Hi Arie,
I definitely would like to define a fixed IP to the customer, but on the WAN
side the CPE is configured by a third party provider (an access provider).
So in fact, I can't get my hands on the CPE. So the idea was to place an
L2TP Client behind the CPE (on LAN side) which makes the connection outbound
to my Router. My router terminates the L2TP Tunnel.
When my router recognizes the L2TP Connect, my router provides an IP address
statically of my pool to the client's interface.
Furthermore, my router will insert a somewhat static route to the client in
his routing table, so the customer will be reachable through this IP. In
detail, the customer L2TP Server has 2 NICs, one points to the CPE and has
masked IP Adresses (e.g. 192.168.X.X) and the other one should route the
ofically routed net, my router is sending (like AAA.BBB.CCC.DDD).
With this tunnel, I would be able to tunnel other data packets to the client
as well as speak bgp to the client though still use my IP space.
At last, the customers computers would be reachable through the L2TP tunnel
and the IP addresses would be from my nets.
The only trick is: The client as a access network from another provider and
I can't get hands on the configuration of his CPE. Furthermore, the external
IP address of the customer might change from day to day.
For reliability, I would prefer fiber, of course. But the next fiber is
approx. 2 miles away and digging is approx. 40k EUROS (!).
So, I am looking for a solution to provide BGP redundancy to smaller
customers (e.g. 50 Users) even at locations, where I can not do what I want.
This would make it possible for customers with provider independent address
space to have bgp with 2 neigbors (e.g. one is thier standard ISP with a
fast line (100Mbps), one is the backup ISP (e.g. 20 Mbps via G.SHDSL .).
Cheers,
John
From: arievayner@gmail.com [mailto:arievayner@gmail.com] On Behalf Of Arie
Vayner
Sent: Wednesday, January 19, 2011 8:58 PM
To: John Fitzgerald
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] L2TP on dynamic IP
John,
What would most likely be a better solution for both solutions is to assign
the customer a fixed IP allocated from RADIUS when they connect over L2TP (I
assume PPP...)
This will allow you to have a static BGP session with the statically
allocated IP address.
Another option is to look at the BGP dynamic neighbors feature:
http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/brbpe er.html#wp1131929
For IPSec there are quite a few solutions for IPSec sessions with dynamic
peers.
I think this could be a good starting point:
http://www.cisco.com/en/US/products/ps6635/prod_white_papers_list.html Arie
On Wed, Jan 19, 2011 at 8:23 PM, John Fitzgerald
<john.fitzgerald@internet.de> wrote:
Hi,
I've got two design questions:
1. Is it possible to map a net via L2TP (IPv4 PI Space) to a client, which
comes from a dynamic IP Address? E.g he has RIPE PI Space AAA.BBB.CCC.DDD
and as he connects, routers will allow traffic to his network
AAA.BBB.CCC.DDD and BGPv4 will recognize an will aloe route servers to be
changed...
2. Is it possible to have the IPSec with (1.)?
Cheers,
John
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba