Hi everyone,
From my experience in networking, I have to say that I love the GRE protocol!
A non-proprietary protocol which you can:
Emulate a physical interface. You can actually 'see' the interface in the configuration, going up and down.
Use routing protocols with it.
Use Layer 2 protocols with it, such as LLDP.
Use keepalives.
No need to disable NAT.
Can be encrypted.
However, even after all these years, we seem to be working with IPsec VPNs, which they are buggy, not dynamic and challenging to understand how they work. It took me ages at first to undertand that the VPN tunnel was not a tunnel interface, but a virtual configuration on the router/firewall. Adding/deleting subnets can bring the tunnel down, and interoperability with vendors is not great either. Some vendors supernet the encryption domains by default which makes setting a S2S VPN even more challenging.
So why isnt GRE the de facto protocol in VPNs yet?
No comments:
Post a Comment