[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC tunnels for LAN-to-LAN interop issue
Fully mesh thousands of sites? That's going to be a problem with IPSec
by itself unless you also have some automagic tunnel endpoint discovery
mechanism. So I don't think that, in and of itself, is a valid reason to
not use BGP. You'd hit a scaling wall either way (and administration of
1000 fully meshed GRE tunnels is not trivial).
Redistribution of BGP routes into a "true IGP" is something that is done
everyday throughout the world so that too I don't see as a problem.
I guess it comes down to administration. Eliminating the need to
administer a tunnel interface whose sole purpose is to tunnel routing
protocols seems like a win. One less thing to worry about. And it eliminates
the security issues that Steve K was talking about too. Win-win.
Dan.
On Wed, 01 Sep 1999 02:43:31 PDT you wrote
>
>
> Dan,
>
> Dan> So let me ask again, what is the problem with BGP?
>
> Granted BGP is one way to get reachability information in this context, I do
>not
> aggree that it is the right tool.
> IBGP is meant for other purposes than being an IGP. Besides having to mainta
>in
> TCP connections with the peers
> (which could be a problem if you want to fully mesh thousands of sites - and
> you'd want a route reflector),
> you might actually want to redistribute BGP routes to the true IGP in most
> environments where the IGP is incumbent.
> Also you have increased the layers of route convergence. Administratively BG
>P
> adds another task.
> Now you have to administer the BGP policies on the peers such that the prefix
>es
> are announced and so far we are
> dealing with just one remote SGW. Imagine thousands of such remote sites. I
> believe what routing protocols are used should
> strictly be an administrative decision which was implied in this thread.
>
> Dan> BGP is a _much_ simpler protocol
>
> Perhaps in implementation. Not in deployment when the network is large.
> I absolutely like BGP but in this context using BGP just to get intranet
> reachability information
> would be like watering plants with a BobCat:-).
>
> /sudeep
>
>
>
>
References: