[17977] in North American Network Operators' Group
Re: GRE packets
daemon@ATHENA.MIT.EDU (C. Harald Koch)
Fri Jun 19 01:29:44 1998
To: John Hawkinson <jhawk@bbnplanet.com>
Cc: nanog@merit.edu
In-reply-to: Your message of "Wed, 17 Jun 1998 15:54:58 -0400".
<199806171954.PAA14489@all-purpose-gunk.near.net>
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
Date: Wed, 17 Jun 1998 22:20:48 -0400
In message <199806171954.PAA14489@all-purpose-gunk.near.net>, John Hawkinson writes:
> > Anyone have a definitive list or info on network operators who definately
> > allow or definately disallow GRE packets across their networks.
> >
> > Sorry for the semi-operational content :)
>
> It's hard to imagine any serious network providers who would
> block arbitrary kinds of traffic.
Several others have posted replies on this topic, but they've missed the most
common situation. I've seen (major) network providers with the following
access rules in their routers:
allow tcp
allow udp
allow icmp
deny *
While not explicitly blocking GRE, they're implicitly dropping everything
(including IPsec traffic, which is how I found this; my corporate VPNs weren't
working :-).
Of course, trying to get this resolved took *weeks*, because I couldn't talk
to anybody who understood that there were protocols besides the ones listed
above... *sigh.
--
Harald Koch <chk@utcc.utoronto.ca>