Differences between using crypto maps in IPSec and VTI-based IPSec

Differences between using crypto maps in IPSec and VTI-based IPSec

I’m going to write a post about a simple, yet complex topic today and that is using crypto-maps in IPSec versus VTI-based IPSec. There are many topics on this everywhere but most of them lack very important facts that make the whole scenario stops working as needed. I see on many sites that they want to attach IPSec crypto maps on physical interfaces alongside NAT for a simple purpose; that is enabling 2 branch offices to exchange traffic with each other securely, while being able to reach the Internet using NAT and unsecurely.…Read more …
MPLS L3VPN with OSPF as PE-CE routing protocol

MPLS L3VPN with OSPF as PE-CE routing protocol

In this scenario we have a sample topology that is shown below. Routers R1, R2, R6 and R8 are owned by a customer and he wants us to establish reachability between these two sites through our SP network. Routers at site A are located inside a rack at Istanbul and routers R6 and R8 are located inside a server room at Ankara, Turkey. Our SP network extends across whole country so we have PoP at these two cities. Meantime we are using “OSPF 1” inside our SP network alongside BGP. The IPv4 BGP…Read more …
DMVPN redundancy

DMVPN redundancy

In this post I want to show you how to implement redundancy in DMVPN network. Cisco DMVPN design guide says that there are two kinds of redundancy in DMVPN networks: 1- Dual hub/Single DMVPN cloud 2- Dual hub/Dual DMVPN cloud Cisco does not recommend the first one in which we have 2 central hubs but both of them uses the IP from the same L3 network on their mGRE tunnels. The sample for this could be 192.168.1.1/24 for first hub, 192.168.1.2/24 for second hub and 192.168.1.3 to 192.168.1.254 for spokes. The disadvantages of…Read more …
Simple PPPoE connection on Cisco Routers

Simple PPPoE connection on Cisco Routers

This is small topic about establishing PPPoE session using Cisco devices and its various IP addressing techniques. A Cisco router can act as either of PPPoE client or server. In out simple topology, we have 3 routers in which R1 is our PPPoE client and R2 is PPPoE server. While configuring PPPoE client, we need an special interface, named “dialer interface” which is virtual and will bind to physical interface f0/0 on R1. The default encapsulation of dialer interface is not PPP and we need to set it up manually. Sample configuration of…Read more …
EIGRP Named-Mode

EIGRP Named-Mode

Starting with version 15, Cisco has announced major changes to its IOS and one of them is the way of configuring the EIGRP. This method is called EIGRP named-Mode, in which you are supposed to configure EIGRP with given name, rather than an AS number in global configuration mode. Actually there is not huge difference between the configuration of the two and I think you must not have any difficulties if you are used to work with the older version. So I’m going to show you a simple scenario in which I will…Read more …
BGP Communities

BGP Communities

This is small topic about using the communities in BGP. I’m going to use the topology from previous topic, which was about “MPLS VPN”. As you remember, R1 had generated an aggregate route to R3. But customer B’s router, R2, had advertised routes to R3 as they were, without summarization. What I want to do is generating communities on R1 and R2 and test routes on other sites to see if they are there. First we need a route-map on R1 and R2 to attach communities to routes. This route-map is used with…Read more …
MPLS VPN – Part 4

MPLS VPN – Part 4

this is the second part of "MPLS VPN - Part 3" topic. in the previous post I discussed about building MPLS VPN network with BGP as PE-CE protocol and this one is the remaining portion of that document. if you want to read this guide, it is better to start with previous one. Now we have reachability from each PE router to its clients and the only remaining part is establishing full connectivity. For this, we must enable MP-BGP between R3 and R5. 84Read more …
MPLS VPN – Part 3

MPLS VPN – Part 3

In this article I want to show you another MPLS VPN scenario with BGP running as PE-CE protocol. We are free to use any protocol between PE and CE routers, depending on situations. Normally these situations are decided after talking to customers. Anyway, suppose that we, as SP network, and customer have agreed upon running BGP between PE and CE routers. The requirements are as follows: - Customer A owns its AS number (AS #1), customer B owns its AS number too (AS #2) - Customers A and B have 2 offices and…Read more …
MPLS VPN – Part 2

MPLS VPN – Part 2

for the sake of easier reference, I put our topology here and continue. Remember the requirements that emphasis on incapability of R3 router to run MPLS. So we need to create a tunnel between two PE routers, because these two routers don’t have direct access to each other. What we are going to do is creating a tunnel between loopback interfaces of PE routers, assigning IP address on tunnel interfaces and enabling MPLS and changing the protocol from default to LDP. after that we must have our LDP neighborship in place. Just remember…Read more …
MPLS VPN – Part 1

MPLS VPN – Part 1

This topic relates to one of the most important SP technologies, MPLS L3VPNs. You know that there are different ways of creating VPNs, and MPLS L3VPN is just one of them. Discussing the fundamentals of this type of MPLS maybe needs a complete book, and I don’t want to go through it either. But I want to show you the configuration part. So what we need is a topology and its requirements. There are 2 customers, A and B, which are connected to a single service provider, AS 234. Each of these customers…Read more …