I understand that GRE tunneling is very handy when sending the data back to the client after scrubbing because it's designed to ensure that the data is sent reliably by initiating a private point-to-point connection. My question is, why is this needed? Why can't the data be sent 'normally', via the internet? Will data get lost if sent via the normal way? Is it to be sure that the data isn't intercepted over the internet?
Asked
Active
Viewed 374 times
1 Answers
0
This is done to prevent routing loops. BGP isused to reroute traffic towards the target IP range via the scrubbing center, but then the scrubbing center cannot use the public routing to reach the final destination, since those routes would point to itself.
By creating a GRE tunnel you can make sure there's a direct (tunneled) path without needing to rely on public routing and various networks between the attacked network and the scrubbing center. BGP can be used via that GRE tunnel to make sure the scrubbing center knows where to deliver the scrubbed traffic.
Instead of a GRE tunnel, a direct physical link or layer 2 path could be used as well, but often that's more expensive than using a GRE tunnel.
So to answer your final question, no, it has nothing to do with interception. GRE does not provide any security for that either, since GRE traffic is only encapsulated, not encrypted.
Teun Vink
- 6,788
- 2
- 27
- 35