Introduction to GETVPN

Earlier, we talked about IPSEC, DMVPN & FlexVPN and today we are going to talk about GETVPN. GETVPN is a Open standard technology and is for enterprise networks that use private MPLS/IP cores, GET VPN provides a tunnel less VPN solution based on group keys.

Data, Voice, Video, IP multicast and other applications can be carried out securely and without the need for VPN tunnels by GETVPN's end-to-end fully meshed network.

VPN gateways sharing the same security policy with GETVPN are provided with cryptographic keys and policies. In the below image you can see that there is a Key Server and the Group Members. Group Members shares a security association. 

Fig 1.1- GETVPN with Key Server

GETVPN actual works 
Let's talk about the GETVPN process and how registration with Key server, Data Plane encryption takes place.

Step 1: IN GETVPN, the Group Members (GM) register via GDOI (IKE) with the Key server (KS) and Key Server (KS) authenticates and authorizes the Group Members (GM). Also the Key Server (KS) returns a set of IPSEC SAs for the Group Members (GM) to use.

Step 2: Now the Data plane encryption starts where the Group Members (GM) exchange encrypted traffic using the group keys. The traffic uses IPSEC Tunnel Mode with address preservation.

Step 3: Once Data plane encryption completed, there is a periodic Rekey of Keys where Key Server (KS) pushes out the replacement IPSEC keys before current IPSEC keys expire which is called as rekey process.

Benefits of GETVPN

  • Encryption supported for native multicast and unicast traffic with group security association. 
  • GETVPN allows higher scalability, simply troubleshooting and extensible standard based framework.
  • GETVPN leverages core network for multicast replication via IP header preservation and global distributed IPSEC state.