OSPF Routing

Jose Muniz MuniX-1 at PACBELL.NET
Thu Jul 6 02:27:33 EDT 2000


hello there;

Well, I have actually done it and it took me a few tries.
Here is the secret:

You need to create a tunnel interface on each of the OSPF
neighbors, then you will need 1 static that will point to the
VPN to route to the other side of the tunnel.
You need to do this obviously in all of the participating neighbor
routers.
Then you need to add policy routing so any traffic from the
outside of the VPN is routed directly out and it is not
distributed via OSPF.

If you do not do this then the routes will expire every 30 secs. and
then they get distributed again, making the network unusable every
30 seconds...
The egg and the chicken analogy...
THe pockets will go around and around and around...

The problem is that you can not adjust the MTU on a tunnel interface
and then you will get lots of frags, i think that the MTU is 1470
or so.

It really did not behaive as well as I thought, some applications seemed
to
perform slow, particulary the apps that send big pockets, NFS for
example.

The work that takes to do this is better to use statics, as far as your
networks are diced properly you should not have that many statics per
area.

However it is well worth the fun to play with nested tunnels..   ;-]

Jose Muniz

> Standen Malcolm - mlsa wrote:
>
> Has anybody any experience thoughts on using OSPF as the routing and
> advertising protocol in a VPN network, using the virtual interface to
> define/learn the routing for site-to-site multi-routed network traffic
> verses external non corporate traffic?
>
> Regards
>
> Malcolm

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list