This is for a medium sized Enterprise hub and spoke Frame-Relay network of 40 sites located across contenental US. Today all spoke sites use 2620 routers. Hub is multiple 7200s. Routing protocol is ospf. Hub site has two 3030 VPN concentrators.
In an effort to lower costs and increase performance we had what seems to be a good idea.
"augment our frame-relay network with VPNs. All sites could have a frame-connection and a VPN link as well. We could send some applications like bulk transfer and e-mail on the VPN but use the frame for critical delay sensitive applications. And even better, both would backup each other"
Sounds good on paper but the difficulty is in the details. Specifically routing and backup paths.
I've considered using the spoke 2620s as the only router at the site. This could terminate the frame and DSL/TDM internet circuit and provide outbound traffic control via route-maps. It would handle encryption and tunneling as well. At the hub the 3030s terminate the tunnels and some router or MSFC could do the route-maps to send applications over specific paths.
But I don't see how to run a routing protocol over a VPN tunnel. So this leaves me with some kind of floating static route for backup.
Anybody have any ideas on combining frame and VPN into a cohesive, application aware transport?
Just a suggestion, If you are using Routers all across your network and terminate the tunnels on those then we can use IPSec over GRE which would let Routing protocols to run over the tunnel aswell. For further details get in touch with your SE & Account team to design this.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...