[17948] in North American Network Operators' Group
Re: GRE packets
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jun 17 21:38:38 1998
To: Sean Donelan <SEAN@SDG.DRA.COM>
cc: nanog@merit.edu
In-reply-to: Your message of "Wed, 17 Jun 1998 20:07:34 CDT."
<980617200734.aff@SDG.DRA.COM>
Reply-To: perry@piermont.com
Date: Wed, 17 Jun 1998 21:33:18 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Sean Donelan writes:
> I tend to view GRE tunnels like any other traffic. A tunnel to/from any
> of my customers is like any other traffic to/from those customers. However,
> a tunnel between two end-points, neither of which is on my network, is a
> form of third-party transit traffic and gets blocked when I figure out the
> new way they are doing it. I know, in theory you can encapsulate anything
> in anything.
Moreover, if IPSEC is in use, you can't even sniff.
.pm