quick question why would we use a GRE tunnel.....as its not encrypted so what is the major factor which force us to use GRE.....secondlu why we use null0......what is the benifit of routing a network to null0......i m v new to this as well....can someone help me out plz.....benifits etc....thnaks in advance....secondly
you need to let us know what you are trying to do and what platform you are using.
There are different reasons why you would choose one VPN protocol over another when implementing a VPN connection. One big difference between the two that you mention, GRE , is that IPSEC can only pass IP traffic across the tunnel, while a GRE (Generic Routing Encapsulation) can pass multiple types of protocols across the tunnel that are encapsulated within IP. A good example of wanting to use GRE over IPSEC is if you need to pass routing protocol information across a tunnel. This can be done by encapsulating the routing protocol packets within IP packets, something that cannot be done with IPSEC.
Another capability that GRE has over IPSEC is that it can pass non-IP traffic such as IPX and Appletalk. If you have a heterogeneous network, then GRE may be employed to get different protocol types across VPN connections.
GRE tunnel would handle the routing protocol traffic. As far as being independent of one another, GRE and IPSEC are both tunneling protocols
The null interface is the "bit bucket " or "black hole" interface. All traffic sent to this interface is discarded. It is most useful for filtering unwanted traffic, because you can discard traffic simply by routing it to the null interface . You could achieve the same goal using access lists, but access lists require more CPU overhead. If you have fairly simple filtering requirements, it may be more effective to route the offending traffic to the null interface
1) To transport a non-IP protocol across an IP network.
2) To transport multicast traffic across an IP network not supporting multicast - some MPLS providers don't.
3) To isolate one network from another eg. site 1 may have a dev network that is also in site2. But you you don't want all the dev routes on the rest of your network so you create a GRE tunnel between the 2 sites.
Routing to null0 is to often used to ensure there are no routing loops eg.
You have advertised a summary address from a router saying to get to anything in network 172.16.0.0/16 come to me. The assumption is that this router has all the more specific routes to subnets within the 172.16.0.0/16 network. When this summary route gets advertised on the originating router a route is entered into the routing table
ip route 172.16.0.0 255.255.0.0 Null0
If a packet arrives for a subnet contained within 172.16.0.0/16 but the router has no more specific route then the packet is routed to Null0 ie. it is dropped on that router.
If a packet arrives for a subnet contained within the 172.16.0.0/16 network and the router has a more specific route the packet is forwarded on.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...