1
00:00:00,180 --> 00:00:01,020
In this lesson,

2
00:00:01,020 --> 00:00:04,140
we're going to cover Generic Routing Encapsulation.

3
00:00:04,140 --> 00:00:05,790
Generic Routing Encapsulation,

4
00:00:05,790 --> 00:00:08,189
more commonly referred to as GRE,

5
00:00:08,189 --> 00:00:10,320
is a tunneling protocol used to encapsulate

6
00:00:10,320 --> 00:00:12,570
a wide variety of network layer protocols

7
00:00:12,570 --> 00:00:14,700
inside a virtual point-to-point link

8
00:00:14,700 --> 00:00:17,160
over an Internet Protocol network.

9
00:00:17,160 --> 00:00:19,020
GRE tunnels will operate at Layer 3

10
00:00:19,020 --> 00:00:21,210
or the network layer of the OSI model,

11
00:00:21,210 --> 00:00:22,380
and they're set up and configured

12
00:00:22,380 --> 00:00:24,180
on your network's routers.

13
00:00:24,180 --> 00:00:27,090
Now, why might we want to use Generic Routing Encapsulation

14
00:00:27,090 --> 00:00:28,650
inside of our networks?

15
00:00:28,650 --> 00:00:31,350
Well, many networks have to send and receive data

16
00:00:31,350 --> 00:00:34,590
while using a wide variety of protocols and technologies.

17
00:00:34,590 --> 00:00:36,120
Each of these will speak its own language

18
00:00:36,120 --> 00:00:38,190
and has its own rules that it relies on.

19
00:00:38,190 --> 00:00:40,470
So to keep everything operating smoothly,

20
00:00:40,470 --> 00:00:43,110
we can opt to use Generic Routing Encapsulation

21
00:00:43,110 --> 00:00:44,970
as a type of universal translator

22
00:00:44,970 --> 00:00:46,590
that will allow all these different protocols

23
00:00:46,590 --> 00:00:47,970
to communicate and traverse

24
00:00:47,970 --> 00:00:50,190
over a shared network infrastructure.

25
00:00:50,190 --> 00:00:51,660
This is especially useful

26
00:00:51,660 --> 00:00:53,730
when we're connecting similar network topologies

27
00:00:53,730 --> 00:00:55,920
over a different intermediate network.

28
00:00:55,920 --> 00:00:59,130
In fact, that's the use case I personally have used GRE for

29
00:00:59,130 --> 00:01:00,480
in my past work.

30
00:01:00,480 --> 00:01:02,820
My organization had multiple branch offices

31
00:01:02,820 --> 00:01:05,430
spread out across the country we were operating in.

32
00:01:05,430 --> 00:01:07,200
We had our main offices in one city.

33
00:01:07,200 --> 00:01:08,850
We had branch locations in other cities

34
00:01:08,850 --> 00:01:10,080
all around the country,

35
00:01:10,080 --> 00:01:12,840
and one such city was about 50 miles away.

36
00:01:12,840 --> 00:01:15,540
Now, each of these offices does have its own network setup,

37
00:01:15,540 --> 00:01:17,940
and they're operating smoothly within their own offices.

38
00:01:17,940 --> 00:01:20,610
But we also wanted these offices to be able to communicate

39
00:01:20,610 --> 00:01:22,500
back with each other and share resources

40
00:01:22,500 --> 00:01:25,020
securely and efficiently over the internet.

41
00:01:25,020 --> 00:01:26,130
But we didn't want to have to pay

42
00:01:26,130 --> 00:01:27,870
for an expensive dedicated lease line

43
00:01:27,870 --> 00:01:29,670
between those two locations.

44
00:01:29,670 --> 00:01:32,250
So, instead, we purchased a local internet connection

45
00:01:32,250 --> 00:01:33,480
for both locations,

46
00:01:33,480 --> 00:01:36,780
and then we create a GRE tunnel between the two offices.

47
00:01:36,780 --> 00:01:39,300
Essentially, we create a private and direct link

48
00:01:39,300 --> 00:01:40,890
over a public internet connection

49
00:01:40,890 --> 00:01:42,870
for our two branch offices.

50
00:01:42,870 --> 00:01:44,850
Now, anytime users need to exchange data

51
00:01:44,850 --> 00:01:46,200
between these two offices,

52
00:01:46,200 --> 00:01:48,480
the data would simply be encapsulated and isolated

53
00:01:48,480 --> 00:01:50,130
from the other traffic on the internet

54
00:01:50,130 --> 00:01:52,020
by sending it through this GRE tunnel

55
00:01:52,020 --> 00:01:54,240
to maintain the integrity and confidentiality

56
00:01:54,240 --> 00:01:55,860
of our user's data.

57
00:01:55,860 --> 00:01:58,380
In essence, GRE forms a protective bubble

58
00:01:58,380 --> 00:01:59,670
around our data packets

59
00:01:59,670 --> 00:02:01,680
that allows them to travel through the other network

60
00:02:01,680 --> 00:02:03,000
without being interfered with

61
00:02:03,000 --> 00:02:04,950
or being subject to prying eyes

62
00:02:04,950 --> 00:02:08,130
that are trying to hurt the confidentiality of that data.

63
00:02:08,130 --> 00:02:09,247
Now, you may be wondering,

64
00:02:09,247 --> 00:02:10,926
"Why would we use a GRE tunnel

65
00:02:10,926 --> 00:02:13,027
"instead of just using a site-to-site VPN

66
00:02:13,027 --> 00:02:15,000
"for this type of configuration?"

67
00:02:15,000 --> 00:02:18,360
Well, GRE is favored for its simplicity and efficiency

68
00:02:18,360 --> 00:02:20,640
in encapsulating multiple protocol types,

69
00:02:20,640 --> 00:02:21,540
and this makes it ideal

70
00:02:21,540 --> 00:02:23,370
for connecting heterogeneous networks

71
00:02:23,370 --> 00:02:25,200
like those of the two branch offices

72
00:02:25,200 --> 00:02:26,940
on different sides of the city.

73
00:02:26,940 --> 00:02:29,850
While A VPN could provide more robust security features,

74
00:02:29,850 --> 00:02:32,280
a GRE tunnel can be used when the main objective

75
00:02:32,280 --> 00:02:34,320
is to encapsulate protocols for tunneling

76
00:02:34,320 --> 00:02:35,820
without the additional overhead created

77
00:02:35,820 --> 00:02:39,180
by using those encryption techniques inside of a VPN.

78
00:02:39,180 --> 00:02:42,030
This means GRE becomes a more lightweight solution

79
00:02:42,030 --> 00:02:43,680
for our network data encapsulation

80
00:02:43,680 --> 00:02:46,950
than it would be if we set up a full site-to-site VPN.

81
00:02:46,950 --> 00:02:48,420
Now, in our specific use case,

82
00:02:48,420 --> 00:02:49,320
we were already using

83
00:02:49,320 --> 00:02:51,420
bulk network traffic encryption devices

84
00:02:51,420 --> 00:02:52,440
to be able to encrypt our data

85
00:02:52,440 --> 00:02:54,750
before we sent it over that GRE tunnel.

86
00:02:54,750 --> 00:02:57,090
And this specialized hardware device was much faster

87
00:02:57,090 --> 00:02:59,700
than using a traditional site-to-site VPN.

88
00:02:59,700 --> 00:03:01,440
So GRE tunnels can be ideal

89
00:03:01,440 --> 00:03:03,720
for some specific use cases like ours,

90
00:03:03,720 --> 00:03:05,700
but other times you might just opt to use

91
00:03:05,700 --> 00:03:07,710
a site-to-site VPN instead.

92
00:03:07,710 --> 00:03:10,530
Or if you really want secure and encrypted communications

93
00:03:10,530 --> 00:03:12,510
over untrusted networks like the internet,

94
00:03:12,510 --> 00:03:14,430
you can also opt to combine GRE

95
00:03:14,430 --> 00:03:16,230
with some kind of VPN technology

96
00:03:16,230 --> 00:03:18,810
to provide you both the encapsulation from GRE

97
00:03:18,810 --> 00:03:21,840
and the encryption from the VPN in your networks.

98
00:03:21,840 --> 00:03:24,330
Now, it's important to note that GRE isn't just about

99
00:03:24,330 --> 00:03:26,164
creating private tunnels though.

100
00:03:26,164 --> 00:03:27,420
GRE is also a great tool

101
00:03:27,420 --> 00:03:29,850
that provides us with the versatility and integration

102
00:03:29,850 --> 00:03:31,560
by allowing different network protocols

103
00:03:31,560 --> 00:03:33,180
to coexist and collaborate

104
00:03:33,180 --> 00:03:35,880
if you're using heterogeneous network environments.

105
00:03:35,880 --> 00:03:38,460
Generic Routing Encapsulation is not merely a bridge

106
00:03:38,460 --> 00:03:40,620
between two points like a VPN would be,

107
00:03:40,620 --> 00:03:43,620
but, instead, it also acts as a type of universal translator

108
00:03:43,620 --> 00:03:46,080
to make seemingly incompatible network protocols

109
00:03:46,080 --> 00:03:48,270
work together harmoniously.

110
00:03:48,270 --> 00:03:51,690
So remember, the Generic Routing Encapsulation, or GRE,

111
00:03:51,690 --> 00:03:53,790
is a tunneling protocol used to encapsulate

112
00:03:53,790 --> 00:03:56,190
a wide variety of network layer protocols

113
00:03:56,190 --> 00:03:58,470
inside of a virtual point-to-point link

114
00:03:58,470 --> 00:04:00,570
over an Internet Protocol network.

115
00:04:00,570 --> 00:04:02,640
Our GRE tunnels operate at Layer 3

116
00:04:02,640 --> 00:04:04,800
or the network layer of the OSI model,

117
00:04:04,800 --> 00:04:07,710
and they're set up and configured on your network's routers.

118
00:04:07,710 --> 00:04:09,570
These GRE tunnels can also be used

119
00:04:09,570 --> 00:04:11,820
to connect multiple branch office locations together

120
00:04:11,820 --> 00:04:13,890
and provide a safe and secure tunneling mechanism

121
00:04:13,890 --> 00:04:16,170
over a public network like the internet

122
00:04:16,170 --> 00:04:17,702
for specific use cases.