Dynamic L3 VPNs using mGRE Tunnels

Hi,

I've been doing some reading on this topic given some people suggest its worth covering for the CCIE SP lab exam.

To me the point of this is if you dont have an MPLS backbone (enterprise for example) and want to create L3 VPNs between customer sites (departments etc.). However given the configuration for this it seems a load easier to just enable MPLS in the core, rather than create mGRE tunnels (still need VRFs, MP-BGP and redistriubtion) - so I guess my question is what is the point of this and where would you use it?

Thanks

Comments












  • It is quite a simple answer. Many banks etc require encryption.
    Therefore you run an overlay VPN on top of your MPLS Core to off secure site to
    site services. Always keep in mind that mpls offers segregation of routes but
    not secure communication of traffic. Therefore with the mGRE you can then run
    IPSec Tunnels

     

    Hope that answers your question

     

    James

     

    From: [email protected]
    [mailto:[email protected]] On Behalf Of pkg

    Sent: Tuesday, October 07, 2008 2:14 PM

    To: [email protected]

    Subject: [CCIE SP] Dynamic L3 VPNs using mGRE Tunnels

     

    Hi,

    I've been doing some reading on this topic given some people suggest its
    worth covering for the CCIE SP lab exam.

    To me the point of this is if you dont have an MPLS backbone (enterprise for
    example) and want to create L3 VPNs between customer sites (departments etc.).
    However given the configuration for this it seems a load easier to just enable
    MPLS in the core, rather than create mGRE tunnels (still need VRFs, MP-BGP and
    redistriubtion) - so I guess my question is what is the point of this and where
    would you use it?

    Thanks







    Internetwork Expert - The Industry Leader in CCIE Preparation

    http://www.internetworkexpert.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx





  • <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">





    Also mGRE can be used for L3 VPN without the need for an MPLS core.  As
    long as everyone connects to the Internet and has at least 1 public IP
    address you can create a full mesh of tunnels with just one tunnel
    interface per site.  You can run IPsec on top of this if you want, in
    which case the feature is called DMVPN.



    Brian McGahan, CCIE #8593 (R&S/SP/Security)

    [email protected]

     

    Internetwork Expert, Inc.

    http://www.InternetworkExpert.com

    Toll Free: 877-224-8987 x 705

    Outside US: 775-826-4344 x 705

    Online Community: http://www.IEOC.com

    CCIE Blog: http://blog.internetworkexpert.com






    ciscokid wrote:


    It is quite a simple
    answer. Many banks etc require encryption.
    Therefore you run an overlay VPN on top of your MPLS Core to off secure
    site to
    site services. Always keep in mind that mpls offers segregation of
    routes but
    not secure communication of traffic. Therefore with the mGRE you can
    then run
    IPSec Tunnels

     

    Hope that answers
    your question

     

    James

     

    From: [email protected]
    [mailto:[email protected]] On Behalf Of pkg

    Sent: Tuesday, October 07, 2008 2:14 PM

    To: [email protected]

    Subject: [CCIE SP] Dynamic L3 VPNs using mGRE Tunnels

     

    Hi,

    I've been doing some reading on this topic given some people
    suggest its
    worth covering for the CCIE SP lab exam.

    To me the point of this is if you dont have an MPLS backbone
    (enterprise for
    example) and want to create L3 VPNs between customer sites (departments
    etc.).
    However given the configuration for this it seems a load easier to just
    enable
    MPLS in the core, rather than create mGRE tunnels (still need VRFs,
    MP-BGP and
    redistriubtion) - so I guess my question is what is the point of this
    and where
    would you use it?

    Thanks







    Internetwork Expert - The Industry Leader in CCIE Preparation

    http://www.internetworkexpert.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx








    Internetwork Expert - The Industry Leader in CCIE Preparation

    http://www.internetworkexpert.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx

Sign In or Register to comment.