<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-reply;
font-family:"Courier New";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Hi Arie,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>I definitely would like to define a fixed IP to the customer, but on the WAN side the CPE is configured by a third party provider (an access provider).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>So in fact, I can’t get my hands on the CPE. So the idea was to place an L2TP Client behind the CPE (on LAN side) which makes the connection outbound to my Router. My router terminates the L2TP Tunnel.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>When my router recognizes the L2TP Connect, my router provides an IP address statically of my pool to the client’s interface.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Furthermore, my router will insert a somewhat static route to the client in his routing table, so the customer will be reachable through this IP. In detail, the customer L2TP Server has 2 NICs, one points to the CPE and has masked IP Adresses (e.g. 192.168.X.X) and the other one should route the ofically routed net, my router is sending (like AAA.BBB.CCC.DDD).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>With this tunnel, I would be able to tunnel other data packets to the client as well as speak bgp to the client though still use my IP space.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>At last, the customers computers would be reachable through the L2TP tunnel and the IP addresses would be from my nets.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>The only trick is: The client as a access network from another provider and I can’t get hands on the configuration of his CPE. Furthermore, the external IP address of the customer might change from day to day. <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>For reliability, I would prefer fiber, of course. But the next fiber is approx. 2 miles away and digging is approx. 40k EUROS (!). <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>So, I am looking for a solution to provide BGP redundancy to smaller customers (e.g. 50 Users) even at locations, where I can not do what I want. This would make it possible for customers with provider independent address space to have bgp with 2 neigbors (e.g. one is thier standard ISP with a fast line (100Mbps), one is the backup ISP (e.g. 20 Mbps via G.SHDSL …).<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>Cheers,<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New";color:#1F497D'>John<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> arievayner@gmail.com [mailto:arievayner@gmail.com] <b>On Behalf Of </b>Arie Vayner<br><b>Sent:</b> Wednesday, Januar</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>y 19, 2011 8:58 PM<br><b>To:</b> John Fitzgerald<br><b>Cc:</b> cisco-bba@puck.nether.net<br><b>Subject:</b> Re: [cisco-bba] L2TP on dynamic IP<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>John,<br><br>What would most likely be a better solution for both solutions is to assign the customer a fixed IP allocated from RADIUS when they connect over L2TP (I assume PPP...)<br>This will allow you to have a static BGP session with the statically allocated IP address.<br><br>Another option is to look at the BGP dynamic neighbors feature:<br><a href="http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/brbpeer.html#wp1131929">http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/brbpeer.html#wp1131929</a><br><br>For IPSec there are quite a few solutions for IPSec sessions with dynamic peers.<br>I think this could be a good starting point:<br><a href="http://www.cisco.com/en/US/products/ps6635/prod_white_papers_list.html">http://www.cisco.com/en/US/products/ps6635/prod_white_papers_list.html</a><br><br>Arie<o:p></o:p></p><div><p class=MsoNormal>On Wed, Jan 19, 2011 at 8:23 PM, John Fitzgerald <<a href="mailto:john.fitzgerald@internet.de">john.fitzgerald@internet.de</a>> wrote:<o:p></o:p></p><p class=MsoNormal>Hi,<br><br>I've got two design questions:<br><br><br>1. Is it possible to map a net via L2TP (IPv4 PI Space) to a client, which<br>comes from a dynamic IP Address? E.g he has RIPE PI Space AAA.BBB.CCC.DDD<br>and as he connects, routers will allow traffic to his network<br>AAA.BBB.CCC.DDD and BGPv4 will recognize an will aloe route servers to be<br>changed...<br><br>2. Is it possible to have the IPSec with (1.)?<br><br><br>Cheers,<br><br><br>John<br><br>_______________________________________________<br>cisco-bba mailing list<br><a href="mailto:cisco-bba@puck.nether.net">cisco-bba@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-bba" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-bba</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></body></html>