I'm building a VPN IPSec with Vitual Tunnel Interface (VTI) and I added
dynamic routing in tunnels with OSPF.
Hardware used : ISR 3825 HSEC/K9
I have about 50 peers in this VPN connected in full meshed on Internet.
We use OSPF in Point to Point mode, so no DR or BDR.
All these peers are in area 0
Right now we have about 600 routes broadcasted in our network.
First question : next step for me is to backup links for these peers, so
we could be at more than 100 peers in area 0, is it possible ? what's
the limit ? what's the best solution from you ?
Second question : I tried to ban relays with OSPF but "distribute-list
out" doesn't work, I needed to use ACLs (out) in each interface
tunnel... but it's not great because I deny datas when they appear on my
router whereas better would be to stop them on the first router.
In resume, I would like to choose what networks I want to dispatch and
ban all others (even relayed ospf).