Hi David I guess LDP is a L3 encapsulated and i wont agree wid u on it is a
L2 protocol . Because it baiscally use TCP for transport and uses port 646
dude. So i think this wont matter much na
On Sun, Feb 12, 2012 at 5:09 PM, David Prall <dcp_at_dcptech.com> wrote:
> IPSec doesn't understand MPLS. IPSec is a l3 protocol, while ldp is l2.
> There are link level bulk encryptors that can do this if you have point to
> point links.
>
> There is a big cost benefit to running it this way. Of course some more
> operational complexity. Each organization has to evaluate based on their
> own needs and constraints.
>
> David
> --
> I'm currently all thumbs so I apologize for the short message.
>
> On Feb 12, 2012, at 2:40 AM, "CCIE KID" <eliteccie_at_gmail.com> wrote:
>
> Hi all
>
> I understood the logic of using GRE over MPLS now. It seems that my
> customer is encrypting the banking traffic from their branch office to head
> office and they r using GRE for encapsulating the entire MPLS L2VPN traffic
> from the customer site and encapsulating in GRE and then Encrypting using
> IPsec and then sending it over the tunnel tail end and decryption happens
> there .
>
> So why cant just encrypt raw MPLS frame rather than another overhead like
> GRE or else is there any use for it
>
> I know IPSec cant encypt multicast traffic and u cant run routing protocols
> to it. But why not only MPLS ?
>
>
>
> On Sun, Feb 12, 2012 at 5:54 AM, David Prall <dcp_at_dcptech.com> wrote:
>
> > If you want to run MPLS over a L3 provider, or you want to encrypt all
> the
> > traffic. Rather than running multiple IPSec sessions, one for each VRF,
> > just
> > run MPLS over GRE over IPSec.
> >
> > David
> >
> > --
> > http://dcp.dcptech.com
> >
> >
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com<nobody_at_groupstudy.com>]
> On Behalf Of
> > CCIE
> > KID
> > Sent: Saturday, February 11, 2012 2:22 PM
> > To: Cisco certification
> > Subject: MPLS over GRE
> >
> > Hi fellas,
> >
> > Why it is necessary to run MPLS over GRE. Is there any design
> consideration
> > for running MPLS over GRE?.
> > What is the purpose of it?
> > My customer is running MPLS over GRE and i dont understand why they do
> so ?
> > Is there any reason behind it ?
> >
> > --
> > With Warmest Regards,
> >
> > CCIE KID
> > CCIE#29992 (Security)
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> With Warmest Regards,
>
> CCIE KID
> CCIE#29992 (Security)
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
-- With Warmest Regards, CCIE KID CCIE#29992 (Security) Blogs and organic groups at http://www.ccie.netReceived on Sun Feb 12 2012 - 17:23:05 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART