[j-nsp] Hub and Spoke VPN
Adam Szymajda
aszymajd at wp.pl
Fri Nov 14 03:46:22 EST 2003
Let's say we have the following scenario:
_______ _______
S----| | | |
S----| | | |
S----| | | |-------Hub
S----| PE1 |---------| PE2 |
S----| | | |
S----|_____| |_____|
S - spoke sites connected via different [sub]interfaces to the
same vrf.
The main goal is to force the spokes to communicate only via hub.
Putting all spoke subinterfaces into single vrf is the simplest
solution to maintain and most preffered, however you have to set
static routes in this vrf to reach a particular spoke site. This
will cause that it is possible to reach spoke site 1 from spoke
site 2 omitting the hub site. (traffic will be routed within PE1
even if hub will export default route pointing it)
There can be more PE's with spokes connected to it. Is there any
way to achieve it without complicating things, like separate VRF
for each site?
Best regards,
Adam
-------------------------------------------------------------------
Rozejrzyj się wokoło... świat wilkołaków i wampirów
jest bliżej niż się wydaje! "Underworld" w kinach od 28 listopada!
http://film.wp.pl/p/film.html?id=7801
More information about the juniper-nsp
mailing list