[c-nsp] IP Tunneling Question

Tony td_miles at yahoo.com
Tue May 19 19:22:00 EDT 2009

Given that you're probably not too worried about the traffic being secured, I'd go with GRE for a number of reasons:

1. Less overhead
2. Been around for ages, good support for it
3. Multi vendor support
4. Fairly standard and easy to understand
5. Easy to configure

Unless the packets are coming from a source really close to you there's a good chance they will already be fragmented to a smallish size (smaller than 1500 ethernet anyway), so you shouldn't have too many issues with fragmentation.


--- On Wed, 20/5/09, Charles Wyble <charles at thewybles.com> wrote:

From: Charles Wyble <charles at thewybles.com>
Subject: [c-nsp] IP Tunneling Question
To: "cisco-nsp" <cisco-nsp at puck.nether.net>
Date: Wednesday, 20 May, 2009, 6:20 AM


I'm looking to setup a VPN with a couple colocation providers who are friends of mine, and have some under utilized address space. They are supporting some security research I am doing (a darknet/honeynet). [1]

I am exploring different options to utilize that IP space on my lab servers..

How do folks typically accomplish IP tunneling? IPSEC tunnels? Do you use GRE? What about OpenVPN?

I can easily setup any of the above mentioned approaches as howtos abound. Just wondering if there is anything to consider for this scenario to reduce overhead and packet molestation as much as possible.



More information about the cisco-nsp mailing list