[j-nsp] Trying to get OSPF to work across IPsec for Redundancy

Stefan Fouant sfouant at shortestpathfirst.net
Fri Apr 29 19:29:53 EDT 2011 

Good catch Devin.  Thanks very much for following up on-list so that others may benefit from your experience.

Stefan Fouant
GPG Key ID: 0xB4C956EC

Sent from my HTC EVO.

----- Reply message -----
From: "Devin Kennedy" <devinkennedy415 at hotmail.com>
Date: Fri, Apr 29, 2011 6:07 pm
Subject: [j-nsp] Trying to get OSPF to work across IPsec for Redundancy
To: <juniper-nsp at puck.nether.net>

I was finally able to get this working.  I had to set the MTU's explicitly
on each sub unit (I just set them to 1500).  I guess the default MTU that
the st0 and sp- interfaces use doesn't work well with OSPF.  



-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of OBrien, Will
Sent: Friday, April 29, 2011 10:08 AM
To: Dale Shaw
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Trying to get OSPF to work across IPsec for Redundancy

We were using two tunnels to separate peers. 1 to a pci network and another
for office workers to be on our normal user network.

I will see if I can dig up details later today

Will

Sent from my iPad

On Apr 29, 2011, at 9:05 AM, "Dale Shaw" <dale.shaw at gmail.com> wrote:

> Hi Stefan,
> 
> On Friday, April 29, 2011, Stefan Fouant 
> <sfouant at shortestpathfirst.net>
wrote:
>> I have successfully built IPsec tunnels using a Secure Tunnel 
>> interface terminating in both 'virtual-router' and 'forwarding' 
>> Routing Instances using Junos 10.4R4.3.  I also had no problems 
>> getting OSPF up and running using both Multipoint or Point-to-Point
configurations.
>> 
> 
> Interesting!
> 
> Like Will, I've been bitten by the "OSPF over st0.x in a routing 
> instance" problem. For us it seems to pop up when there are multiple 
> tunnels (in discrete instances) established between the same peers.
> 
> Did your testing happen to include the multiple tunnels scenario?
> 
> Will, do you happen to have a PR # for the problem? We've experienced 
> it on 10.0R3 and R4. It's not widely supported in those releases but 
> Juniper initially told us it should work. It's the #1 reason we're 
> looking at 10.4.
> 
> Cheers,
> Dale

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list