Given that you're probably not too worried about the traffic being secured, I'd go with GRE for a number of reasons:
1. Less overhead 2. Been around for ages, good support for it 3. Multi vendor support 4. Fairly standard and easy to understand 5. Easy to configure Unless the packets are coming from a source really close to you there's a good chance they will already be fragmented to a smallish size (smaller than 1500 ethernet anyway), so you shouldn't have too many issues with fragmentation. regards, Tony. --- On Wed, 20/5/09, Charles Wyble <[email protected]> wrote: From: Charles Wyble <[email protected]> Subject: [c-nsp] IP Tunneling Question To: "cisco-nsp" <[email protected]> Date: Wednesday, 20 May, 2009, 6:20 AM All, I'm looking to setup a VPN with a couple colocation providers who are friends of mine, and have some under utilized address space. They are supporting some security research I am doing (a darknet/honeynet). [1] I am exploring different options to utilize that IP space on my lab servers.. How do folks typically accomplish IP tunneling? IPSEC tunnels? Do you use GRE? What about OpenVPN? I can easily setup any of the above mentioned approaches as howtos abound. Just wondering if there is anything to consider for this scenario to reduce overhead and packet molestation as much as possible. Thanks. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
