Hello guys,

I have a requriement to implement PE to PE encryption in my client's network.

It can be HW (using per line HW encryptor) or SW (solution) based.

I am first looking into the SW based solutions.

What are the possibilites Cisco offer here?

IPsec over MPLS ? (Is this point to point, which means losing all scalability from MPLS? )

DMVPN over MPLS ( hub and spoke topology, also adds complexity to the maintenance)

GET-VPN is, as far as I understand, CE to CE solution, so not applicable (and only run on IOS-XE) ?

What would be the best way to go and is there any other solution available?

Anyone has experience with implementing this in real life scenario?

What about performance? How would all those solutions affect it?

Thanks in advance!