• Created on:2021-08-22 18:04:54
  • What is GRE and how does it differ from IP-in-IP?

What is Generic Routing Encapsulation (GRE)?

Generic Routing Encapsulation (GRE) is a simple protocol for encapsulating internet packets to route protocols over IP networks as defined by RFC 2784. It has been developed as a tool for conveying a tunneling OSI Layer 3 protocol over an IP network. In essence, the GRE creates a point-to-point private connection like a virtual private network (VPN). Generic Routing Encapsulation works by encapsulating a payload - that is, an internal packet to be delivered to a destination network - within an outer IP packet. GRE tunnel endpoints send payloads into GRE tunnels for routing packets to other IP networks. Other IP routers along the path do not analyze the payload (the inner packet); they analyze the external IP packet as they send it to the end of the GRE tunnel. After reaching the endpoint GRE tunnel encapsulation is removed and the payload is transmitted along with its final destination.

In contrast to IP-in-IP, GRE tunnels have the following advantages:

GRE tunnels wrap multiple protocols on a single backbone protocol. GRE tunnels provide solutions for networks with limited hops. GRE tunnels connecting discontinuous subnets. GRE tunnels allow VPN wide area networks (WAN). Better support on devices and systems that miss-interoperate IP-in-IP packets or are unable to forward them. When using the optional tunnel identifier field can support up to 64K tunnels between two unique endpoints (IPv4 pairs) An optional checksum field can be utilized for integrity checking of the contained packet An optional sequence field for ensuring the order of received packets is maintained over the tunnel, may be useful for some UDP applications

Security The additional key field that is available in the GRE protocol can be used to provide additional tunnel authentication which increases security by increasing the key space which the 32-bit source address represents. What is IP-in-IP?

IP-in-IP is an even simpler encapsulating protocol, using this technique IP packets are encapsulated only in an additional IP header. So unlike GRE tunnels, an IP-in-IP tunnel cannot carry multicast traffic, other protocols or IPv6 between networks.

In contrast to GRE tunnels, IP-in-IP tunnels have the following advantages: Lower overhead due to fewer layers encapsulated

The use of IP packets for encapsulation can allow for support (e.g. forwarding) on devices not supporting the GRE protocol Supports a single tunnel between two endpoints. In modern times IP-in-IP has decreased in popularity as the overheads of GRE are minimal at best. However, there remain niche applications where IP-in-IP remains in use.

Platform Support

Both protocols are supported natively on Linux and BSD via iputils. Windows does not support either natively, however with the aid of our Windows tunnel client (available to all customers) our customers are able to use either.


Unless you are encapsulating non-IP protocols, such as routing protocols or protocols used for research purposes IP-in-IP encapsulation is often a suitable protocol at a lower overhead to GRE, however, GRE has slightly better security. Given that the overhead difference is minor we would recommend that if you can you use GRE instead of IP-in-IP encapsulation.