RE: MPLS over GRE

You are correct it uses UDP or TCP, is to the all routers multicast group
224.0.0.2 with a TTL of 1. IPSec can't carry Multicast either, unless you
move to GDOI, but it is still not a multihop multicast message. Local subnet
only.

David

--
http://dcp.dcptech.com
 
From: CCIE KID [mailto:eliteccie_at_gmail.com] 
Sent: Sunday, February 12, 2012 6:53 AM
To: David Prall
Cc: Cisco certification
Subject: Re: MPLS over GRE
 
Hi David I guess LDP is a L3 encapsulated and i wont agree wid u on it is a
L2 protocol . Because it baiscally use TCP for transport and uses port 646
dude. So i think this wont matter much na
On Sun, Feb 12, 2012 at 5:09 PM, David Prall <dcp_at_dcptech.com> wrote:
IPSec doesn't understand MPLS. IPSec is a l3 protocol, while ldp is l2.
There are link level bulk encryptors that can do this if you have point to
point links. 
 
There is a big cost benefit to running it this way. Of course some more
operational complexity. Each organization has to evaluate based on their own
needs and constraints. 
David
--
I'm currently all thumbs so I apologize for the short message.
On Feb 12, 2012, at 2:40 AM, "CCIE KID" <eliteccie_at_gmail.com> wrote:
Hi all
I understood the logic of using GRE over MPLS now. It seems that my
customer is encrypting the banking traffic from their branch office to head
office and they r using GRE for encapsulating the entire MPLS L2VPN traffic
from the customer site and encapsulating in GRE and then Encrypting using
IPsec and then sending it over the tunnel tail end and decryption happens
there .
So why cant just encrypt raw MPLS frame rather than another overhead like
GRE or else is there any use for it
I know IPSec cant encypt multicast traffic and u cant run routing protocols
to it. But why not only MPLS ?
On Sun, Feb 12, 2012 at 5:54 AM, David Prall <dcp_at_dcptech.com> wrote:
> If you want to run MPLS over a L3 provider, or you want to encrypt all the
> traffic. Rather than running multiple IPSec sessions, one for each VRF,
> just
> run MPLS over GRE over IPSec.
>
> David
>
> --
> http://dcp.dcptech.com
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> CCIE
> KID
> Sent: Saturday, February 11, 2012 2:22 PM
> To: Cisco certification
> Subject: MPLS over GRE
>
> Hi fellas,
>
> Why it is necessary to run MPLS over GRE. Is there any design
consideration
> for running MPLS over GRE?.
> What is the purpose of it?
> My customer is running MPLS over GRE and i dont understand why they do so
?
> Is there any reason behind it ?
>
> --
> With Warmest Regards,
>
> CCIE KID
> CCIE#29992 (Security)
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
--
With Warmest Regards,
CCIE KID
CCIE#29992 (Security)
Blogs and organic groups at http://www.ccie.net