Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1724
Views
0
Helpful
4
Replies

GRE OVER IPSEC VERSUS IPSEC OVER GRE AND THROUGHPUT

Go to solution
sarahr202
Level 5
Level 5

‎12-09-2016 08:52 PM - edited ‎03-05-2019 07:39 AM

Hi there,

I understand the difference between GRE over IPSEC ( IP SEC is transport  for GRE) and IPSEC OVER GRE ( GRE is a transport), just focusing only on throughput,  which one provides a better throughput on a given platform  , GRE over IPSEC or IPSEC over GRE?  

I was watching a video tutorials where author claims throughput will go down  when using  IPSEC OVER GRE as compared to GRE OVER IPSEC

.Thanks and have a great weekend!!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎12-10-2016 12:46 AM

Hello,

as I understand it, with GRE over IPSec, all traffic including the GRE overhead is encrypted, while with IPSec over GRE, only the specified interesting traffic gets encrypted. So GRE over IPSec has a slightly lesser throughput, since more traffic has to be encrypted.

Obviously the video you watched states the opposite...do you have the link to the video ?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎12-10-2016 12:46 AM

Hello,

as I understand it, with GRE over IPSec, all traffic including the GRE overhead is encrypted, while with IPSec over GRE, only the specified interesting traffic gets encrypted. So GRE over IPSec has a slightly lesser throughput, since more traffic has to be encrypted.

Obviously the video you watched states the opposite...do you have the link to the video ?

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Georg Pauwen

‎12-10-2016 10:38 AM

Thanks gpauwen.

The video is INE 's Video on GRE over IPSEC (  CCIE R/S V5), unfortunately, there is no link for it.

when are you planning to take lab exam?

Good luck!! 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to sarahr202

‎12-10-2016 10:57 AM

Hello,

one addition: if you use GRE over IPSec, configuring IPSec in transport mode will save about 20 bytes in overhead (that is because GRE tunnel endpoints and IPSec peers are the same).

The exam: I took the exam 5 times between 2002 and 2004, and I failed it 5 times. I ran out of money after that. Maybe I should update the profile...

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Georg Pauwen

‎12-10-2016 12:40 PM

Thanks gpauwen

It may or may not , because encryption/ hashing algorithm negotiated requires " Target data " to be  multiple of  " block size" of the algorithm chosen, so we may end up with same size packet after encryption/hashing in Transport mode as well because of padding .

I wish you good luck in your study and appreciate your response.

Thanks and have a nice weekend!!

0 Helpful
Customers Also Viewed These Support Documents