IPSec doesn't understand MPLS. IPSec is a l3 protocol, while ldp is l2. There
are link level bulk encryptors that can do this if you have point to point
links.
There is a big cost benefit to running it this way. Of course some more
operational complexity. Each organization has to evaluate based on their own
needs and constraints.
David
-- I'm currently all thumbs so I apologize for the short message. On Feb 12, 2012, at 2:40 AM, "CCIE KID" <eliteccie_at_gmail.com> wrote: > Hi all > > I understood the logic of using GRE over MPLS now. It seems that my > customer is encrypting the banking traffic from their branch office to head > office and they r using GRE for encapsulating the entire MPLS L2VPN traffic > from the customer site and encapsulating in GRE and then Encrypting using > IPsec and then sending it over the tunnel tail end and decryption happens > there . > > So why cant just encrypt raw MPLS frame rather than another overhead like > GRE or else is there any use for it > > I know IPSec cant encypt multicast traffic and u cant run routing protocols > to it. But why not only MPLS ? > > > > On Sun, Feb 12, 2012 at 5:54 AM, David Prall <dcp_at_dcptech.com> wrote: > > > If you want to run MPLS over a L3 provider, or you want to encrypt all the > > traffic. Rather than running multiple IPSec sessions, one for each VRF, > > just > > run MPLS over GRE over IPSec. > > > > David > > > > -- > > http://dcp.dcptech.com > > > > > > > > -----Original Message----- > > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of > > CCIE > > KID > > Sent: Saturday, February 11, 2012 2:22 PM > > To: Cisco certification > > Subject: MPLS over GRE > > > > Hi fellas, > > > > Why it is necessary to run MPLS over GRE. Is there any design consideration > > for running MPLS over GRE?. > > What is the purpose of it? > > My customer is running MPLS over GRE and i dont understand why they do so ? > > Is there any reason behind it ? > > > > -- > > With Warmest Regards, > > > > CCIE KID > > CCIE#29992 (Security) > > > > > > Blogs and organic groups at http://www.ccie.net > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > > > > > > > > > -- > With Warmest Regards, > > CCIE KID > CCIE#29992 (Security) > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Sun Feb 12 2012 - 06:39:12 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART