the tunnel as up, but it wouldn't work
@@NetworkDirection But, if the router did have reachability to 20.20.20.20 (and 20.20.20.20 was the correct destination IP), the GRE tunnel will go up without issues no?
pin this comment! :P
Just saw this video after I had a question in CCNA about GRE.
This is amazing. Thank you for putting this together.
May I ask what you're doing in life now with a bit over 4 years in the field ? (if you stuck to the field ofc) I just wanna get an idea
Read more here: networkdirection.net/GRE+Tunnels
Try the lab here: networkdirection.net/labsandquizzes/labs/lab-gre-tunnels/
It is a nice explanation of packet encapsulation (starts from 6 min), but i dont understand where is the role of a tunnel - 192.168.1.0 network???
The way you demonstrated is simply amazing.... Would you mind to share low level stuff on ikev1 &2..... Thanks again.
Thank you!
I might revisit IKE. I'll add it to my list, thanks again
Good and simple explanation !!
I am currently learning CCNP Enterprise Encor and found this video series on 'GRE' along with the 'VXLan' and 'VRF' videos very informative with clear explanations. Thank you for posting these videos, will you be posting any others that will be helpful with the CCNP Enterprise course?
super helpful video, thank you!
Good to hear, thanks!
Another great explaination!
Thanks Daniel! So happy that it makes sense.
Looking forward to seeing GRE tunnels with IPSec?
@@NetworkDirection Definitely! Always enjoy your well presented and explained videos
Amazing video I understand gre now
Awesome explanation, thanks!
Glad you enjoyed it!
very good. Keep going,
Very beautiful. Thankyou so much 🎉🎉
This was fantastic, looking forward the the encryption component,
I aim to please 😁
Wow very nicely explained
Thank you so much!!! Great video!!
You're welcome!
Awesome video, thanks!
best explained !!!
Thank you!
Awesome !!!
I like very much the animated explanation ♥️
Thank you Sir
Thanks for this well-explained nuggets :)
You're very welcome!
Excellent video thank you so much for the breakdown.
Glad to help!
very nice explanation - may be a LAB would have been an icing on the cake
Thanks, that's a good suggestion.
I'm working on a couple of GRE labs now
Here's the lab: networkdirection.net/labsandquizzes/labs/lab-gre-tunnels/
Excellent explanation!! I appreciate that 👍🏼
Glad it was helpful!
man, that's a fantastic video!
Thanks!
Thank you for simplifying gre!
My pleasure!
Thank you!
I have no idea what you're talking about but you're better than a college professor definitely...
great explanation!
Thanks!
Thanks great material
Nicely done!
Great Explanation.. Thanks.
good series
Thank you!
Thank you. Great explanation as always. Will you cover the IPSec tunnel in this series?
Absolutely! Give me two weeks, and you’ll have a video on adding IPSec to the GRE tunnel, including the basics of how IPSec works
Network Direction Awesome! :)
Thanks. Plz emphasis more on vpn vs gre application, similarity and differences
I'm not sure I understand correct...
GRE is a type of VPN. It's different to the app that you install on your computer to connect into the office from home.
GRE is different, as you're not connecting a single device to the network virtually. Instead, you're creating a virtual link between entire networks.
Does that help?
Network Direction Thanks. The confusion I have is why to go for site-2-site Vpn and not gre/ipsec. Is there any reason that most people deploy the vpn and not secure gre?
Ah, I understand now.
Not everything supports GRE. GRE is kind of a routing technology. So, you'll commonly find it on routers.
An IPSec VPN was developed from the security point of view, so it is mor common on firewalls. ASA's for example, support IPSec VPN's, not GRE + IPSec.
As to why vendors decide to support one technology but not another... I'm not sure.
Network Direction Thanks alot
You’re welcome
How does lowering mtu avoid fragmentation infact it will increase it so you want highest mtu interface can support
Thank u man.....
Does GRE tunnels work with Virtual Networks also? So two virtual networks could communicate on a SD-WAN via GRE Tunneling?
SD-WAN uses a lot of technologies 'under the hood', including tunnels (possibly GRE), MPLS, VXLAN, and thinkg like these. Each provider implements it differently though
enabling jumbo frames help with GRE and why or why not?
I appreciate the effort and time spent to make this video, however, there are just too many mistakes in the content for this specific demonstration, which is dangerous and frustrating for those who really took the time to understand the configuration and even emulate the exercise. I think there are mistakes in the destination IP address: 20.20.20.20/24 > 10.20.20.20/24. In the explanation of how the packets travel through the OVERLAY VTI's or GRE tunnel, NOT UNDERLAY as you mentioned in the video, and also I am not sure if you meant 172.16.1.1 and 172.16.1.2 and forgot to specify the CIDR here...as well. Again, not trying to troll or anything but I think this video should be removed, corrected, and re-posted for the sake of all members subscribed. There are a lot of people commenting on things like, great work, awesome video, great explanation, and we know that they definitely didn't understand what they just watched. Thank you for all you do, as I am subscribed and love some of the other videos you have put together, but, unfortunately, after checking this GRE one very carefully, I will have to be very careful going forward when following the videos you post. Hope this feedback is helpful.
perfect
Thank you!
Thanks for Very good Explanation , how did you put IP address in tunnel source command ?? it should be interface
You can use either, but using the IP allows the router to choose the best interface based on the address.
In some cases this will improve stability (covered in the following videos)
nice...
Thanks!
only problem with this description - is you have a RFC 1911 on the left that will NOT route across the Internet. Would have been nice if the example was more realistic in such a way that it would work in a real world scenario.
Do you mean RFC1918?
5:28 you said 1436 when I think you meant to say 1476
Is this still true? I didn't think you could advertise OSPF over GRE as the interfaces would be flapping when trying to send ospf packets to the endpoint?
Hi Jordan
Thanks for your comment! What you are describing is route recursion. This can happen if you do it wrong, but OSPF over GRE is just fine if you do it right. I believe the next video in this series discusses this further. 😃
Have a great day!
Those virtual interfaces build an ARP cache?
If yes, how do they seem?
The ARP cache will build for anything with L2 adjacency
Destination address should be 192.168.2.1 instead of 192.168.1.2
Thank you! Unfortunately, I can't go back and change it
i think you missed the static route explanation thats needed here
Do you mean explaining what static routes are, or how they're used for this application?
@@NetworkDirection yeah i meant for this application, ie how do the two edges know how to get to each other and how do we force traffic over the tunnel. also how not to cause recursive routing issues. but the video was information nonetheless.
aha so very very simple. Basically it adds what is called "Outer IP" header which has the ISPs routers IPs which are PUBLIC IPs so the routers over the Internet (/WAN) KNOW where they are. And there is also the small gre header that says what the original IP version is being used by the private hosts with private, non-routable IP addresses.
So you stick public IPs on top of the packet and route it as normal. By the time it arrives at the destination and it is de-encapsulated the private host will see it's private ip (non-routable) that it knows. So easy it's a joke haha