[j-nsp] redundant scenario
Stevanus
stevanus at datacomm.co.id
Sun Jul 27 07:05:19 EDT 2008
Yes, using traceoptions
Matthias Gelbhardt wrote:
> Are there any debug possibilities for IPsec?
>
>
> Am 26.07.2008 um 23:06 schrieb GIULIANO (UOL):
>
>> Matthias,
>>
>> JUNOS 9.1R2.1 does not need IPSec VPN License.
>>
>> It came as a default feature.
>>
>> There is some configuration example:
>>
>>
>> http://www.wztech.com.br/config/junos-ipsec-config
>>
>>
>> For 2320 and 2350 you add the hardware acceleration module:
>>
>> JXH-HC2-S J2320, J2350 Hardware Crytographic Acceleration Module
>>
>>
>> I think J-4350 and J-6350 will NOT have any problems with IPSec
>> processing.
>>
>> Att,
>>
>> Giuliano
>>
>>
>>
>>
>>> Hi!
>>> I presume GRE would be less cpu intensive? I think when the link
>>> goes down a somewhat slower interconnectivity would be sufficient.
>>> At the moment we have 100 Mbit links to the internet on both sides,
>>> so it would be great to have that bandwidth also over the tunnel.
>>> As far as I know, these are blank boxes, without additional VPN
>>> licenses, so I presume IPsec would not be the right decision. But if
>>> it is possible to use an IPsec tunnel to build an iBGP session, I
>>> will play with it ;)
>>> Am 26.07.2008 um 20:49 schrieb GIULIANO (UOL):
>>>> You can use an IPSec or a GRE Tunnel.
>>>>
>>>> IPSec will work just fine for that.
>>>>
>>>>
>>>>> Hi Mathias,
>>>>> If your J6350 run JUNOS with enhanced services, you can setup JSRP
>>>>> (Juniper Network Stateful Redudancy Protocol).
>>>>> But I'm not really sure if this is the solution you're looking for.
>>>>> Still a newbie though >.<
>>>>> Regards,
>>>>> Stevanus
>>>>> Matthias Gelbhardt wrote:
>>>>>> Hi!
>>>>>>
>>>>>> I am hoping you can give me some tips for implementing this
>>>>>> scenario.
>>>>>>
>>>>>> I have two locations each with two J6350 routers. The locations
>>>>>> are connected via a fiber network with each other. On each
>>>>>> location the J's do have at least one eBGP session to different
>>>>>> carriers. The boxes speak iBGP over the fiberlink with each
>>>>>> other. We have split our PA space, so that we can announce
>>>>>> different prefixes on each location. The prefixes which are not
>>>>>> originating on one location will be received through iBGP from
>>>>>> the originating one.
>>>>>>
>>>>>> How could I implement a redundant scenario? At first I had
>>>>>> thought about getting the other prefixes via eBGP, but that is
>>>>>> something, which seams to be no "clean" solution. Furthermore our
>>>>>> carriers seam to be not happy with announcing prefixes with our
>>>>>> AS in the path back to us.
>>>>>>
>>>>>> The more clean solution could be establishing a tunnel between
>>>>>> the location over the internet and speak iBGP with a low priority
>>>>>> over it. Unfortunatly I am a bit lost, which type of tunnel I
>>>>>> should use for this scenario, as the J's are unable to implement
>>>>>> a L2TP tunnel for example.
>>>>>>
>>>>>> Would be great to get an idea and help implementing this!
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Matthias
>>>>>> _______________________________________________
>>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>>
>>>>> _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>> No virus found in this incoming message.
>>>>> Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus
>>>>> Database: 270.5.6/1574 - Release Date: 25/07/2008 16:27
>>>>
>>> No virus found in this incoming message.
>>> Checked by AVG - http://www.avg.comVersion: 8.0.138 / Virus
>>> Database: 270.5.6/1574 - Release Date: 25/07/2008 16:27
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list