On Tue, 18 Feb 2003, Petri Helenius wrote:
Maybe a stupid question... why would you need GRE tunneling while IPsec has a tunnel mode of its own?
Probably because a major router vendor, despite of repeated customer requests, declined to implement routing across such tunnel mode.
So if the router uses tunnel mode (as per the RFC) despite the GRE tunnel the packet has three IP headers... So that's 160 bits ethernet layer 1 + 18 bytes ethernet layer 2 overhead, 24 bytes for the GRE tunnel, 20 bytes for the IPsec tunnel mode IP header, 10 - 12 bytes for the ESP header, 16 bytes for the initialization vector, 20 bytes for the original IP header and finally 20 bytes for the RTP header. With a 40 byte payload that adds up to 188 bytes on the wire of which 78% is overhead...