[17948] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: GRE packets

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jun 17 21:38:38 1998

To: Sean Donelan <SEAN@SDG.DRA.COM>
cc: nanog@merit.edu
In-reply-to: Your message of "Wed, 17 Jun 1998 20:07:34 CDT."
             <980617200734.aff@SDG.DRA.COM> 
Reply-To: perry@piermont.com
Date: Wed, 17 Jun 1998 21:33:18 -0400
From: "Perry E. Metzger" <perry@piermont.com>


Sean Donelan writes:
> I tend to view GRE tunnels like any other traffic.  A tunnel to/from any
> of my customers is like any other traffic to/from those customers.  However,
> a tunnel between two end-points, neither of which is on my network, is a
> form of third-party transit traffic and gets blocked when I figure out the
> new way they are doing it.  I know, in theory you can encapsulate anything
> in anything.

Moreover, if IPSEC is in use, you can't even sniff.

.pm

home help back first fref pref prev next nref lref last post