[c-nsp] Encrypting GRE on IOS-XR ...
Bryan Holloway
bryan at shout.net
Tue Nov 26 14:30:11 EST 2024
Follow-up:
So supposedly one CAN run OSPF across an IPsec tunnel if you use
non-broadcast mode, but I'm nervous about crypto ACLs and the potential
ongoing maintenance required.
Would still prefer a simpler IPsec-encrypted GRE tunnel solution ... :)
On 11/26/24 19:34, Bryan Holloway via cisco-nsp wrote:
> Use-case:
>
> Network with several inter-colo WAN links and decent redundancy, but hey
> -- things break. Need to keep certain management (think VRF) things
> working across severed portions of the network after enough backhoes
> have had their way with us.
>
> Running mostly IOS-XR 6.5.3 everywhere.
>
> I'd like to build a couple of tunnels and run high-cost OSPF across them
> for fail-over situations. Since OSPF generally doesn't work over IPsec,
> I've been looking at IPsec-encrypted GRE tunnels, but I haven't found
> any good examples (at least not using IOS-XR.) Plenty of ones for IOS,
> but ...
>
> Curious if anyone in the community has made this work ...
>
> Or should I be looking in a different direction?
>
> Thank you in advance!
>
> - bryan
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list