Articles
recent

GRE Tunnel : Small Packet Padding in GRE tunnel


Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork. GRE packets that are encapsulated within IP use IP protocol type 47. GRE encapsulation includes a 4 byte GRE header and a 20 Byte IP field.

Issue
The GRE encapsulated packets is encrypted by a third party encryption device. This encryptor drops frames that have extra padding which applies to any native ethernet frame that was received by the 7K and less than 64 bytes.

Theoretically the padding is no longer required since the GRE encapsulation will ensure that the frame is now above the minimum ethernet size. 

Fig 1.1- GRE Tunnel between Nexus 7k 
Also the padding is on the layer 2 and not on Layer 3 as you notice in the snapshots. Hardware switching platforms retaining the padding is an expected behaviour. Changes will have to be made by the encryption device to allow the padded packets to pass through.

What is a smaller size packet?
There is a possibility of a small to nothing payload that could be sent across the network. These packets could be any IP packet. 
Fig 1.2- Packets captured
Both these packets shown in the below diagram have to be padded so that they meet the minimum Ethernet frame size which is 64 bytes (This includes a 4 byte FCS which is not shown on Wireshark)

Fig 1.3- Packet Padding
When this packet has to pass through the GRE tunnel, certain devices (software routers like ISR) can strip off the padding while hardware based platform like Nexus 7K/Cat6800 etc will retain the padding.

Popular Posts

Powered by Blogger.