Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DCI and Encryption

Hi,

Can you please help me to understand the encryption features supported by the Major DCI technologies with Layer 2 Expansion:

I am working on a 3 DC site design,  that will be connected through a provider MPLS (L3) and DCI encryption is one of the requirement.

 

I have explored EoMPLS which can support MACsec vs EoMPLS with GRE which can support IPSec. However this will require Pseudo-wire (PW) state and complex configuration steps.

I am trying to get some input on OTV options with traffic encryption. I believe MACsec is not an option here as there will multiple hop between the DCs. However adding IPSec on the will add additional overhead (42 bytes for OTV + IPSec over head). If i want to use IPsec encryption then I should consider Unicast OTV, because Multicast OTV will again complicate the encryption requirement with IPSec.

 

Please share your thoughts on this topic. Appreciate your time.

 

Pratheesh

 

Everyone's tags (2)
1 REPLY
New Member

Hi,GETVPN may be a good

Hi,

GETVPN may be a good solution to extend both unicast and multicast.

As GETVPN just copy original IP header as its new IP header. The encapsulation is as below:

[IP][otv] [IP] {ESP[IP][IP payload]}

so this solution can support both unicast and multicast.

Regards,

David

257
Views
0
Helpful
1
Replies