Re: [j-nsp] srx210 interesting difficulty with managed layer 3 setup .
Hello Georgios , Thank you . THis information is quite helpful . Twyl , JimL On Tue, 16 Jul 2013, Georgios Vlachos wrote: You have two options actually: L2circuit (Martini circuit) or VPLS (BGP based) over MPLS over GRE over IPsec! p.s. watch out for fragmentation issues due to the encapsulation overhead. -- +--+ | James W. Laferriere | SystemTechniques | Give me VMS | | NetworkSystem Engineer | 3237 Holden Road | Give me Linux | | bab...@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +--+ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] srx210 interesting difficulty with managed layer 3 setup .
Hello All , We've a vendor that is providing us a l3 managed interconnect to one of our branch locations . Both of our branches have a internet feeds we were looking to do some method of internet backup connection . Now the proposed configuration: I1()---B1---srx1--ipsec--srx2-B2---I2() internet Branch Managed Managed Branch internet The ipsec section is required by management . No unencrypted data outside of our control space(-;) . What we'd like to do: Is run ospf on our B1 B2 devices which are not srx's to propigate the default when one or the other looses connectivity . Distance between B1 B2 is negligible as far as latency is concerned . But our ospf announcements are NOT allowed in the vendors network as they are running ospf . Is there some method of configuring the srx's to have the interface at B1 at srx1 be hard mapped to pass all traffic to the srx2 at B2 ? So that we can run ospf ? Tia , JimL -- +--+ | James W. Laferriere | SystemTechniques | Give me VMS | | NetworkSystem Engineer | 3237 Holden Road | Give me Linux | | bab...@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +--+ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] srx210 interesting difficulty with managed layer 3 setup .
You have two options actually: L2circuit (Martini circuit) or VPLS (BGP based) over MPLS over GRE over IPsec! p.s. watch out for fragmentation issues due to the encapsulation overhead. -Original Message- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Mr. James W. Laferriere Sent: Tuesday, July 16, 2013 9:16 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] srx210 interesting difficulty with managed layer 3 setup . Hello All , We've a vendor that is providing us a l3 managed interconnect to one of our branch locations . Both of our branches have a internet feeds we were looking to do some method of internet backup connection . Now the proposed configuration: I1()---B1---srx1--ipsec--srx2-B2---I2() internet Branch Managed Managed Branch internet The ipsec section is required by management . No unencrypted data outside of our control space(-;) . What we'd like to do: Is run ospf on our B1 B2 devices which are not srx's to propigate the default when one or the other looses connectivity . Distance between B1 B2 is negligible as far as latency is concerned . But our ospf announcements are NOT allowed in the vendors network as they are running ospf . Is there some method of configuring the srx's to have the interface at B1 at srx1 be hard mapped to pass all traffic to the srx2 at B2 ? So that we can run ospf ? Tia , JimL -- +--+ | James W. Laferriere | SystemTechniques | Give me VMS | | NetworkSystem Engineer | 3237 Holden Road | Give me Linux | | bab...@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +--+ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp