1. Features Guide
  2. Release 2.3 Features
  3. GRE Header Inspection Support

GRE Header Inspection Support

Oracle SD-WAN Edge release 2.3 supports the ability to inspect IP GRE frames, and apply the corresponding rule and class based on the inner IP datagram. This support is based on RFC 2784 (Generic Routing Encapsulation). This capability eliminates the complexities of configuring external DSCP or ToS reflection for IP datagrams at the endpoint of the

IP GRE tunnel. Eliminating these complexities simplifies the Oracle's implementation process and requires user to only define the appropriate rules and classes in the configuration file. Certain WAN optimization devices also use IP GRE to encapsulate their traffic. This allows the APNA to identify certain WAN optimization flows that utilize the GRE encapsulation and classifying that traffic type. There are a few design considerations when implementing this feature:

  • GRE uses IP protocol 47
  • Does not support (Oracle) TCP termination
  • Available on all Oracle appliances
  • Supports only the inner IP datagram
  • Supports GRE Header checksums

The GRE header inspection is enabled by default. The user must define the rules to map the inner protocol to a specific class. To monitor this capability the user should be aware of any IP GRE that exists in their infrastructure. The appliance will automatically identify these flows and display them in the flow table. Based on the Inner protocol, the appliance may apply any configured rule or the flow may default to an existing default rule. Figure 2 illustrates the flow page of an appliance where a GRE flow has been identified.

INSERT ALT TEXT

Figure 2 illustrates a flow that is encapsulated in a GRE tunnel. From the flow displayed, the IP Protocol (IPP) field is defined as GRE/TCP. This indicates that this is a GRE encapsulated flow and an inner IP field (protocol 1, ICMP). If the inner IP protocol was telnet, for example, the system would display GRE/TCP, and 23 would be under the destination port column. Now that the application is known, an existing rule for TCP telnet can be applied. This defined rule would classify the flow as an interactive flow, which would map to the Interactive class (Class 11).

In previous releases, the user would only see IPP 47. Any rules used to classify the traffic would require the traffic to be marked by either ToS or DSCP. The GRE header inspection now simplifies the deployment of the Oracle appliance when GRE tunneling is used within an infrastructure. This eliminates the need for marking the GRE frames based on the inner IP protocol.