Security Mechanism

GRE supports key authentication, a security mechanism used by tunnel interfaces. This security mechanism prevents tunnel interfaces from incorrectly identifying and receiving packets from other routers.

As defined in relevant standards, if the K bit in the GRE header is set to 1, the Key field is inserted to the GRE header, and both the receiver and sender perform key authentication.

The Key field contains a four-byte number, which is inserted into the GRE header during packet encapsulation. Packets of the same traffic flow have the same Key field. When decapsulating packets, a tunnel endpoint identifies packets of the same traffic flow based on the Key field.

The authentication succeeds only if the Key fields set on both endpoints of the tunnel are consistent. If they are inconsistent, the packet is discarded. "Consistent" means that the Key fields are not set on both endpoints or the same Key field is set on both endpoints.

Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic