GRE Tunnel...

Wow...this has been awhile. Anyway, this was just an experiment as I working on a side project and wanted to lab out different scenarios. For each setup I had specific network requirements for each test and let's just say that yes, they actually work (to some degree). I tested the following:

a. GRE termination on edge FW b. GRE termination on F5 (having remote clients terminate the GRE on the F5) c. Load balancing GRE on Cisco routers (load balancing GRE termination)

But since the question here is on GRE termination on F5 or load balancing GRE on Cisco routers, here is my response. Can they be done? Yes...are they effective? scalable? Let's just say they each have their own advantages/disadvantages.

a. GRE termination on edge FW: this is a given and very easy to do (so I won't explain it here)

b. GRE termination on F5: also possible. though not scalable in my opinion. have you ever seen any published documentation of f5's GRE and IPSEC tunnel capacity? This will also impact performance on the f5 especially if you're setting up IPSEC (and have lots of terminations). Even F5 engineers said although this is a supported feature, they don't recommend it.

c. Load balancing GRE on Cisco routers: also doable using NAT and IP forwarding on the F5. For this, your Cisco routers will need to have the same exact GRE configuration (which means for every GRE tunnel you have, each Cisco router will need to have the same exact configuration (with the exception of the tunnel IP)).