GETVPN Over MPLS VPN and L2VPN

aviyoshi10 · ‎11-14-2013

Hi all,

i need to design a solution with MPLS L3 VPN and L2 VPN with Encryption. i am trying to understand if i can use getvpn. the same router will be MPLS router and GM router.

for L3 VPN i saw i can implement getvpn crypto map on the vrf interface before the labaling - corret ?
can i implement getvpn crypto man on xconnect interfce ? - this is an EoMPLS interface ?
what are the restrictions with this kind of integration ?

thanks,

Avi

Adam Vitkovsky · ‎11-19-2013

Hi Avi,

I would not recommend joining getvpn and mpls PE functions into singe device.

It will save you from an administrative nightmare if you have L2/L3 VPN terminated on PEs and encryption at CE boxes.

adam

aviyoshi10 · ‎11-20-2013

OK,

i need to understand if i can deploy GETVPN on MPLS Traffic - meaning deploy GETVPN crypto map on the MLPS IP interface, or GETVPN can only be deply on IP Traffic ?

thanks,

Avi.

amarhold · ‎11-20-2013

Hi !

GetVPN encrypts only the payload of the traffic and leaves the headers intact. So L3 and L$4Information keeps visible.

Therefore you can use it over MPLS without any problems.

regards

alexander

aviyoshi10 · ‎11-20-2013

let me be more clear.

i want to encrypt PE-PE traffic which is MPLS Traffic. meaning, deploy encryption on the PE core facing interface. can i do it with GETVPN ?

Giuseppe Larosa · ‎11-20-2013

Hello Avi,

>> deploy encryption on the PE core facing interface

This is not supported, the usual scenario is CE to CE encryption with PE nodes that are different nodes.

Also user facing interfaces with EoMPLS xconnect do not support encryption as they have no OSI L3 configuration.

Hope to help

Giuseppe