nanog mailing list archives

Re: GRE packets

From: "Paul G. Donner" <pdonner () cisco com>
Date: Wed, 17 Jun 1998 18:23:57 -0400

At 03:23 PM 6/17/98 -0700, Danny McPherson wrote:


Perhaps to combat this, unless I'm missing something, one could justifiably 
deploy GRE filters with source & destination addresses of the exchange 
subnets.  Filtering GRE in general seems nothing more than foolish.


Or the tunnel termination addresses, which while might be tighter, would
probably make the ACLs longer or more complex.


-danny
[snip] 
(we certainly allow GRE packets and expect everyone else does, too)

This could kill IP-GRE VPNs indiscriminately.

Current thread:

GRE packets Eric Germann (Jun 17)
- Re: GRE packets John Hawkinson (Jun 17)
  - Re: GRE packets C. Harald Koch (Jun 18)
- Re: GRE packets Paul G. Donner (Jun 17)
  - Re: GRE packets Eric Germann (Jun 17)
- <Possible follow-ups>
- Re: GRE packets Danny McPherson (Jun 17)
  - Re: GRE packets Paul G. Donner (Jun 17)
  - Re: GRE packets Michael Dillon (Jun 17)
  - Re: GRE packets Alex Bligh (Jun 18)
- Re: GRE packets Sean Donelan (Jun 17)
  - Re: GRE packets Perry E. Metzger (Jun 17)
- Re: GRE packets Sean Donelan (Jun 17)