[j-nsp] RES: Trying to get OSPF to work across IPsec for Redundancy

Keegan Holley keegan.holley at sungard.com
Thu Apr 28 23:58:35 EDT 2011


sorry I meant IPSEC doesn't carry multicast.  OSPF technically doesn't
"carry" anything.

On Thu, Apr 28, 2011 at 11:28 PM, Keegan Holley
<keegan.holley at sungard.com>wrote:

> I don't think OSPF carries multicast.  I know cisco routers have a neighbor
> statement that will force it to unicast hello's I've never tried it on a
> juniper. I think if you do GRE over IPSEC (not to be confused with IPSEC
> over GRE) the multicast will work as well.  It depends on your endpoints
> though, I don't think firewalls will do GRE.
>
>
> On Thu, Apr 28, 2011 at 3:59 PM, Leonardo Gama Souza <
> leonardo.souza at nec.com.br> wrote:
>
>> > Hello All:
>> >
>> > I'm trying to get OSPF up over IPsec.  We have two IPsec tunnels, a
>> > primary and a secondary that our spoke router can use.  We want to
>> have
>> > the spoke router run OSPF across both and then in case of a failure of
>> > the primary hub router (where the primary IPsec tunnel terminates)
>> OSPF
>> > will direct traffic over the backup tunnel to the backup hub.
>> >
>> > So far I have seen OSPF on the spoke router come up just a couple of
>> > times but only to one or the other peer.  It never has come up to both
>> > peers.  Here are my configurations for OSPF and the services
>> interfaces
>> > below.  Also BGP is up on all routers and all routers are reachable
>> via
>> > BGP.
>> >
>> > If anyeone can guide me in the right direction to get OSPF working
>> over
>> > IPsec that would be most apprectiated!
>>
>> As far as I know IPSec solely is not able to carry Multicast traffic.
>> Are you using GRE over IPSec? If not, you may want to try unicast
>> hellos.
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>


More information about the juniper-nsp mailing list