IPsec is a suite of protocols that is widely used to securely connect remote offices and remote users. It provides the following capabilities. Confidentiality: EncryptionData Integrity: Use of checksums ensure the payload has not been alteredAuthentication: Certifies the sender and recipient of the communicationAnti-Replay: Verifies each packet is unique to thwart attempts to bypass security … Continue reading 1.21 IPsec →

NHRP is an arp-like protocol meant for resolution of dynamic addressing of remote routers across an NBMA network. It allows a Next-Hop client (NHC) to register with a Next-Hop server (NHS). It allows for direct communications between spoke sites on an as-needed basis, which provides for smaller branch routers with fewer resources to communicate across … Continue reading 1.20 Next Hop Resolution Protocol →

GRE, by default, is a point-to-point virtual private network that requires configuration between each pair of routers that you want to transmit traffic between. mGRE overcomes this limitation. mGRE and NHRP is the pairing which provides the basis for building dynamic tunnels in hub and spoke environments. On the hub router, mGRE enables a single … Continue reading 1.19 Multipoint GRE →

The fact is, if you have a WAN environment where your campus hub is connected to multiple remote site spokes and you need the benefits of GRE or IPsec, the amount of configuration required to maintain these static configurations is enormous and impractical. Especially if you're scaling a large number of satellite sites, every time … Continue reading 1.18 Dynamic Multipoint Virtual Private Network →

The Generic Routing Encapsulation (GRE) protocol was developed to tunnel network-layer protocols over an IP network to emulate a virtual point-to-point connection. Originally developed by Cisco, it is now an IETF standard specified in RFC 2784 and updated in RFC 2890. It uses IP protocol number 47. The VPN is not encrypted. What it does … Continue reading 1.17 Routing over a GRE Tunnel →

VPN solutions can be categorized into three main groups: MPLS VPNs - An ISP uses labels distributed among its core routers (see also previous section)L3 MPLS - Peers with provider PE device, and usually distributes traffic to multi-protocol BGP (MP-BGP) for WAN transmissionL2 MPLS - Direct peering between customer site routers; PE device appears as … Continue reading 1.16 Connectivity Overview →

MPLS is a transport mechanism that is developed to carry data over a packet-switched network, and can seamlessly operate between L2 and L3 services. Therefore, there are effectively two types of MPLS VPNs available to enterprise customers today. L2 MPLS VPNs - (Sometimes called VPLS), these are logically connected by switching, and the customer manages … Continue reading 1.15 Routing Across MPLS VPNs →

There are a number of options for connecting remote sites to the enterprise campus. It makes sense to use the internet because it's highly-redundant, high-bandwidth, and cost-effective. However, it presents challenges. Routers are not directly connectedPublic IP addressing is requiredThe internet is not inherently secureThere is no quality-of-service guarantee The solution is therefore to use … Continue reading 1.14 Routing over the Internet →

There are three ways NBMA networks are typically deployed. Hub and Spoke: Pros= Ease of deployment, Easy to troubleshoot, Site Isolation; Cons = Redundancy Concerns if a non-redundant hub router failsFull Mesh: Pros = Redundancy, Direct Connectivity between all nodes on network eliminates the need to traverse a central hub; Cons = Expensive to implement … Continue reading 1.13 Non-Broadcast Multiple-Access Networks →

There are three principal network topologies that should be considered when choosing a routing protocol to pair with them to avoid misconfiguration or sub-optimal routing behavior. Point-to-Point: Simplest type of topology to configure. Connects a single pair of routers, where traffic is transmitted exclusively on a 1:1 basis. Traffic sent from one end of the … Continue reading 1.12 Network Types →