2024-12-21

Cisco developed Generic Routing Encapsulation (GRE) to encapsulate a variety of protocols inside IP tunnels. This approach consists of minimal configuration for basic IP VPNs but lacks both security and scalability. In fact, GRE tunnels do not use encryption to secure the packets during transport.

Using IPsec with GRE tunnels provides for secure VPN tunnels by encrypting the GRE tunnels. There are many advantages with this approach, such as support for dynamic IGP routing protocols, non-IP protocols, and IP multicast. Other advantages include support for QoS policies and deterministic routing metrics for headend IPsec termination points. Because all the primary and backup GRE over IPsec tunnels are preestablished, there is built-in redundancy to support failure scenarios. The remote sites can have dynamic or static IP addressing, but the headend site requires static IP addressing. Primary tunnels can be differentiated from backup tunnels by modifying the routing metrics slightly to prefer the one or the other.

GETVPN

Group Encrypted Transport VPN (GETVPN) is a technology for creating tunnel-less VPNs over private WANs. GETVPN uses Group Domain of Interest (GDOI; see RFC 6407) to distribute the IPsec keys to a group of VPN gateway devices. With GETVPN, key servers create and maintain the control plane and define the encryption policies that are pushed to the IKE authenticated group members during registration. The group members handle the encryption and decryption in the data plane, based on defined policy.

GETVPN is similar to the technology in IPsec VPNs; however, it differs in that it preserves the original IP addresses in the outer IP header of the packets. Because the original IP source and destination addresses are preserved, no overlay routing control plane is needed, thereby allowing routing and multicast to route natively within the underlying network.

GETVPN is not typically used on the Internet because NAT does not work with it due to the original IP addressing preservation. However, GETVPN can be a good solution on private MPLS networks or where you have control of the end-to-end private IP address space.

Cloud-Based Services

Cisco offers a range of cloud-based services that can be deployed in private, public, and hybrid environments. These services are delivered using a variety of models, including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

  • Private cloud services: Cisco offers private cloud services that can be deployed within an organization’s on-premises data center infrastructure. These services are typically used by larger enterprises that require a high degree of control and security over their IT infrastructure. Cisco private cloud services include
    • Cisco UCS Director: This web-based management platform provides automated provisioning and management of infrastructure resources, including compute, storage, and networking across multiple data center environments.
  • Public cloud services: Cisco offers public cloud services that can be deployed in third-party cloud environments, such as AWS, Azure, and Google Cloud. Organizations that typically use these services require scalable and flexible cloud resources to manage networking and security resources. Cisco public cloud services include
  • Cisco Meraki: This cloud-managed networking solution provides centralized management and monitoring of network devices, including switches, routers, firewalls, and wireless access points.
    • Cisco Umbrella: This cloud-based security platform provides secure access to the Internet, with features such as web filtering, threat protection, DNS-layer security, and cloud access security broker (CASB).
  • Hybrid cloud services: Cisco offers hybrid cloud services that provide a combination of private and public cloud resources. Organizations that typically use these services require a flexible and scalable IT infrastructure, with the ability to move workloads between different environments. Cisco hybrid cloud services include
  • Cisco HyperFlex: This hyper-converged compute solution provides scalable and flexible infrastructure resources, with the ability to integrate on-premises infrastructure with public cloud services.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © All rights reserved. | Developed by Isaiahs.