[RE: [nsp] gre tunnel using loopback for source]

Streiner, Justin streiner at stargate.net
Tue Jun 3 04:31:10 EDT 2003


On Mon, 2 Jun 2003, Pete Templin wrote:

> OSPF provides the most specific reachability, and the default route
> points the same way as well.
>
> I'm statically policy routing into the tunnels from a FastE
> subinterface, and following "normal" destination-based routing from the
> tunnel to the subinterface at the far end.

I originally tried this, but ran into scalability and administrative problems.
You may want to check out VRFs as another way to do what you're doing here.
Cisco's VRF documentation is a bit misleading.  Since it's always
mentioned in the context of implementing an MPLS-based VPN, it's easy to
assume that you have to be running MPLS and/or a VPN to get any use out of
VRFs.  Not so, as I found from a late-night caffeine-fueled tinkering
session...

I use it in conjunction with OSPF, GRE tunnels and a few static routes to
implement some VPN-like services.  Replace the GRE tunnels with crypto
tunnels and it becomes a lot more VPN-like ;-)  I can send a sample config
if you're interested.

jms


More information about the cisco-nsp mailing list