Group Encrypted Transport VPN (GETVPN)

Hello Omar

As stated in the lesson, GETVPN is primarily intended for private networks such as MPLS VPN. In this sense, the MPLS VPN network operates as an “underlay” network on top of which the GETVPN mechanism operate. In order to achieve this, you will have to create an MPLS VPN topology. To find out how to do that (with either real equipment or emulation), take a look at the MPLS course found here:

In particular, you will find the MPLS VPN lessons quite useful for this particular implementation.

Now once you have a GETVPN scenario up and running, you can then implement OSPF on the participating routers without any special configuration. You just do it as you would on a normal network topology. Indeed you can run any routing protocol you like between the routers. This is because GETVPN works at the IP layer and provides end-to-end encryption, which means it doesn’t interfere with the IP packet header.

This is an advantage of GETVPN over some other VPN technologies, which encapsulate the original packet into a new packet for transport (IPSec Tunnel mode, for instance), potentially interfering with the operation of routing protocols.

So in a GETVPN deployment, your routers can establish OSPF neighbor relationships and exchange route information as if they were directly connected, even though their traffic is actually being encrypted by GETVPN.

I hope this has been helpful!

Laz