It is so weird how perfectly timed these videos are coming out to my studying. When I was looking into learning VRF's you released an excellent video series on VRF's. Now when I want to brush up on VPN's you release this video at the perfect time. Keep up the awesome work! Hopefully the next series will be MPLS.
I am currently learning CCNP Enterprise Encor and found this video series on 'GRE' along with the 'VXLan' and 'VRF' videos very informative with clear explanations. Thank you for posting these videos, will you be posting any others that will be helpful with the CCNP Enterprise course?
@@NetworkDirection But, if the router did have reachability to 20.20.20.20 (and 20.20.20.20 was the correct destination IP), the GRE tunnel will go up without issues no?
SD-WAN uses a lot of technologies 'under the hood', including tunnels (possibly GRE), MPLS, VXLAN, and thinkg like these. Each provider implements it differently though
I'm not sure I understand correct... GRE is a type of VPN. It's different to the app that you install on your computer to connect into the office from home. GRE is different, as you're not connecting a single device to the network virtually. Instead, you're creating a virtual link between entire networks. Does that help?
Network Direction Thanks. The confusion I have is why to go for site-2-site Vpn and not gre/ipsec. Is there any reason that most people deploy the vpn and not secure gre?
Ah, I understand now. Not everything supports GRE. GRE is kind of a routing technology. So, you'll commonly find it on routers. An IPSec VPN was developed from the security point of view, so it is mor common on firewalls. ASA's for example, support IPSec VPN's, not GRE + IPSec. As to why vendors decide to support one technology but not another... I'm not sure.
You can use either, but using the IP allows the router to choose the best interface based on the address. In some cases this will improve stability (covered in the following videos)
I appreciate the effort and time spent to make this video, however, there are just too many mistakes in the content for this specific demonstration, which is dangerous and frustrating for those who really took the time to understand the configuration and even emulate the exercise. I think there are mistakes in the destination IP address: 20.20.20.20/24 > 10.20.20.20/24. In the explanation of how the packets travel through the OVERLAY VTI's or GRE tunnel, NOT UNDERLAY as you mentioned in the video, and also I am not sure if you meant 172.16.1.1 and 172.16.1.2 and forgot to specify the CIDR here...as well. Again, not trying to troll or anything but I think this video should be removed, corrected, and re-posted for the sake of all members subscribed. There are a lot of people commenting on things like, great work, awesome video, great explanation, and we know that they definitely didn't understand what they just watched. Thank you for all you do, as I am subscribed and love some of the other videos you have put together, but, unfortunately, after checking this GRE one very carefully, I will have to be very careful going forward when following the videos you post. Hope this feedback is helpful.
only problem with this description - is you have a RFC 1911 on the left that will NOT route across the Internet. Would have been nice if the example was more realistic in such a way that it would work in a real world scenario.
Is this still true? I didn't think you could advertise OSPF over GRE as the interfaces would be flapping when trying to send ospf packets to the endpoint?
Hi Jordan Thanks for your comment! What you are describing is route recursion. This can happen if you do it wrong, but OSPF over GRE is just fine if you do it right. I believe the next video in this series discusses this further. 😃 Have a great day!
@@NetworkDirection yeah i meant for this application, ie how do the two edges know how to get to each other and how do we force traffic over the tunnel. also how not to cause recursive routing issues. but the video was information nonetheless.
aha so very very simple. Basically it adds what is called "Outer IP" header which has the ISPs routers IPs which are PUBLIC IPs so the routers over the Internet (/WAN) KNOW where they are. And there is also the small gre header that says what the original IP version is being used by the private hosts with private, non-routable IP addresses. So you stick public IPs on top of the packet and route it as normal. By the time it arrives at the destination and it is de-encapsulated the private host will see it's private ip (non-routable) that it knows. So easy it's a joke haha
It is so weird how perfectly timed these videos are coming out to my studying. When I was looking into learning VRF's you released an excellent video series on VRF's. Now when I want to brush up on VPN's you release this video at the perfect time. Keep up the awesome work! Hopefully the next series will be MPLS.
That is uncanny!
I have been thinking about basic MPLS as a series. Won’t be next, but hopefully soon
LOL same 😂
Nice!
Best video on GRE ! Surfed over 5-6 videos before landing to this.
thanks buddy for creating this series. i read a lot but could not get through before , but today atlast i got.
keep making such videos
It's so good to hear that these videos are helping you
Very simple, high level overview of what a GRE tunnel is/does. Well done. Thank you!
You're welcome!
Overlay network using GRE Tunnel- nicely explained, Thanks
Thanks for creating and sharing with us!! Perfect explanation for us that are new to GRE!!! Cheers!
What a great video. Really useful the commands were at the bottom and you explained the difference between source and destination
Thank you, very clear and easy to understand. Please continue to make videos like this - highly appreciate it.
You're welcome! I'm currently working on extending this with DMVPN
Finally some quality tutorials, great work!
I appreciate the feedback Pawel, thanks!
Just saw this video after I had a question in CCNA about GRE.
This is amazing. Thank you for putting this together.
May I ask what you're doing in life now with a bit over 4 years in the field ? (if you stuck to the field ofc) I just wanna get an idea
I am currently learning CCNP Enterprise Encor and found this video series on 'GRE' along with the 'VXLan' and 'VRF' videos very informative with clear explanations. Thank you for posting these videos, will you be posting any others that will be helpful with the CCNP Enterprise course?
The way you demonstrated is simply amazing.... Would you mind to share low level stuff on ikev1 &2..... Thanks again.
Thank you!
I might revisit IKE. I'll add it to my list, thanks again
There is a mistake with address on topology and set for tunnel src/dst addr. 20.20.20.20 and 10.20.20.20.
Anyway, great series :) thx for that.
You're absolutely right! Sorry everyone, the topology says 20.20.20.20 when it should say 10.20.20.20
Thanks for noticing this
@@NetworkDirection would this type of mis-configuration show a tunnel up/down or a reset/up? BTW, Great Explanation!
@@jnev9046 Do you mean if we put in the wrong destination IP?
I think this would mark the tunnel as up, but it wouldn't work
@@NetworkDirection But, if the router did have reachability to 20.20.20.20 (and 20.20.20.20 was the correct destination IP), the GRE tunnel will go up without issues no?
pin this comment! :P
It is a nice explanation of packet encapsulation (starts from 6 min), but i dont understand where is the role of a tunnel - 192.168.1.0 network???
Good and simple explanation !!
Awesome explanation, thanks!
Glad you enjoyed it!
super helpful video, thank you!
Good to hear, thanks!
Amazing video I understand gre now
Awesome !!!
I like very much the animated explanation ♥️
Thank you Sir
Another great explaination!
Thanks Daniel! So happy that it makes sense.
Looking forward to seeing GRE tunnels with IPSec?
@@NetworkDirection Definitely! Always enjoy your well presented and explained videos
Very beautiful. Thankyou so much 🎉🎉
Thank you so much!!! Great video!!
You're welcome!
very nice explanation - may be a LAB would have been an icing on the cake
This was fantastic, looking forward the the encryption component,
I aim to please 😁
I have no idea what you're talking about but you're better than a college professor definitely...
Excellent video thank you so much for the breakdown.
Glad to help!
Wow very nicely explained
Thanks for this well-explained nuggets :)
You're very welcome!
very good. Keep going,
Awesome video, thanks!
Thank you. Great explanation as always. Will you cover the IPSec tunnel in this series?
Absolutely! Give me two weeks, and you’ll have a video on adding IPSec to the GRE tunnel, including the basics of how IPSec works
Network Direction Awesome! :)
Excellent explanation!! I appreciate that 👍🏼
Glad it was helpful!
man, that's a fantastic video!
Thanks!
Thank you for simplifying gre!
My pleasure!
best explained !!!
Thank you!
Does GRE tunnels work with Virtual Networks also? So two virtual networks could communicate on a SD-WAN via GRE Tunneling?
SD-WAN uses a lot of technologies 'under the hood', including tunnels (possibly GRE), MPLS, VXLAN, and thinkg like these. Each provider implements it differently though
Thanks. Plz emphasis more on vpn vs gre application, similarity and differences
I'm not sure I understand correct...
GRE is a type of VPN. It's different to the app that you install on your computer to connect into the office from home.
GRE is different, as you're not connecting a single device to the network virtually. Instead, you're creating a virtual link between entire networks.
Does that help?
Network Direction Thanks. The confusion I have is why to go for site-2-site Vpn and not gre/ipsec. Is there any reason that most people deploy the vpn and not secure gre?
Ah, I understand now.
Not everything supports GRE. GRE is kind of a routing technology. So, you'll commonly find it on routers.
An IPSec VPN was developed from the security point of view, so it is mor common on firewalls. ASA's for example, support IPSec VPN's, not GRE + IPSec.
As to why vendors decide to support one technology but not another... I'm not sure.
Network Direction Thanks alot
You’re welcome
Thanks for Very good Explanation , how did you put IP address in tunnel source command ?? it should be interface
You can use either, but using the IP allows the router to choose the best interface based on the address.
In some cases this will improve stability (covered in the following videos)
good series
Thank you!
Read more here: networkdirection.net/GRE+Tunnels
Try the lab here: networkdirection.net/labsandquizzes/labs/lab-gre-tunnels/
great explanation!
Thanks!
Great Explanation.. Thanks.
Thanks great material
enabling jumbo frames help with GRE and why or why not?
Thank you!
Nicely done!
Those virtual interfaces build an ARP cache?
If yes, how do they seem?
The ARP cache will build for anything with L2 adjacency
How does lowering mtu avoid fragmentation infact it will increase it so you want highest mtu interface can support
I appreciate the effort and time spent to make this video, however, there are just too many mistakes in the content for this specific demonstration, which is dangerous and frustrating for those who really took the time to understand the configuration and even emulate the exercise. I think there are mistakes in the destination IP address: 20.20.20.20/24 > 10.20.20.20/24. In the explanation of how the packets travel through the OVERLAY VTI's or GRE tunnel, NOT UNDERLAY as you mentioned in the video, and also I am not sure if you meant 172.16.1.1 and 172.16.1.2 and forgot to specify the CIDR here...as well. Again, not trying to troll or anything but I think this video should be removed, corrected, and re-posted for the sake of all members subscribed. There are a lot of people commenting on things like, great work, awesome video, great explanation, and we know that they definitely didn't understand what they just watched. Thank you for all you do, as I am subscribed and love some of the other videos you have put together, but, unfortunately, after checking this GRE one very carefully, I will have to be very careful going forward when following the videos you post. Hope this feedback is helpful.
only problem with this description - is you have a RFC 1911 on the left that will NOT route across the Internet. Would have been nice if the example was more realistic in such a way that it would work in a real world scenario.
Do you mean RFC1918?
Thank u man.....
Is this still true? I didn't think you could advertise OSPF over GRE as the interfaces would be flapping when trying to send ospf packets to the endpoint?
Hi Jordan
Thanks for your comment! What you are describing is route recursion. This can happen if you do it wrong, but OSPF over GRE is just fine if you do it right. I believe the next video in this series discusses this further. 😃
Have a great day!
perfect
Thank you!
nice...
Thanks!
5:28 you said 1436 when I think you meant to say 1476
i think you missed the static route explanation thats needed here
Do you mean explaining what static routes are, or how they're used for this application?
@@NetworkDirection yeah i meant for this application, ie how do the two edges know how to get to each other and how do we force traffic over the tunnel. also how not to cause recursive routing issues. but the video was information nonetheless.
Destination address should be 192.168.2.1 instead of 192.168.1.2
Thank you! Unfortunately, I can't go back and change it
aha so very very simple. Basically it adds what is called "Outer IP" header which has the ISPs routers IPs which are PUBLIC IPs so the routers over the Internet (/WAN) KNOW where they are. And there is also the small gre header that says what the original IP version is being used by the private hosts with private, non-routable IP addresses.
So you stick public IPs on top of the packet and route it as normal. By the time it arrives at the destination and it is de-encapsulated the private host will see it's private ip (non-routable) that it knows. So easy it's a joke haha