No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Carrier Scenario

Carrier Scenario

Site-to-Site VPN

IPsec provides security protection for any IP-based communications. It is applicable to both the traditional fixed network and the mobile network such as Long Term Evolution (LTE). Regardless of the fixed network or mobile network, most IPsec applications in the carrier scenario are site-to-site VPN and GRE over IPsec.

The site-to-site VPN, also known as a gateway-to-gateway VPN, ensures security of IP traffic between two gateways. Figure 13-1 shows the typical networking.
Figure 13-1 Networking of the site-to-site VPN

The site-to-site VPN can be flexibly deployed. When a NAT device exists between two IPsec gateways, the IPsec NAT traversal is supported.

GRE over IPsec

IPsec cannot encapsulate multicast, broadcast, or non-IP packets. Therefore, when transmitting the preceding packets over the IPsec VPN, IPsec encapsulates the packets as IP packets using GRE and then encapsulates the packets as IPsec packets, as shown in Figure 13-2.
Figure 13-2 GRE over IPsec networking

Various applications are based on GRE over IPsec, for example, Border Gateway Protocol (BGP), Label Distribution Protocol (LDP), Open Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), and IPv6. Based on the same principle, these applications encapsulate packets as IP packets using GRE and then transmit the packets over IPsec tunnels, as shown in Figure 13-3, Figure 13-4, and Figure 13-5.

Figure 13-3 Networking of EBGP over GRE over IPsec
Figure 13-4 Networking of OSPF over GRE over IPsec, IS-IS over GRE over IPsec, LDP over GRE over IPsec, and IBGP over GRE over IPsec
Figure 13-5 Networking of IPv6 over GRE over IPsec
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12570

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next