[55931] in North American Network Operators' Group
Re: VoIP over IPsec
daemon@ATHENA.MIT.EDU (Petri Helenius)
Mon Feb 17 18:34:17 2003
From: "Petri Helenius" <pete@he.iki.fi>
To: "Ejay Hire" <ejay.hire@isdn.net>
Cc: <nanog@nanog.org>
Date: Tue, 18 Feb 2003 01:33:42 +0200
Errors-To: owner-nanog-outgoing@merit.edu
>More specifically, dynamic routing protocols like ospf and rip.
There is no technical difference for running ospf and rip over IPsec tunnel or
GRE tunnel. (other than the encapsulation itself)
Implementations may (and do) force you to do suboptimal things because
they are either designed or implemented way too long ago to make use
of more recent technology in the most efficient fashion.
Pete
-----Original Message-----
From: Petri Helenius [mailto:pete@he.iki.fi]
Sent: Monday, February 17, 2003 5:21 PM
To: Iljitsch van Beijnum; Steve Feldman
Cc: nanog@nanog.org
Subject: Re: VoIP over IPsec
> On Mon, 17 Feb 2003, Steve Feldman wrote:
>
> > through the corporate enterprise net, Cisco routers with IPSEC/GRE tunnels
> > over the public Internet.
>
> Maybe a stupid question... why would you need GRE tunneling while IPsec
> has a tunnel mode of its own?
>
Probably because a major router vendor, despite of repeated customer requests,
declined to implement routing across such tunnel mode.
Pete
