SVTI's and multicast support

I would like to understand the reason why SVTI's can support routing protocols and multicast. In the old-school way that I'm used to, we use to use crypto maps for IPSec traffic. IPsec doesn't natively support multicast and broadcast traffic (it supported only unicast), which is why a tunnelling-protocol was invented (GRE) to carry another IP payload that did support multicasting (thus hiding the multicast routing-protocol hello's behind a GRE header, allowing you to tunnel multicast traffic over an IPSec tunnel via a 3rd IP header). But digging into a packet capture of an SVTI, which I know does support multicast traffic, I find that no additional headers are added at all. So how is it then, that IPSec only supports unicast traffic, but if you shove it down a virtual tunnel interface, multicast works (thus routing protocols work)? What has changed to allow the use of multicast down this IPSec tunnel with an SVTI?

Sign In or Register to comment.