Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
1
Replies

DCI and Encryption

pratheesh.venu
Level 1
Level 1

‎04-11-2014 08:13 AM - edited ‎03-01-2019 07:33 AM

Hi,

Can you please help me to understand the encryption features supported by the Major DCI technologies with Layer 2 Expansion:

I am working on a 3 DC site design,  that will be connected through a provider MPLS (L3) and DCI encryption is one of the requirement.

 

I have explored EoMPLS which can support MACsec vs EoMPLS with GRE which can support IPSec. However this will require Pseudo-wire (PW) state and complex configuration steps.

I am trying to get some input on OTV options with traffic encryption. I believe MACsec is not an option here as there will multiple hop between the DCs. However adding IPSec on the will add additional overhead (42 bytes for OTV + IPSec over head). If i want to use IPsec encryption then I should consider Unicast OTV, because Multicast OTV will again complicate the encryption requirement with IPSec.

 

Please share your thoughts on this topic. Appreciate your time.

 

Pratheesh

 

Labels:
0 Helpful
1 Reply 1

David_Che
Level 1
Level 1

‎05-12-2014 08:53 PM

Hi,

GETVPN may be a good solution to extend both unicast and multicast.

As GETVPN just copy original IP header as its new IP header. The encapsulation is as below:

[IP][otv] [IP] {ESP[IP][IP payload]}

so this solution can support both unicast and multicast.

Regards,

David

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card