On this weblog, we’ll talk about GRE vs IPSec intimately. Earlier than that lets discover the the each sorts of protocols in temporary.
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in an effort to route different protocols over IP networks. GRE is outlined by RFC 2784.
Generic Routing Encapsulation (GRE), outlined by RFC 2784, is a straightforward IP packet encapsulation protocol. GRE is used when IP packets must be despatched from one community to a different, with out being parsed or handled like IP packets by any intervening routers.
GRE works by encapsulating a payload — that’s, an interior packet that must be delivered to a vacation spot community — inside an outer IP packet. GRE tunnel endpoints ship payloads by means of GRE tunnels by routing encapsulated packets by means of intervening IP networks.
In distinction to IP-to-IP tunneling, GRE tunneling can transport multicast and IPv6 site visitors between networks. Benefits of GRE tunnels embody the next:
- GRE tunnels encase a number of protocols (IPX) over a single-protocol spine.
- GRE tunnels present workarounds for networks with restricted hops.
- GRE tunnels join discontinuous sub-networks.
- GRE tunnels enable VPNs throughout broad space networks (WANs).
Associated – GRE over IPsec vs IPsec over GRE
The IP Safety (IPsec) Encapsulating Safety Payload (ESP), outlined by RFC 2406, additionally encapsulates IP packets. Nonetheless, it does so for a unique cause: To safe the encapsulated payload utilizing encryption. IPsec ESP is used when IP packets must be exchanged between two techniques whereas being protected in opposition to eavesdropping or modification alongside the best way.
The IP Safety (IPsec) Protocol is a standards-based methodology of offering privateness, integrity, and authenticity to info transferred throughout IP networks. IPsec gives IP network-layer encryption. IPsec lengthens the IP packet by including a minimum of one IP header (tunnel mode). The added header(s) varies in size relying the IPsec configuration mode however they don’t exceed ~58 bytes (Encapsulating Safety Payload (ESP) and ESP authentication (ESPauth)) per packet.
IPsec has two modes, tunnel mode and transport mode.
- Tunnel mode is the default mode. With tunnel mode, your complete authentic IP packet is protected (encrypted, authenticated, or each) and encapsulated by the IPsec headers and trailers. Then a brand new IP header is prepended to the packet, specifying the IPsec endpoints (friends) because the supply and vacation spot. Tunnel mode can be utilized with any unicast IP site visitors and should be used if IPsec is defending site visitors from hosts behind the IPsec friends. For instance, tunnel mode is used with Digital Non-public Networks (VPNs) the place hosts on one protected community ship packets to hosts on a unique protected community by way of a pair of IPsec friends. With VPNs, the IPsec “tunnel” protects the IP site visitors between hosts by encrypting this site visitors between the IPsec peer routers.
- Transport mode (configured with the subcommand, mode transport, on the rework definition), solely the payload of the unique IP packet is protected (encrypted, authenticated, or each). The payload is encapsulated by the IPsec headers and trailers. The unique IP headers stay intact, besides that the IP protocol subject is modified to be ESP (50), and the unique protocol worth is saved within the IPsec trailer to be restored when the packet is decrypted. Transport mode is used solely when the IP site visitors to be protected is between the IPsec friends themselves, the supply and vacation spot IP addresses on the packet are the identical because the IPsec peer addresses. Usually IPsec transport mode is barely used when one other tunnelling protocol (like GRE) is used to first encapsulate the IP knowledge packet, then IPsec is used to guard the GRE tunnel packets.
GRE vs IPSec : Comparability Desk
A desk under particulars on how GRE and IPSec differ of their strategy and parameters although each are leveraged for used for level to level communication throughout areas.
PARAMETER | GRE | IPSec |
---|---|---|
Full Kind | Generic Routing Encapsulation | IP Safety |
Objective | GRE is a protocol that encapsulates packets in an effort to route different protocols over IP networks. | The IP Safety (IPsec) Protocol is a standards-based methodology of offering privateness, integrity, and authenticity to info transferred throughout IP networks. |
Utilization | GRE is used when IP packets must be despatched from one community to a different, with out being parsed or handled like IP packets by any intervening routers. | IPsec ESP is used when IP packets must be exchanged between two techniques whereas being protected in opposition to eavesdropping or modification alongside the best way. |
Modes | Single mode – GRE Tunnel | Two Modes – Tunnel Mode and Transport Mode |
Privateness, integrity and authenticity of data | Not Supported | Supported |
Encapsulation | Encapsulation of Payload | Tunnel Mode – Complete packet is encapsulated Transport Mode – Solely payload is protected. |
Commonplace | GRE is outlined in RFC 2784 customary | IPSEC ESP is outlined in RFC2406 |
Protocol & Port | GRE use IP Protocol quantity 47 | IPSec makes use of ESP (IP protocol quantity 50) and AH (IP Protocol quantity 51). As well as IPSec makes use of IKE for negotiations (UDP Port quantity 500). |
IP Header | 4 Bytes further IP Header | Further bytes not used. |
Multicast , Routing Protocol and Routed protocol help | Supported | Not Supported |
Simplicity | Less complicated and sooner | Complicated |
Obtain the comparability desk right here.
Associated- IPSEC vs SSL