[c-nsp] MPLS over GRE/IPSEC
Phil Mayers
p.mayers at imperial.ac.uk
Tue Aug 7 07:24:12 EDT 2012
What is the smallest Cisco device that can do 1Gbit/sec of MPLS over GRE
over IPSEC?
On the LAN side, the device will need to do VLANS, IPv4 & IPv4, HSRP,
multicast and possibly some basic QoS for VoIP prioritisation. On the
WAN side, the device will need to tunnel MPLS L3VPN over GRE, then
IPSec-protect the GRE traffic. Obviously it will need BGP/LDP. Physical
interfaces will need to be 2x gigE, and the device will actually need to
forward 1gig or very close to it.
The background here is that we have some remote sites we want to bring
back into our MPLS L3VPN. We can obtain an IP connection with large MTU
more cheaply than we can obtain an ethernet circuit, and we've been
asked to price up some options.
Personally I think this architecture would be needlessly complex and
likely more expensive, but I need to know what kit would be needed
before I can price it up.
If anyone has any more general comments (e.g. "don't do it for reason
X") I'd be interested to hear them.
Cheers,
Phil
More information about the cisco-nsp
mailing list