From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Fri Dec 09 2005 - 11:20:37 GMT-3
You can also setup tunnels through the VPN for this. IPIP or GRE, either
should work. I personally use IPIP with EIGRP myself but if you're an OSPF
fan by all means that should work fine. If you use EIGRP then tunnels will
be required as EIGRP will complain about non-common subnets without them.
Sounds to me like the MCI guys were thinking you wanted to swap OSPF routes
with their stuff rather than just tunnel your OSPF through their network.
Once you establish some form of tunnel then whatever goes through it will be
transparent to them, so I don't buy their stance on this. I don't care if
it's Lucent or Lucifer routers, they won't "see" what's inside the tunnel.
I would tell them to just get the VPN up and you'll take it from there. ;-)
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Godswill Oletu
Sent: Friday, December 09, 2005 8:02 AM
To: Tim; ccielab@groupstudy.com
Subject: Re: routing over vpn tunnels
Tim,
This might be a hangoff from the general idea that you cannot run a dynamic
routing protocol across a VPN tunnel (IPSec). This is true because the IPsec
VPN will not forward multicast/broadcast traffic that most of the routing
protocols use for neighbor relationship/updates.
I believe one can tweak this by making OSPF to use unicast routing, with the
neigbor command. I will also go a step further not to use a network type
that will require DR/BDR for operation, point-to-point and
point-to-multipoint network types are good candidates for this.
HTH
Godswill Oletu
----- Original Message -----
From: "Tim" <ccie2be@nyc.rr.com>
To: <ccielab@groupstudy.com>
Sent: Friday, December 09, 2005 6:49 AM
Subject: routing over vpn tunnels
> Hi guys,
>
>
>
> Yesterday I was in a meeting with a couple engineers from MCI and a
client.
>
>
>
> In this meeting the MCI engineers said that because they were using
> Lucent routers, they could not run OSPF through the VPN tunnels
> connecting the different sites.
>
>
>
> According to these MCI engineers the Lucent routers support OSPF and
> they support VPN but they don't support both running together.
>
>
>
> This didn't make any sense to me.
>
>
>
> How can that be?
>
>
>
> Once it's determined (by virtue of an acl) that a packet should be
forwarded
> through the VPN tunnel, what difference does it make if the packet is
> an OSPF packet or something else?
>
>
>
> This was the issue this meeting was about.
>
>
>
> This client has remote sites throughout North American. Each site has
> 2
VPN
> tunnels - one going to a primary HQ site and a 2nd going to a backup
> HQ site.
>
>
>
> The 2 HQ sites are connected directed to each other through some high
speed
> links.
>
>
>
> The objective is to have each remote site transmit traffic to the
> primary
HQ
> site unless the link to that site is down in which case the remote
> should use the backup HQ site.
>
>
>
> Currently, the remote sites aren't running any dynamic routing protocols.
> They're using static routes.
>
>
>
> So, here's the question. Is it possible these MCI engineers are correct?
>
>
>
> TIA, Tim
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3