Minor correction. Traffic will still be CEF switched but will be
software CEF switched not MLS CEF switched.
This is a limitation of the EARL 7 generation of forwarding engines.
GRE decap can only be done based on dest IP so you need a unique IP
endpoint for each tunnel. This is not a problem on any software
platform as there is no ASIC to be subject to this limitation.
For DMVPN w/ IPSEC you can use the same IP address for two mGRE
tunnels as long as you use the same crypto profile and the shared KW.
-Ben
On Dec 3, 2010, at 9:26 AM, Tomas Daniska wrote:
Folks,
for HW based platforms it's needed to have a dedicated source IP
address for each tunnel in order to have the tunnels CEF switched in
hardware, due to ASIC limitations, and not process-switched.
Does anyone know if this applies to CPU based platforms as well,
such as 87x/88x? I need to terminate two distinct VPNs using VRF
lite, and definitely don't want the traffic end up being punted at
the spokes. Sharing the same PPPoE dialer IP would simplify things,
if it's supported. The setup is 2xDMVPN tunnel with GDOI protection.
Thanks much
--
Tomas Daniska
Senior CSE/BDM
Soitron, a.s.
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224000, fax: +421 2 58224520
The new IANA definition: IP Addresses Not Available
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
