[j-nsp] redundant scenario

Matthias Gelbhardt matthias at commy.de
Sun Jul 27 06:52:46 EDT 2008 

Are there any debug possibilities for IPsec?


Am 26.07.2008 um 23:06 schrieb GIULIANO (UOL):

> Matthias,
>
> JUNOS 9.1R2.1 does not need IPSec VPN License.
>
> It came as a default feature.
>
> There is some configuration example:
>
>
> http://www.wztech.com.br/config/junos-ipsec-config
>
>
> For 2320 and 2350 you add the hardware acceleration module:
>
> JXH-HC2-S   J2320, J2350 Hardware Crytographic Acceleration Module
>
>
> I think J-4350 and J-6350 will NOT have any problems with IPSec  
> processing.
>
> Att,
>
> Giuliano
>
>
>
>
>> Hi!
>> I presume GRE would be less cpu intensive? I think when the link  
>> goes down a somewhat slower interconnectivity would be sufficient.  
>> At the moment we have 100 Mbit links to the internet on both sides,  
>> so it would be great to have that bandwidth also over the tunnel.
>> As far as I know, these are blank boxes, without additional VPN  
>> licenses, so I presume IPsec would not be the right decision. But  
>> if it is possible to use an IPsec tunnel to build an iBGP session,  
>> I will play with it ;)
>> Am 26.07.2008 um 20:49 schrieb GIULIANO (UOL):
>>> You can use an IPSec or a GRE Tunnel.
>>>
>>> IPSec will work just fine for that.
>>>
>>>
>>>> Hi Mathias,
>>>> If your J6350 run JUNOS with enhanced services, you can setup  
>>>> JSRP (Juniper Network Stateful Redudancy Protocol).
>>>> But I'm not really sure if this is the solution you're looking for.
>>>> Still a newbie though >.<
>>>> Regards,
>>>> Stevanus
>>>> Matthias Gelbhardt wrote:
>>>>> Hi!
>>>>>
>>>>> I am hoping you can give me some tips for implementing this  
>>>>> scenario.
>>>>>
>>>>> I have two locations each with two J6350 routers. The locations  
>>>>> are connected via a fiber network with each other. On each  
>>>>> location the J's do have at least one eBGP session to different  
>>>>> carriers. The boxes speak iBGP over the fiberlink with each  
>>>>> other. We have split our PA space, so that we can announce  
>>>>> different prefixes on each location. The prefixes which are not  
>>>>> originating on one location will be received through iBGP from  
>>>>> the originating one.
>>>>>
>>>>> How could I implement a redundant scenario? At first I had  
>>>>> thought about getting the other prefixes via eBGP, but that is  
>>>>> something, which seams to be no "clean" solution. Furthermore  
>>>>> our carriers seam to be not happy with announcing prefixes with  
>>>>> our AS in the path back to us.
>>>>>
>>>>> The more clean solution could be establishing a tunnel between  
>>>>> the location over the internet and speak iBGP with a low  
>>>>> priority over it. Unfortunatly I am a bit lost, which type of  
>>>>> tunnel I should use for this scenario, as the J's are unable to  
>>>>> implement a L2TP tunnel for example.
>>>>>
>>>>> Would be great to get an idea and help implementing this!
>>>>>
>>>>> Regards,
>>>>>
>>>>> Matthias
>>>>> _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>> No virus found in this incoming message.
>>>> Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus  
>>>> Database: 270.5.6/1574 - Release Date: 25/07/2008 16:27
>>>
>> No virus found in this incoming message.
>> Checked by AVG - http://www.avg.comVersion: 8.0.138 / Virus  
>> Database: 270.5.6/1574 - Release Date: 25/07/2008 16:27
>

More information about the juniper-nsp mailing list