ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

Why do we use GRE tunnel rather than ipsec?

user-image
تم إضافة السؤال من قبل haroon shah , IT Engineer , NESMA Electric/Telecom and technology
تاريخ النشر: 2016/01/02
Mostafa Khamies Dakam
من قبل Mostafa Khamies Dakam , Network Specialist , Libyan Fertilizer Company

GRE is like a virtual interface, so any packet that would be routed out this interface will be completely wrapped into a new packet.  This packet would prepend a GRE header and a NEW IP header and the source IP of whatever interface that it used to egress the router.  This interface handles multicasts as one would expect.

 

IPSec on the other hand is a suite of protocols that we put together to achieve a goal.  This goal is to enforce a policy.  IPSec does not really support multicast in and of itself.  Now there are ways around this.  For example, we might decide that we wish to encrypt the GRE packet that we created above.  In that case, we might add an ESP header in the above mix.  In that case, multicast would still work, but we are only encrypting a unicast packet from the perspective of IPSEC (or more specifically the ESP protocol).  Your question with GRE is specific.

المزيد من الأسئلة المماثلة