Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Contributor II

Re: L3 GRE between S2500 dynamic public IP and Controller with static

To add to previous response:

There could system level limits defined on each of the platforms (7210/7220/7240) depending the  processing power built in.

 

 The expected max cuncurrent IPSec sessions for your deployment would help choose the right platform based on the published specs.(And I suppose those numbers should be w.r.t for single crypto map unless stated explcilty as with multiple...)

Occasional Contributor II

Re: L3 GRE between S2500 dynamic public IP and Controller with static

Thanks so much Vinay. I think ultimately there will be less than 200 sites, so we should be good. A few older RAPs could generate more tunnels than these switches will. Only feature request I will like to make is to permit distribution of static routes, just like any switch or router will do. Any low end router or switch that I come across supporting ospf, does support most functionality of ospf and I would expect the same from controller and switches, if they cannot support multiple instances of the ospf. 

Occasional Contributor II

Re: L3 GRE between S2500 dynamic public IP and Controller with static

Hello Vinay,

 

So another issue I encuntered today was that with two Ipsec tunnels configured, and on one of them going down, the routing table will still keep sending the traffic that way thru the downed tunnel. My understanding is that with tunnel down, the ipsec route shoudl be removed. This is now causing some issues in testing as though I am learning specific routes via ospf, the ipsec static route takes precedence and hence the ospf learned routes do not get installed. The ipsec tunnel routes gets installed as soon as the dst-net statement is configured udner ipsec map and they seem to not go away. I tried to give them higher metric of 120 ( ospf being 110) udner ip-profile on the switch, but they still show up as connected with a metric of 1.

 

Thanks

Occasional Contributor II

Re: L3 GRE between S2500 dynamic public IP and Controller with static

I resolved this issue by creating a loopback address on each controller and then using that as ipsec map source and tunnel source address. Works great now. only thing that I cannot ping when an internet circuit goes down at controller end is the supposed to be always up loopback on the controller from the switch.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: