Re: Real world scenario from Jay McMickle on 2013-07-19 (Ccielab archives 07/2013)

From: Jay McMickle <jay.mcmickle_at_yahoo.com>
Date: Fri, 19 Jul 2013 06:31:50 -0500

I'm not sure I understand the issue fully, but can't your create a GRE tunnel between each hub/spoke and run BGP over the tunnel? You can password protect BGP and/or run IPSEC over GRE if you are really concerned about Security.

Regards,
Jay McMickle- 2x CCIE #35355 (R/S,Sec)
Sent from my iPhone 5

On Jul 19, 2013, at 1:40 AM, Jitendra Anbu <jitanbu_at_gmail.com> wrote:

> Thanks Nadeem, I guess you're right, this method will work fine. But, I was
> wondering if there was any Cisco best practice when it comes to this sort
> of implementations.
>
> Rgds,
> Jit
>
>
> On Fri, Jul 19, 2013 at 4:20 PM, Nadeem Anjum <nadeemkool_at_yahoo.com> wrote:
>
>>
>>
>> This is already a batter way. Do you require any specific feature btw this
>> connectivity.
>>
>>
>>
>> Thanks,
>> Nadeem Anjum
>>
>> ------------------------------
>> *From:* Jitendra Anbu <jitanbu_at_gmail.com>
>> *To:* Cisco certification <ccielab_at_groupstudy.com>
>> *Sent:* Friday, July 19, 2013 9:54 AM
>> *Subject:* Real world scenario
>>
>> Hi experts, I have a real world question & hoping someone can provide some
>> advice/guidance. The diagram bellow represents network connection(s) with a
>> service providers Layer 2 switched network. These connections are Ethernet
>>
>> and all customer devices have layer 3 reachability between the Hub router
>> and the Branch routers. Here are my questions and concerns;
>>
>> What is the best way to run a "secure" BGP connection(s) between the HUB
>> and the branches B1 and B2? Assuming each branch and Hub will be in its own
>> private AS. Also, the ISP does not take part in any routing. This might
>> sound simple, just running p2p BGP sessions between the Hub and the
>> branches and using IPSec to secure the data plane. But is there a better
>> way to do this?
>>
>> HUB
>>
>> |
>>
>> ___|___
>>
>> |__ISP__|
>>
>> | |
>>
>> | |
>>
>> B1 B2
>>
>> Thanks,
>> J
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jul 19 2013 - 06:31:50 ART

This archive was generated by hypermail 2.2.0 : Thu Aug 01 2013 - 08:45:50 ART