[f-nsp] GRE Tunnel - Foundry RX-4 to FESX-648 PREM over Public Internet
Eldon Koyle
ekoyle+puck.nether.net at gmail.com
Sat Jun 16 11:10:45 EDT 2018
The problem you are going to run into is routing outbound traffic the
proper way. There the solutions I can come up with are policy based
routing (which doesn't seem very elegant) and VRF-lite (not sure if or how
well supported it is in your device).
For policy based, BGP session from corporate office over GRE to advertise
your new route and route map on any interface that may receive traffic from
the new network that sends internet traffic across the GRE tunnel.
For the route map, you need an ACL that denys any local traffic then
permits 0.0.0.0/0, then use that to set the next hop to the other side of
the GRE tunnel. It kind of defeats the purpose of dynamic routing.
If the corporate device supports VRF-lite, you could create a vrf for that
network, peer it with the datacenter via GRE for a default route, and peer
it with the default vrf for local routes. Read the docs, though... you
often lose a lot of functionality on an interface that has a VRF on Brocade
devices.
--
Eldon
On Fri, Jun 15, 2018, 08:16 Derek Maxwell <derek.maxwell at chosentechgroup.com>
wrote:
> Note to the list - one of our vendors pointed out that I made an error -
> the equipment at the corporate end is actually a FCX-648 with the Premium
> license.
>
>
>
> ------------------------------
> *From:* foundry-nsp <foundry-nsp-bounces at puck.nether.net> on behalf of
> Derek Maxwell <derek.maxwell at chosentechgroup.com>
> *Sent:* Thursday, June 14, 2018 7:55 PM
> *To:* foundry-nsp at puck.nether.net
> *Subject:* [f-nsp] GRE Tunnel - Foundry RX-4 to FESX-648 PREM over Public
> Internet
>
>
> Not sure if this is possible, but curious if anyone has any ideas for the
> config.
>
>
> We have a few /24s that we announce in our datacenter over BGP (Foundry
> RX-4)
>
>
> We have a statically routed /28 from AT&T at our corporate office
> (FESX-648 PREM as a Layer 3 switch)
>
>
> Due to an IP address shortage, we need to route back a /28 carved out of
> our datacenter IP address space to the corporate office. I know this is
> doable via a GRE tunnel, but not sure where to start with a config.
>
>
> Any suggestions on execution for this scenario, or am I wrong that it will
> work?
>
>
> --Derek Maxwell
>
> Chosen Technology Group / Chosen Payments
>
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20180616/32683e25/attachment.html>
More information about the foundry-nsp
mailing list