25 Apr
2014
25 Apr
'14
2:38 a.m.
You would still need to have at least one "master" tunnel to be able to get
the VPN information to form tunnels. All DMVPN connections have one
dedicated link to a "hub" router. Which means having to keep a fleet of
machines (assuming you don't want a SPOF) that will act as the "master"
routers serving all the "spoke" routers.
On Thu, Apr 24, 2014 at 4:32 PM, K7VE - John <k7ve(a)k7ve.org> wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> You wouldn't do BGP over tunnels. BGP is for the "border" nodes, e.g.
> those nodes which connect the pieces of 44 into the Internet. If you
> want to use IPIP behind the BGP, or GRE, L2TP, within your subnets,
> nobody should care -- but this every node has an "encap.txt" file is,
> IMHO, crazy.
>
> BGP node provides endpoint for tunnels (VPN, IPIP, etc.)
> subnet nodes connect to the BGP node via tunnel, the BGP node routes
> to the rest of 44.x.x.x and the Internet.
>
> Then the simple node is easy.
>
> Who is my BGP border node?
> How do I VPN to it?
> Set up VPN (or Tunnel) to it.
> Done.
>
>
>
> ________________________________
> John D. Hays
> K7VE
> PO Box 1223, Edmonds, WA 98020-1223
>
>
>
> On Thu, Apr 24, 2014 at 4:24 PM, Don Fanning <don(a)00100100.net> wrote:
> > (Please trim inclusions from previous messages)
> > _______________________________________________
> > I'm of the opinion that it should be kept the simplest possible and let
> > people deal with their own networks. Give the people the basics needed
> to
> > create a connection and get the routes. Then if they want to block
> people,
> > they can add a static route dropping them or a firewall rule.
> >
> > I feel BGP over GRE or DMVPN is overkill as beyond the extra
> functionality
> > of GRE being able to do multicast and other kinds of traffic, there is no
> > added value to what we already have with IPIP and RIP44d/encap. Within
> > 44net, it's a different story - go RIP/OSPF and IPSec for all I care.
> But
> > setting up tunnels should be kept simplistic.
> >