Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Group Encryption Transport (GETVPN)

I have been reading up on this new IOS feature and was curious if anyone has opinion on this subject. Infomation is scarce, no doubt due to it being a new method. However, it may be exactly what we are looking for given our infrastructure and I would like to know if it works as advertised. Thanks...


Re: Group Encryption Transport (GETVPN)

In extending GDOI by encrypting and authenticating both multicast and unicast traffic, the Group Encrypted Transport provides benefits to a variety of applications:

Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic

Enables high-scale network meshes and eliminates complex peer-to-peer key management with group encryption keys

For MPLS networks, maintains the network intelligence such as full-mesh connectivity, natural routing path, and QoS

Grants easy membership control with a centralized key server

Helps ensure low latency and jitter by enabling full-time, direct communications between sites, without requiring transport through a central hub

Reduces traffic loads on customer premises equipment (CPE) and provider-edge encryption devices by using the core network for replication of multicast traffic-avoiding packet replication at each individual peer site

Re: Group Encryption Transport (GETVPN)


Don't know if you've read it yet but the best doc I've found so far is the technical overview (only a month old):

We're currently rolling out a new global MPLS network and were going to use DMVPN for added security but scalability is a worry. GET VPN's look ideal for our requirement also but the biggest showstopper for us is that it needs 12.4(11)T IOS. Key server placement also looks critical and Cisco strongly recommend VPN acceleration hardware.

Anyway - we'll probably pilot it sometime over the next 3-6 months so post again later and I'll let you know how we got on.