Branch Location Over The Internet
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80. They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location. We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site. Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address. What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier. If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use? I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists. There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under 10.
Hi, On Tue, Aug 11, 2015 at 01:21:09PM -0500, Colton Conor wrote:
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN. [ ... ]
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
You could look into using the LISP protocol, i think it meets all your requirements. http://lisp.cisco.com/index.html Kind regards, Job
Hi, Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features. Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ... #) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling Etc etc Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jj@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -----Original Message----- From: Colton Conor [colton.conor@gmail.com] Received: Dienstag, 11 Aug. 2015, 20:23 To: NANOG [nanog@nanog.org] Subject: Branch Location Over The Internet We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80. They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location. We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site. Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address. What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier. If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use? I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists. There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under 10.
EoIP seems to be what I am looking for, however this recent Mikrotik session says: EoIP could be a solution for tunneling L2 over L3. • EoIP disadvantages: – Fragmentation of L2 frames over multiple L3 packets – Performance issues • VPLS advantages: – No fragmentation. – 60% more performance then EoIP. So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol? On Tue, Aug 11, 2015 at 1:46 PM, Jürgen Jaritsch <jj@anexia.at> wrote:
Hi,
Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features.
Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ...
#) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling
Etc etc
Best regards
Jürgen Jaritsch Head of Network & Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300 Telefax: +43-5-0556-500
E-Mail: jj@anexia.at Web: http://www.anexia.at
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
-----Original Message----- *From:* Colton Conor [colton.conor@gmail.com] *Received:* Dienstag, 11 Aug. 2015, 20:23 *To:* NANOG [nanog@nanog.org] *Subject:* Branch Location Over The Internet
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under 10.
Eoip is Mikrotik only Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Aug 11, 2015 6:28 PM, "Colton Conor" <colton.conor@gmail.com> wrote:
EoIP seems to be what I am looking for, however this recent Mikrotik session says:
EoIP could be a solution for tunneling L2 over L3. • EoIP disadvantages: – Fragmentation of L2 frames over multiple L3 packets – Performance issues • VPLS advantages: – No fragmentation. – 60% more performance then EoIP.
So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol?
On Tue, Aug 11, 2015 at 1:46 PM, Jürgen Jaritsch <jj@anexia.at> wrote:
Hi,
Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features.
Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ...
#) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling
Etc etc
Best regards
Jürgen Jaritsch Head of Network & Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300 Telefax: +43-5-0556-500
E-Mail: jj@anexia.at Web: http://www.anexia.at
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
-----Original Message----- *From:* Colton Conor [colton.conor@gmail.com] *Received:* Dienstag, 11 Aug. 2015, 20:23 *To:* NANOG [nanog@nanog.org] *Subject:* Branch Location Over The Internet
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under
Josh, Just an FYI, I've successfully used these two EoIP implementations on Linux: https://code.google.com/p/linux-eoip/ https://github.com/bbonev/eoip So I wouldn't say EoIP is Mikrotik only -- these interop perfectly with Mikrotik. I started using these due to stability problems we were having with CCRs. Pat Tue, Aug 11, 2015 at 06:32:55PM -0400, Josh Luthman wrote:
Eoip is Mikrotik only
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Aug 11, 2015 6:28 PM, "Colton Conor" <colton.conor@gmail.com> wrote:
EoIP seems to be what I am looking for, however this recent Mikrotik session says:
EoIP could be a solution for tunneling L2 over L3. ? EoIP disadvantages: ? Fragmentation of L2 frames over multiple L3 packets ? Performance issues ? VPLS advantages: ? No fragmentation. ? 60% more performance then EoIP.
So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol?
On Tue, Aug 11, 2015 at 1:46 PM, J?rgen Jaritsch <jj@anexia.at> wrote:
Hi,
Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features.
Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ...
#) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling
Etc etc
Best regards
J?rgen Jaritsch Head of Network & Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300 Telefax: +43-5-0556-500
E-Mail: jj@anexia.at Web: http://www.anexia.at
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
-----Original Message----- *From:* Colton Conor [colton.conor@gmail.com] *Received:* Dienstag, 11 Aug. 2015, 20:23 *To:* NANOG [nanog@nanog.org] *Subject:* Branch Location Over The Internet
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under
-- Patrick Cole <z@wwwires.com> Senior Network Specialist World Without Wires PO Box 869. Palm Beach, QLD, 4221 Ph: 0410 626 630
Patrick, which CCR did you test? Best regards -----Ursprüngliche Nachricht----- Von: NANOG [mailto:nanog-bounces@nanog.org] Im Auftrag von Patrick Cole Gesendet: Mittwoch, 12. August 2015 00:49 An: Josh Luthman <josh@imaginenetworksllc.com> Cc: NANOG list <nanog@nanog.org> Betreff: Re: Branch Location Over The Internet Josh, Just an FYI, I've successfully used these two EoIP implementations on Linux: https://code.google.com/p/linux-eoip/ https://github.com/bbonev/eoip So I wouldn't say EoIP is Mikrotik only -- these interop perfectly with Mikrotik. I started using these due to stability problems we were having with CCRs. Pat Tue, Aug 11, 2015 at 06:32:55PM -0400, Josh Luthman wrote:
Eoip is Mikrotik only
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Aug 11, 2015 6:28 PM, "Colton Conor" <colton.conor@gmail.com> wrote:
EoIP seems to be what I am looking for, however this recent Mikrotik session says:
EoIP could be a solution for tunneling L2 over L3. ? EoIP disadvantages: ? Fragmentation of L2 frames over multiple L3 packets ? Performance issues ? VPLS advantages: ? No fragmentation. ? 60% more performance then EoIP.
So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol?
On Tue, Aug 11, 2015 at 1:46 PM, J?rgen Jaritsch <jj@anexia.at> wrote:
Hi,
Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features.
Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ...
#) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling
Etc etc
Best regards
J?rgen Jaritsch Head of Network & Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300 Telefax: +43-5-0556-500
E-Mail: jj@anexia.at Web: http://www.anexia.at
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
-----Original Message----- *From:* Colton Conor [colton.conor@gmail.com] *Received:* Dienstag, 11 Aug. 2015, 20:23 *To:* NANOG [nanog@nanog.org] *Subject:* Branch Location Over The Internet
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under
-- Patrick Cole <z@wwwires.com> Senior Network Specialist World Without Wires PO Box 869. Palm Beach, QLD, 4221 Ph: 0410 626 630
Hi, Some facts: Dell R300, 1x Xeon CPU (Quadcore, 2,6GHz) 8GB Memory Intel X520 10G NIC RouterOS x86 installation (that’s the OS from the Mikrotik Routerboards) Max transfer-rate via EoIP: ~5,7GBit/s If you plan to use jumbo frames (everything with an payload >1500 byte): yes, packets will be split up, transferred and aggregated on the other end. So your end-to-end communication will transport ANY MTU size you want (splitted up to your max transportable MTU size on the WAN side … eg MTU 1472, etc). Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jj@anexia.at<mailto:jj@anexia.at> Web: http://www.anexia.at<http://www.anexia.at/> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Colton Conor [mailto:colton.conor@gmail.com] Gesendet: Mittwoch, 12. August 2015 00:27 An: Jürgen Jaritsch <jj@anexia.at> Cc: nanog@nanog.org Betreff: Re: Branch Location Over The Internet EoIP seems to be what I am looking for, however this recent Mikrotik session says: EoIP could be a solution for tunneling L2 over L3. • EoIP disadvantages: – Fragmentation of L2 frames over multiple L3 packets – Performance issues • VPLS advantages: – No fragmentation. – 60% more performance then EoIP. So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol? On Tue, Aug 11, 2015 at 1:46 PM, Jürgen Jaritsch <jj@anexia.at<mailto:jj@anexia.at>> wrote: Hi, Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features. Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ... #) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling Etc etc Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jj@anexia.at<mailto:jj@anexia.at> Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -----Original Message----- From: Colton Conor [colton.conor@gmail.com<mailto:colton.conor@gmail.com>] Received: Dienstag, 11 Aug. 2015, 20:23 To: NANOG [nanog@nanog.org<mailto:nanog@nanog.org>] Subject: Branch Location Over The Internet We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80. They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location. We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site. Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address. What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier. If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use? I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists. There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under 10.
EoIP will tunnel over anything IP, including the public Internet. VPLS will only go over your network. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Colton Conor" <colton.conor@gmail.com> To: "Jürgen Jaritsch" <jj@anexia.at> Cc: nanog@nanog.org Sent: Tuesday, August 11, 2015 5:27:22 PM Subject: Re: Branch Location Over The Internet EoIP seems to be what I am looking for, however this recent Mikrotik session says: EoIP could be a solution for tunneling L2 over L3. • EoIP disadvantages: – Fragmentation of L2 frames over multiple L3 packets – Performance issues • VPLS advantages: – No fragmentation. – 60% more performance then EoIP. So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol? On Tue, Aug 11, 2015 at 1:46 PM, Jürgen Jaritsch <jj@anexia.at> wrote:
Hi,
Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features.
Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ...
#) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling
Etc etc
Best regards
Jürgen Jaritsch Head of Network & Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300 Telefax: +43-5-0556-500
E-Mail: jj@anexia.at Web: http://www.anexia.at
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
-----Original Message----- *From:* Colton Conor [colton.conor@gmail.com] *Received:* Dienstag, 11 Aug. 2015, 20:23 *To:* NANOG [nanog@nanog.org] *Subject:* Branch Location Over The Internet
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under 10.
On Aug 11, 2015 11:22 AM, "Colton Conor" <colton.conor@gmail.com> wrote:
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the
other
side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under
Colton, The Cisco solution for this would be Cisco Intelligent WAN (iWAN) utilizing ASRs and ISRs. iWAN utilizes a combination of DMVPNs and pFR to make this happen. Another name I've heard but have no feedback on is Viptela 10. James
sophus utm is the ideal technology for this requirement and vmware image works well for virtual device colin Sent from my iPhone
On 11 Aug 2015, at 19:21, Colton Conor <colton.conor@gmail.com> wrote:
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under 10.
DMVPN is very flexible, and is designed for this type of scenario. Cisco definitely supports it. Not sure about Juniper, but its essentially mGRE + NHRP. You can use IPSec to encrypt the tunnels, and if you require spoke-to-spoke connectivity, there are some optimizations in Phase-3 DMVPN that make it scalable. I would recommend using BGP as the routing protocol in this type of setup as well. Newer versions of Cisco code support "next-hop-self all", which will allow you to use iBGP between HQ and the branches without having to complicate the config too much. LISP is also a great solution. Its supported across the Cisco product line, and there are other open source implementations. This really simplifies your routing, as you can just rely on static default routes into the "internet" at each branch, and allow LISP to take care of the rest. You can also use encryption ontop of it. Not sure why you think it would be ideal to have a Layer-2 solution...I would personally stay away from it for this type of setup. Regards, Pablo On Tue, Aug 11, 2015 at 2:21 PM, Colton Conor <colton.conor@gmail.com> wrote:
We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80.
They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location.
We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site.
Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address.
What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier.
If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use?
I know there is Pepewave and a couple of other software solutions that seem to have a proprietary load balancing solutions developed, but I would prefer to use a common Cisco or Juniper solution if one exists.
There will be 50 users at the branch office. There is only one branch location at this time, but they might expand to a couple more but under 10.
participants (9)
-
Colin Johnston
-
Colton Conor
-
james machado
-
Job Snijders
-
Josh Luthman
-
Jürgen Jaritsch
-
Mike Hammett
-
Pablo Lucena
-
Patrick Cole