I'm a network admin for a small company, we have offices in few countries and recently ordered managed circuits from Orange Business Services. Up to now we have been running VPN's over internet.
I know MPLS quite well, MP-BGP.. and the plan is (hopefully not was) to run MPLS between the offices to be able to separate different security zones without having to use ACL's ..Firewalls ..etc. Our company has different divisions that need full separation.
So, the platform I chose is 2811+sec bundle. I have in a lab put a full mesh GRE tunnels, running OSPF/MP-BGP and mpls ip on the GRE interfaces. All works quite well. I add the encryption ontop and it works in if I use esp (not AH).
We are going to be running GRE tunnels over Orange and also over the Internet as backup. We are price sensitive.
I'm looking for a validation of this setup , is this OK? It's not the strongest platform but circuit speed is around 10-20Mbps.
Is there some other tunneling technology that I should be using ?
Any other general thoughts on a setup like this ?
I used profile ipsec configuration on the GRE tunnel - I'm looking for minimizing the overhead - encryption is perhaps not the biggest issue over the OBS network - so if there is a faster-better way - I would be really interested