Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Why do we use GRE tunnel rather than ipsec?

user-image
Question ajoutée par haroon shah , IT Engineer , NESMA Electric/Telecom and technology
Date de publication: 2016/01/02
Mostafa Khamies Dakam
par Mostafa Khamies Dakam , Network Specialist , Libyan Fertilizer Company

GRE is like a virtual interface, so any packet that would be routed out this interface will be completely wrapped into a new packet.  This packet would prepend a GRE header and a NEW IP header and the source IP of whatever interface that it used to egress the router.  This interface handles multicasts as one would expect.

 

IPSec on the other hand is a suite of protocols that we put together to achieve a goal.  This goal is to enforce a policy.  IPSec does not really support multicast in and of itself.  Now there are ways around this.  For example, we might decide that we wish to encrypt the GRE packet that we created above.  In that case, we might add an ESP header in the above mix.  In that case, multicast would still work, but we are only encrypting a unicast packet from the perspective of IPSEC (or more specifically the ESP protocol).  Your question with GRE is specific.

More Questions Like This