From: Matheus, Joshua (Joshua.Matheus@gs.com)
Date: Tue Jan 11 2005 - 14:10:30 GMT-3
Dan,
Depending on the physical network configuration you can avoid
fragmenting packets in this scenario. For instance if you have two routers
with back-to-back Serial connections or ATM you can raise the MTU on the
serial to 1600bytes, the MTU on the GRE to 1545bytes and that way when a
packet comes in off the Ethernet segment it will have the 24 bytes for GRE
added then the 52 bytes for IPSec and leave the serial interface at (I
think) 1596bytes. If you are trying to pump the data out another Ethernet
interface though you will be out of luck on large packets. GRE will fragment
the packets and process switching will take place in this case.
So the simple answer is that it depends...
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Dan
Shechter
Sent: Tuesday, January 11, 2005 11:31 AM
To: ccielab@groupstudy.com
Subject: IPSEC and GRE, does CEF works?
Hello all,
Cisco recommends configuring VPN with IPSEC/GRE combinations.
Does CEF works in such configuration?
Can IP switching, QOS classifying, GRE encapsulation, encryption (HW
or SW) and QOS congestion management be done in a single interrupt?
My hardware is 3825 and 7200 with VAM2, but a generic answer will be
more educating for me.
Thank you all,
Dan
This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:21 GMT-3