nanog mailing list archives

Re: GRE packets

From: "C. Harald Koch" <chk () utcc utoronto ca>
Date: Wed, 17 Jun 1998 22:20:48 -0400

In message <199806171954.PAA14489 () all-purpose-gunk near net>, John Hawkinson writes:

Anyone have a definitive list or info on network operators who definately
allow or definately disallow GRE packets across their networks.

Sorry for the semi-operational content :)


It's hard to imagine any serious network providers who would
block arbitrary kinds of traffic.


Several others have posted replies on this topic, but they've missed the most
common situation. I've seen (major) network providers with the following
access rules in their routers:

        allow tcp
        allow udp
        allow icmp
        deny *

While not explicitly blocking GRE, they're implicitly dropping everything
(including IPsec traffic, which is how I found this; my corporate VPNs weren't
working :-).

Of course, trying to get this resolved took *weeks*, because I couldn't talk
to anybody who understood that there were protocols besides the ones listed
above... *sigh.

-- 
Harald Koch <chk () utcc utoronto ca>

Current thread:

GRE packets Eric Germann (Jun 17)
- Re: GRE packets John Hawkinson (Jun 17)
  - Re: GRE packets C. Harald Koch (Jun 18)
- Re: GRE packets Paul G. Donner (Jun 17)
  - Re: GRE packets Eric Germann (Jun 17)
- <Possible follow-ups>
- Re: GRE packets Danny McPherson (Jun 17)
  - Re: GRE packets Paul G. Donner (Jun 17)
  - Re: GRE packets Michael Dillon (Jun 17)
  - Re: GRE packets Alex Bligh (Jun 18)
- Re: GRE packets Sean Donelan (Jun 17)
  - Re: GRE packets Perry E. Metzger (Jun 17)
- Re: GRE packets Sean Donelan (Jun 17)