Mailing List Archive

Note to the list - one of our vendors pointed out that I made an error - the equipment at the corporate end is actually a FCX-648 with the Premium license.


________________________________
From: foundry-nsp <foundry-nsp-bounces@puck.nether.net> on behalf of Derek Maxwell <derek.maxwell@chosentechgroup.com>
Sent: Thursday, June 14, 2018 7:55 PM
To: foundry-nsp@puck.nether.net
Subject: [f-nsp] GRE Tunnel - Foundry RX-4 to FESX-648 PREM over Public Internet


Not sure if this is possible, but curious if anyone has any ideas for the config.


We have a few /24s that we announce in our datacenter over BGP (Foundry RX-4)

We have a statically routed /28 from AT&T at our corporate office (FESX-648 PREM as a Layer 3 switch)

Due to an IP address shortage, we need to route back a /28 carved out of our datacenter IP address space to the corporate office. I know this is doable via a GRE tunnel, but not sure where to start with a config.


Any suggestions on execution for this scenario, or am I wrong that it will work?


--Derek Maxwell

Chosen Technology Group / Chosen Payments

The problem you are going to run into is routing outbound traffic the
proper way. There the solutions I can come up with are policy based
routing (which doesn't seem very elegant) and VRF-lite (not sure if or how
well supported it is in your device).

For policy based, BGP session from corporate office over GRE to advertise
your new route and route map on any interface that may receive traffic from
the new network that sends internet traffic across the GRE tunnel.

For the route map, you need an ACL that denys any local traffic then
permits 0.0.0.0/0, then use that to set the next hop to the other side of
the GRE tunnel. It kind of defeats the purpose of dynamic routing.

If the corporate device supports VRF-lite, you could create a vrf for that
network, peer it with the datacenter via GRE for a default route, and peer
it with the default vrf for local routes. Read the docs, though... you
often lose a lot of functionality on an interface that has a VRF on Brocade
devices.

--
Eldon


On Fri, Jun 15, 2018, 08:16 Derek Maxwell <derek.maxwell@chosentechgroup.com>
wrote:

> Note to the list - one of our vendors pointed out that I made an error -
> the equipment at the corporate end is actually a FCX-648 with the Premium
> license.
>
>
>
> ------------------------------
> *From:* foundry-nsp <foundry-nsp-bounces@puck.nether.net> on behalf of
> Derek Maxwell <derek.maxwell@chosentechgroup.com>
> *Sent:* Thursday, June 14, 2018 7:55 PM
> *To:* foundry-nsp@puck.nether.net
> *Subject:* [f-nsp] GRE Tunnel - Foundry RX-4 to FESX-648 PREM over Public
> Internet
>
>
> Not sure if this is possible, but curious if anyone has any ideas for the
> config.
>
>
> We have a few /24s that we announce in our datacenter over BGP (Foundry
> RX-4)
>
>
> We have a statically routed /28 from AT&T at our corporate office
> (FESX-648 PREM as a Layer 3 switch)
>
>
> Due to an IP address shortage, we need to route back a /28 carved out of
> our datacenter IP address space to the corporate office. I know this is
> doable via a GRE tunnel, but not sure where to start with a config.
>
>
> Any suggestions on execution for this scenario, or am I wrong that it will
> work?
>
>
> --Derek Maxwell
>
> Chosen Technology Group / Chosen Payments
>
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>