From: Roman Rodichev (roman@iementor.com)
Date: Tue Feb 10 2009 - 20:56:35 ARST
Use DMVPN, it can scale to many thousands of sites if done right (SLB for
>800 sites, EIGRP, regional hubs, summarization, phase 3). Spoke to spoke is
dynamic, no need to go through hub. There is some small bandwidth loss
because of mGRE/IPSEC overhead, but for imix traffic it's only around 8%.
Roman Rodichev
5xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider)
Instructor, Content Developer
ieMentor Corporation http://www.iementor.com
Y!M: roman7927
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
voice guru
Sent: Tuesday, February 10, 2009 3:22 PM
To: Darby Weaver
Cc: Cisco certification; Cisco certification
Subject: Re: Hiding internal network from MPLS WAN
Thanks for the reply Darby, yes you are right the security requirement is
very high, although we are planned to run Group Encrypted Transport (GET) on
all edge routers, which will make all communications between the sites will
be encrypted but still the internal IP Schema will be visible to SP/Telco
which is not acceptable policy for the client. I thought have a DMVPN kind
of topology but here we loose bandwidth at hub sites, where spoke to spoke
communication will go through Hubs. I am looking for more efficient method
to achieve the goal.
Thanks,
Guru
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST