Group Encrypted Transport VPN (GETVPN)

Hi Corwyn,

It shouldn’t matter too much that you use BGP. There is one issue with BGP/GETVPN where traffic can be get blackholed if a GM doesn’t receive keys. Take a look at this:

Apparently, the “Routing Awareness for BGP” feature prevents this from happening but that’s something you should test.

I think the answer depends on what “all traffic” exactly means. Is this about data from your LANs or everything? Including control traffic like BGP?

In my example I used loopbacks but you could see those as your LANs. You could encrypt all LAN-to-LAN traffic by adding those subnets in your access-list. If required, you could also add BGP traffic (or any other control plane traffic) to your ACL and let GETVPN encrypt it.