I've trying to design an interesting VPLS network, Let me take you through my requirements which will help you to gain a better understanding.
- Eight Customer Sites
- MPLS core P nodes (7600's which IOS do i need)
- PE's on the edge (7600's which IOS do i need)
- CE's Routers (2800's which IOS)
The design should be a complete layer 2 domain, as far as i can tell we need one entire bridge domain. What I will also need is some encryption in the core of my network, I was considering using GRE ontop of IPSEC. GRE will provide me with the ability to route my traffic through the core. We also need to bare in mind that we're going to need layer three connectivity in order to obtain GRE tunnel connectivity in my core.
I'm suspecting that we're going to need to deploy GRE tunnels between the P nodes because this is where I'll have layer three connectivity. Also within the core I'll be using OSPF to advertise the core links.
They'll be no routing protocols on the PE's as this will be a layer two domain.
Please can you provide some pointers with regards to whether deploying GRE ontop of IPSEC is the best method in terms of providing encryption in the core.
Please provide pointers on the above requirements.