Point to MultiPoint VPN w/qos
Greetings We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers. Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ? Thanks -Optimistic
Yes, a SonicWALL NSA 240 has 8 interfaces built in.... This sounds like a very fun project....
Date: Tue, 6 Sep 2011 08:49:13 -0500 Subject: Point to MultiPoint VPN w/qos From: positivelyoptimistic@gmail.com To: nanog@nanog.org
Greetings
We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers.
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Thanks -Optimistic
I would go with Cisco's DMVPN, and its multiple endpoint offerings. A 19xx router sounds like it would meet your needs for the remotes. Spoke-to-Spoke tunnels are created on-demand, can use dynamic routing, and it supports multicast for things like Music on Hold, etc. Contact me offline and I can share more. -Brant On 9/6/11 10:19 AM, "Brandon Kim" <brandon.kim@brandontek.com> wrote:
Yes, a SonicWALL NSA 240 has 8 interfaces built in....
This sounds like a very fun project....
Date: Tue, 6 Sep 2011 08:49:13 -0500 Subject: Point to MultiPoint VPN w/qos From: positivelyoptimistic@gmail.com To: nanog@nanog.org
Greetings
We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers.
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Thanks -Optimistic
DMVPN would only work with 100% cisco hardware right? -----Original Message----- From: Brant I. Stevens [mailto:branto@networking-architecture.com] Sent: Tuesday, September 06, 2011 10:26 AM To: Brandon Kim; positivelyoptimistic@gmail.com; nanog group Subject: Re: Point to MultiPoint VPN w/qos I would go with Cisco's DMVPN, and its multiple endpoint offerings. A 19xx router sounds like it would meet your needs for the remotes. Spoke-to-Spoke tunnels are created on-demand, can use dynamic routing, and it supports multicast for things like Music on Hold, etc. Contact me offline and I can share more. -Brant On 9/6/11 10:19 AM, "Brandon Kim" <brandon.kim@brandontek.com> wrote:
Yes, a SonicWALL NSA 240 has 8 interfaces built in....
This sounds like a very fun project....
Date: Tue, 6 Sep 2011 08:49:13 -0500 Subject: Point to MultiPoint VPN w/qos From: positivelyoptimistic@gmail.com To: nanog@nanog.org
Greetings
We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers.
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Thanks -Optimistic
Correct. But it works very well and is really simple to build and manage. We use 8xx routers on our spokes, very cheap. On 09/06/2011 01:22 PM, Ryan Finnesey wrote:
DMVPN would only work with 100% cisco hardware right?
-----Original Message----- From: Brant I. Stevens [mailto:branto@networking-architecture.com] Sent: Tuesday, September 06, 2011 10:26 AM To: Brandon Kim; positivelyoptimistic@gmail.com; nanog group Subject: Re: Point to MultiPoint VPN w/qos
I would go with Cisco's DMVPN, and its multiple endpoint offerings. A 19xx router sounds like it would meet your needs for the remotes.
Spoke-to-Spoke tunnels are created on-demand, can use dynamic routing, and it supports multicast for things like Music on Hold, etc.
Contact me offline and I can share more.
-Brant
On 9/6/11 10:19 AM, "Brandon Kim"<brandon.kim@brandontek.com> wrote:
Yes, a SonicWALL NSA 240 has 8 interfaces built in....
This sounds like a very fun project....
Date: Tue, 6 Sep 2011 08:49:13 -0500 Subject: Point to MultiPoint VPN w/qos From: positivelyoptimistic@gmail.com To: nanog@nanog.org
Greetings
We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers.
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Thanks -Optimistic
Yes, but look in 891s at the remotes, the 19xx are too expensive for only 4 devices.... Just my 2c Sent from my iPhone On Sep 6, 2011, at 10:22, "Ryan Finnesey" <rfinnesey@gmail.com> wrote:
DMVPN would only work with 100% cisco hardware right?
-----Original Message----- From: Brant I. Stevens [mailto:branto@networking-architecture.com] Sent: Tuesday, September 06, 2011 10:26 AM To: Brandon Kim; positivelyoptimistic@gmail.com; nanog group Subject: Re: Point to MultiPoint VPN w/qos
I would go with Cisco's DMVPN, and its multiple endpoint offerings. A 19xx router sounds like it would meet your needs for the remotes.
Spoke-to-Spoke tunnels are created on-demand, can use dynamic routing, and it supports multicast for things like Music on Hold, etc.
Contact me offline and I can share more.
-Brant
On 9/6/11 10:19 AM, "Brandon Kim" <brandon.kim@brandontek.com> wrote:
Yes, a SonicWALL NSA 240 has 8 interfaces built in....
This sounds like a very fun project....
Date: Tue, 6 Sep 2011 08:49:13 -0500 Subject: Point to MultiPoint VPN w/qos From: positivelyoptimistic@gmail.com To: nanog@nanog.org
Greetings
We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers.
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Thanks -Optimistic
IFRC, the 19xx and 18xx are slower than the new 89x series. We are transitioning away from 18xx because of limitations on the platform that the 89x doesn't have. When the 18xx came out a few years ago they were amazing, the new 89x are even better. Dylan -----Original Message----- From: Garrett Skjelstad [mailto:garrett@skjelstad.org] Sent: Tuesday, September 06, 2011 12:34 PM To: Ryan Finnesey Cc: nanoggroup Subject: Re: Point to MultiPoint VPN w/qos Yes, but look in 891s at the remotes, the 19xx are too expensive for only 4 devices.... Just my 2c Sent from my iPhone On Sep 6, 2011, at 10:22, "Ryan Finnesey" <rfinnesey@gmail.com> wrote:
DMVPN would only work with 100% cisco hardware right?
-----Original Message----- From: Brant I. Stevens [mailto:branto@networking-architecture.com] Sent: Tuesday, September 06, 2011 10:26 AM To: Brandon Kim; positivelyoptimistic@gmail.com; nanog group Subject: Re: Point to MultiPoint VPN w/qos
I would go with Cisco's DMVPN, and its multiple endpoint offerings. A 19xx router sounds like it would meet your needs for the remotes.
Spoke-to-Spoke tunnels are created on-demand, can use dynamic routing, and it supports multicast for things like Music on Hold, etc.
Contact me offline and I can share more.
-Brant
On 9/6/11 10:19 AM, "Brandon Kim" <brandon.kim@brandontek.com> wrote:
Yes, a SonicWALL NSA 240 has 8 interfaces built in....
This sounds like a very fun project....
Date: Tue, 6 Sep 2011 08:49:13 -0500 Subject: Point to MultiPoint VPN w/qos From: positivelyoptimistic@gmail.com To: nanog@nanog.org
Greetings
We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers.
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Thanks -Optimistic
I'd say the 89x platform is the way to go if 8 ports weren't needed. Correct me if i am wrong... Sent from my iPad On Sep 6, 2011, at 1:34 PM, "Garrett Skjelstad" <garrett@skjelstad.org> wrote:
Yes, but look in 891s at the remotes, the 19xx are too expensive for only 4 devices.... Just my 2c
Sent from my iPhone
On Sep 6, 2011, at 10:22, "Ryan Finnesey" <rfinnesey@gmail.com> wrote:
DMVPN would only work with 100% cisco hardware right?
-----Original Message----- From: Brant I. Stevens [mailto:branto@networking-architecture.com] Sent: Tuesday, September 06, 2011 10:26 AM To: Brandon Kim; positivelyoptimistic@gmail.com; nanog group Subject: Re: Point to MultiPoint VPN w/qos
I would go with Cisco's DMVPN, and its multiple endpoint offerings. A 19xx router sounds like it would meet your needs for the remotes.
Spoke-to-Spoke tunnels are created on-demand, can use dynamic routing, and it supports multicast for things like Music on Hold, etc.
Contact me offline and I can share more.
-Brant
On 9/6/11 10:19 AM, "Brandon Kim" <brandon.kim@brandontek.com> wrote:
Yes, a SonicWALL NSA 240 has 8 interfaces built in....
This sounds like a very fun project....
Date: Tue, 6 Sep 2011 08:49:13 -0500 Subject: Point to MultiPoint VPN w/qos From: positivelyoptimistic@gmail.com To: nanog@nanog.org
Greetings
We have acquired a new client that has 98 remote endpoints. At each site there is a need for 4 ip telephones and two vpn tunnels back to two separate datacenters. (1 voice, 1 citrix farm). The sites don't talk to each other, just to the two data centers.
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Thanks -Optimistic
it does. The older 87x only had a 4 port. The new 89x are the replacement for the 181x series. Dylan -----Original Message----- From: Seth Mattinen [mailto:sethm@rollernet.us] Sent: Tuesday, September 06, 2011 1:17 PM To: nanog@nanog.org Subject: Re: Point to MultiPoint VPN w/qos On 9/6/11 11:10 AM, Brant I. Stevens wrote:
I'd say the 89x platform is the way to go if 8 ports weren't needed. Correct me if i am wrong...
I believe the 89x have a built-in 8 port switch plus 2 WAN Ethernet. ~Seth
I stand corrected. Sent from my iPad On Sep 6, 2011, at 2:19 PM, "Dylan Ebner" <dylan.ebner@crlmed.com> wrote:
it does. The older 87x only had a 4 port. The new 89x are the replacement for the 181x series.
Dylan -----Original Message----- From: Seth Mattinen [mailto:sethm@rollernet.us] Sent: Tuesday, September 06, 2011 1:17 PM To: nanog@nanog.org Subject: Re: Point to MultiPoint VPN w/qos
On 9/6/11 11:10 AM, Brant I. Stevens wrote:
I'd say the 89x platform is the way to go if 8 ports weren't needed. Correct me if i am wrong...
I believe the 89x have a built-in 8 port switch plus 2 WAN Ethernet.
~Seth
On 6-9-2011 15:49, Positively Optimistic wrote:
Greetings
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Single piece of hardware, no. If 2, then yes. A PCengines Alix 2D3 with pfSense/m0n0wall and OpenVPN UDP tunnels to the datacenter combined with a Power over Ethernet switch would seem a likely combination. A HP Procurve 8 Port gigabit desktop switch with PoE comes to mind. Not too expensive, fanless, quiet, reliable does VLANS. That way you can power the router and phones from the same (smallish) UPS. Say a 700VA APC. Regards, Seth
CheckPoint Series 80 has 10 ports. I think there is a Juniper option as well. -Hammer- "I was a normal American nerd" -Jack Herer On 09/06/2011 09:36 AM, Seth Mos wrote:
On 6-9-2011 15:49, Positively Optimistic wrote:
Greetings
Does anyone have a suggestion for a single piece of hardware that would support 8 or less Ethernet interfaces and the two vpn tunnels ?
Single piece of hardware, no. If 2, then yes.
A PCengines Alix 2D3 with pfSense/m0n0wall and OpenVPN UDP tunnels to the datacenter combined with a Power over Ethernet switch would seem a likely combination. A HP Procurve 8 Port gigabit desktop switch with PoE comes to mind. Not too expensive, fanless, quiet, reliable does VLANS.
That way you can power the router and phones from the same (smallish) UPS. Say a 700VA APC.
Regards, Seth
participants (10)
-
-Hammer-
-
Brandon Kim
-
Brant I. Stevens
-
Dylan Ebner
-
Garrett Skjelstad
-
Jason LeBlanc
-
Positively Optimistic
-
Ryan Finnesey
-
Seth Mattinen
-
Seth Mos