[c-nsp] MPLS over GRE/IPSEC

Arie Vayner (avayner) avayner at cisco.com
Wed Aug 8 18:17:21 EDT 2012


Well, ASR1K can do MPLSoGREoIPSec

Encryption is done in HW on a dedicated resource, so it does not impact performance (but has its own capacity per ESP module type, which is way above 1Gbps on any of the models)

The QOS marking would be based on precedence (only 3 bits), as the original IP DSCP is applied to the 3 MPLS EXP bits, and then copied to the external IP header...

Arie


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Andrew Miehs
Sent: Wednesday, August 08, 2012 04:36
To: Gert Doering
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] MPLS over GRE/IPSEC



Sent from a mobile device

On 08/08/2012, at 21:11, Gert Doering <gert at greenie.muc.de> wrote:

> Hi,
> 
> On Wed, Aug 08, 2012 at 01:50:21PM +0300, Aivars wrote:
>> Alright, sorry. Missed the part about 1G. In that case I agree, that 
>> the smallest ASR1k will be needed.
> 
> Can the ASR1k *do* this, as in "it is implemented, officially 
> supported, and documented to work"?

I have had an ASR1001 running mpls over gre working. It wasn't encrypted however - and at the time we were only pushing about 50mbits per sec without an issue. On a new site I would probably do this with sup2t in the 6500s.

Will ask at my old company how tge ASRs are doing....

Andrew



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list