cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

519
Views
0
Helpful
1
Replies
pratheesh.venu
Beginner

DCI and Encryption

Hi,

Can you please help me to understand the encryption features supported by the Major DCI technologies with Layer 2 Expansion:

I am working on a 3 DC site design,  that will be connected through a provider MPLS (L3) and DCI encryption is one of the requirement.

 

I have explored EoMPLS which can support MACsec vs EoMPLS with GRE which can support IPSec. However this will require Pseudo-wire (PW) state and complex configuration steps.

I am trying to get some input on OTV options with traffic encryption. I believe MACsec is not an option here as there will multiple hop between the DCs. However adding IPSec on the will add additional overhead (42 bytes for OTV + IPSec over head). If i want to use IPsec encryption then I should consider Unicast OTV, because Multicast OTV will again complicate the encryption requirement with IPSec.

 

Please share your thoughts on this topic. Appreciate your time.

 

Pratheesh

 

1 REPLY 1
David_Che
Beginner

Hi,

GETVPN may be a good solution to extend both unicast and multicast.

As GETVPN just copy original IP header as its new IP header. The encapsulation is as below:

[IP][otv] [IP] {ESP[IP][IP payload]}

so this solution can support both unicast and multicast.

Regards,

David

Content for Community-Ad
This widget could not be displayed.