Follow-up:
So supposedly one CAN run OSPF across an IPsec tunnel if you use
non-broadcast mode, but I'm nervous about crypto ACLs and the potential
ongoing maintenance required.
Would still prefer a simpler IPsec-encrypted GRE tunnel solution ... :)
On 11/26/24 19:34, Bryan Holloway via cisco-nsp wrote:
Use-case:
Network with several inter-colo WAN links and decent redundancy, but hey
-- things break. Need to keep certain management (think VRF) things
working across severed portions of the network after enough backhoes
have had their way with us.
Running mostly IOS-XR 6.5.3 everywhere.
I'd like to build a couple of tunnels and run high-cost OSPF across them
for fail-over situations. Since OSPF generally doesn't work over IPsec,
I've been looking at IPsec-encrypted GRE tunnels, but I haven't found
any good examples (at least not using IOS-XR.) Plenty of ones for IOS,
but ...
Curious if anyone in the community has made this work ...
Or should I be looking in a different direction?
Thank you in advance!
- bryan
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
