13 Mar
2026
13 Mar
'26
2:58 a.m.
On 12/03/2026 20:25, Bryan Holloway via NANOG wrote:
* OSPF - each VRF should have its own instance, so we need something that supports interface-based tunneling since IPsec doesn't handle multicast well. Open to other tunneling strategies. Wireguard? OpenVPN?
We've built a DCN network for our optical backbone based on pfSense and FreeBSD with WireGuard, OSPF and BGP, across diverse DIA links in each data centre. Works pretty good. WireGuard is awesome! Can't imagine how we made IPSec work :-)... Mark.