From: Godswill Oletu (oletu@inbox.lv)
Date: Fri Dec 09 2005 - 11:47:15 GMT-3
LOL....the Cisco/Lucent routers are giving us enough challanges and
troubles, we do not wish to have the Lucifer brand of routers at this
time...
----- Original Message -----
From: "Guyler, Rik" <rguyler@shp-dayton.org>
To: <ccielab@groupstudy.com>
Sent: Friday, December 09, 2005 9:20 AM
Subject: RE: routing over vpn tunnels
> You can also setup tunnels through the VPN for this. IPIP or GRE, either
> should work. I personally use IPIP with EIGRP myself but if you're an
OSPF
> fan by all means that should work fine. If you use EIGRP then tunnels
will
> be required as EIGRP will complain about non-common subnets without them.
>
> Sounds to me like the MCI guys were thinking you wanted to swap OSPF
routes
> with their stuff rather than just tunnel your OSPF through their network.
> Once you establish some form of tunnel then whatever goes through it will
be
> transparent to them, so I don't buy their stance on this. I don't care if
> it's Lucent or Lucifer routers, they won't "see" what's inside the tunnel.
>
> I would tell them to just get the VPN up and you'll take it from there.
;-)
>
> Rik
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Godswill Oletu
> Sent: Friday, December 09, 2005 8:02 AM
> To: Tim; ccielab@groupstudy.com
> Subject: Re: routing over vpn tunnels
>
> Tim,
>
> This might be a hangoff from the general idea that you cannot run a
dynamic
> routing protocol across a VPN tunnel (IPSec). This is true because the
IPsec
> VPN will not forward multicast/broadcast traffic that most of the routing
> protocols use for neighbor relationship/updates.
>
> I believe one can tweak this by making OSPF to use unicast routing, with
the
> neigbor command. I will also go a step further not to use a network type
> that will require DR/BDR for operation, point-to-point and
> point-to-multipoint network types are good candidates for this.
>
> HTH
> Godswill Oletu
>
> ----- Original Message -----
> From: "Tim" <ccie2be@nyc.rr.com>
> To: <ccielab@groupstudy.com>
> Sent: Friday, December 09, 2005 6:49 AM
> Subject: routing over vpn tunnels
>
>
> > Hi guys,
> >
> >
> >
> > Yesterday I was in a meeting with a couple engineers from MCI and a
> client.
> >
> >
> >
> > In this meeting the MCI engineers said that because they were using
> > Lucent routers, they could not run OSPF through the VPN tunnels
> > connecting the different sites.
> >
> >
> >
> > According to these MCI engineers the Lucent routers support OSPF and
> > they support VPN but they don't support both running together.
> >
> >
> >
> > This didn't make any sense to me.
> >
> >
> >
> > How can that be?
> >
> >
> >
> > Once it's determined (by virtue of an acl) that a packet should be
> forwarded
> > through the VPN tunnel, what difference does it make if the packet is
> > an OSPF packet or something else?
> >
> >
> >
> > This was the issue this meeting was about.
> >
> >
> >
> > This client has remote sites throughout North American. Each site has
> > 2
> VPN
> > tunnels - one going to a primary HQ site and a 2nd going to a backup
> > HQ site.
> >
> >
> >
> > The 2 HQ sites are connected directed to each other through some high
> speed
> > links.
> >
> >
> >
> > The objective is to have each remote site transmit traffic to the
> > primary
> HQ
> > site unless the link to that site is down in which case the remote
> > should use the backup HQ site.
> >
> >
> >
> > Currently, the remote sites aren't running any dynamic routing
protocols.
> > They're using static routes.
> >
> >
> >
> > So, here's the question. Is it possible these MCI engineers are
correct?
> >
> >
> >
> > TIA, Tim
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3