Is RFC2547bis VPN over IPSEC Core being implemented in Cisco ?
We have a legal requirement that oblige us to keep confidentiality in our internal IP network (there are scenarios in which ES have no way to encrypt the sensitive data). We are evolving to a MPLS backbone with PE in each PoP of our company and we want to associate VLAN to VRF (we wnat to segregate our internal IP network with multiple VPN) . So there are no CE.
A very small percentage of the IP flows must be encrypted but they can belong to different VPN.
(1) E. Rosen says in RFC2547bis that we can run L3VPN over non MPLS core like GRE or IPSEC Core. Do you now in Cisco has implemented any L3-VPN over IPSEC Core ?
(2) In case that it was already implemented do you think that a PE could work simultaneously with an MPLS Core and an IPSEC Core ?
Ideally we would like to have per PE-PE couple
* One LSP tunnel for non-sensitive traffic.
* One IPSEC tunnel for sensitive data.
and being able to control trough extended ACL (maybe PBR per VRF) which tunnel to take.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...