Re: routing over vpn tunnels

From: Godswill Oletu (oletu@inbox.lv)
Date: Fri Dec 09 2005 - 10:02:26 GMT-3

• Next message: Andrew Lissitz \(alissitz\): "RE: SP Exam ?"
• Previous message: Chris Cole: "RE: callmanager call delay"
• Maybe in reply to: Tim: "routing over vpn tunnels"
• Next in thread: Guyler, Rik: "RE: routing over vpn tunnels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim,

This might be a hangoff from the general idea that you cannot run a dynamic
routing protocol across a VPN tunnel (IPSec). This is true because the IPsec
VPN will not forward multicast/broadcast traffic that most of the routing
protocols use for neighbor relationship/updates.

I believe one can tweak this by making OSPF to use unicast routing, with the
neigbor command. I will also go a step further not to use a network type
that will require DR/BDR for operation, point-to-point and
point-to-multipoint network types are good candidates for this.

HTH
Godswill Oletu

----- Original Message -----
From: "Tim" <ccie2be@nyc.rr.com>
To: <ccielab@groupstudy.com>
Sent: Friday, December 09, 2005 6:49 AM
Subject: routing over vpn tunnels

> Hi guys,
>
>
>
> Yesterday I was in a meeting with a couple engineers from MCI and a
client.
>
>
>
> In this meeting the MCI engineers said that because they were using Lucent
> routers, they could not run OSPF through the VPN tunnels connecting the
> different sites.
>
>
>
> According to these MCI engineers the Lucent routers support OSPF and they
> support VPN but they don't support both running together.
>
>
>
> This didn't make any sense to me.
>
>
>
> How can that be?
>
>
>
> Once it's determined (by virtue of an acl) that a packet should be
forwarded
> through the VPN tunnel, what difference does it make if the packet is an
> OSPF packet or something else?
>
>
>
> This was the issue this meeting was about.
>
>
>
> This client has remote sites throughout North American. Each site has 2
VPN
> tunnels - one going to a primary HQ site and a 2nd going to a backup HQ
> site.
>
>
>
> The 2 HQ sites are connected directed to each other through some high
speed
> links.
>
>
>
> The objective is to have each remote site transmit traffic to the primary
HQ
> site unless the link to that site is down in which case the remote should
> use the backup HQ site.
>
>
>
> Currently, the remote sites aren't running any dynamic routing protocols.
> They're using static routes.
>
>
>
> So, here's the question. Is it possible these MCI engineers are correct?
>
>
>
> TIA, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Andrew Lissitz \(alissitz\): "RE: SP Exam ?"
• Previous message: Chris Cole: "RE: callmanager call delay"
• Maybe in reply to: Tim: "routing over vpn tunnels"
• Next in thread: Guyler, Rik: "RE: routing over vpn tunnels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3