GRE (Generic Routing Encapsulation) and VXLAN (Virtual eXtensible Local Area Network) are two protocols used to create tunnels, but they have different purposes, features, and use cases. Let’s look at the main differences:


1. Main Purpose

  • GRE:
  • A general-purpose tunneling protocol designed to encapsulate a wide range of network protocols (IP, MPLS, etc.) inside IP.
  • Used primarily to create point-to-point tunnels (e.g. VPN).
  • VXLAN:
  • A protocol designed to create overlay networks on top of existing IP networks.
  • Main purpose – extending VLANs in data centers with support for up to 16 million network segments.

2. Encapsulation

  • GRE:
  • Encapsulates the original packet in a new IP header.
  • Suitable for any type of traffic (multicast, IPv6, etc.).
  • VXLAN:
  • Uses UDP to encapsulate Ethernet frames.
  • Adds a VXLAN header (with VLAN ID) and a UDP header on top of the base IP.

3. Scalability

  • GRE:
  • Limited in scalability as it does not provide the means for segmentation or large-scale use of networks.
  • VXLAN:
  • Provides enormous scalability thanks to the VXLAN Identifier (VNI, 24 bits) that supports up to 16 million unique network segments. This makes VXLAN preferable for large data centers.

4. Compatibility

  • GRE:
  • Simple and supported by almost all network devices and operating systems.
  • VXLAN:
  • Requires UDP support and VXLAN compatibility on end devices (e.g. virtual switches or routers).

5. NAT Compatibility

  • GRE:
  • Does not support NAT transit directly, as GRE packets do not contain ports. This makes them problematic in NAT networks.
  • VXLAN:
  • Uses UDP, which allows NAT traversal, making VXLAN preferable in NAT networks.

Usage:

  • GRE:
  • Connecting offices via VPN.
  • Tunneling non-standard protocols.
  • VXLAN:
  • Network virtualization in cloud infrastructures.
  • Expansion of L2 segments in data centers.

Thus, GRE is more focused on universal encapsulation, and VXLAN is designed for scalable network virtualization solutions.

If you have a VPS or a Dedicated Server with /64 IPv6 subnet and want to use it on your device at home to make it accessible from the internet directly, you can make a tunnel through the Yggdrasil network.

Yggdrasil network is already end to end encrypted, so we can use vxlan over it for this purpose.

On the server with IPv6 subnet we have to install bridge-utils and configure bridge to our external interface:
apt install bridge-utils
brctl addbr br0
brctl addif br0 eth0

then we need to add a vxlan to the server and connect it to the bridge also:
ip link add vxlan0 type vxlan id 42 local $YGGDRASIL_SERVER_IP remote $YGGDRASIL_HOME_IP dstport 4789

where $YGGDRASIL_SERVER_IP and $YGGDRASIL_HOME_IP – your server’s IP in the Yggdrasil network, and home device’s IP in the Yggdrasil network accordingly.

Making the interfaces up:
ip link set up br0
ip link set up vxlan0

Now we are going to the home device:
ip link add vxlan0 type vxlan id 42 local $YGGDRASIL_HOME_IP remote $YGGDRASIL_SERVER_IP dstport 4789
ip link set up vxlan0
ip a a $your_real_ip_from_the_servers_subnet/64 dev vxlan0
route -6 add default gw $your_servers_ipv6_gateway

Thats it.

How to install and configura Yggdrasil network read on the developer’s website. Maybe I’ll write an article later.