i need to design a solution with MPLS L3 VPN and L2 VPN with Encryption. i am trying to understand if i can use getvpn. the same router will be MPLS router and GM router.
I would not recommend joining getvpn and mpls PE functions into singe device.
It will save you from an administrative nightmare if you have L2/L3 VPN terminated on PEs and encryption at CE boxes.
i need to understand if i can deploy GETVPN on MPLS Traffic - meaning deploy GETVPN crypto map on the MLPS IP interface, or GETVPN can only be deply on IP Traffic ?
GetVPN encrypts only the payload of the traffic and leaves the headers intact. So L3 and L$4Information keeps visible.
Therefore you can use it over MPLS without any problems.
let me be more clear.
i want to encrypt PE-PE traffic which is MPLS Traffic. meaning, deploy encryption on the PE core facing interface. can i do it with GETVPN ?
>> deploy encryption on the PE core facing interface
This is not supported, the usual scenario is CE to CE encryption with PE nodes that are different nodes.
Also user facing interfaces with EoMPLS xconnect do not support encryption as they have no OSI L3 configuration.
Hope to help