[183066] in North American Network Operators' Group
Re: Branch Location Over The Internet
daemon@ATHENA.MIT.EDU (Mike Hammett)
Tue Aug 11 20:50:33 2015
X-Original-To: nanog@nanog.org
Date: Tue, 11 Aug 2015 19:50:24 -0500 (CDT)
From: Mike Hammett <nanog@ics-il.net>
To: nanog@nanog.org
In-Reply-To: <CAMDdSzNN0HXPRtnDDUZKa0UGf-jdqAVq3Jyg1T7CzfdFgtkjVg@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
EoIP will tunnel over anything IP, including the public Internet. VPLS will=
only go over your network.=20
-----=20
Mike Hammett=20
Intelligent Computing Solutions=20
http://www.ics-il.com=20
Midwest Internet Exchange=20
http://www.midwest-ix.com=20
----- Original Message -----
From: "Colton Conor" <colton.conor@gmail.com>=20
To: "J=C3=BCrgen Jaritsch" <jj@anexia.at>=20
Cc: nanog@nanog.org=20
Sent: Tuesday, August 11, 2015 5:27:22 PM=20
Subject: Re: Branch Location Over The Internet=20
EoIP seems to be what I am looking for, however this recent Mikrotik=20
session says:=20
EoIP could be a solution for tunneling L2 over L3.=20
=E2=80=A2 EoIP disadvantages: =E2=80=93 Fragmentation of L2 frames over mul=
tiple L3 packets=20
=E2=80=93 Performance issues =E2=80=A2=20
VPLS advantages: =E2=80=93 No fragmentation. =E2=80=93 60% more performance=
then EoIP.=20
So it sounds like VPLS might be better than EoIP? I can't find much about=
=20
EoIP online, so is this a Mikrotik only protocol?=20
On Tue, Aug 11, 2015 at 1:46 PM, J=C3=BCrgen Jaritsch <jj@anexia.at> wrote:=
=20
> Hi,=20
>=20
> Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required:=
=20
> MPLS+OSPF+BGP in the EoIP for additional features.=20
>=20
> Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand=
=20
> it over directly to the MX80 and at the new office you can work with smal=
l=20
> boxes like Cisco 7301 (also available with redundant PS) or if you need=
=20
> more ports: 19xx ...=20
>=20
> #) cheap setup=20
> #) can easily transport a few hundred Meg=20
> #) you can use refurb parts if required=20
> #) big community support for Mikrotik Routerboards=20
> #) encrypted transport possible=20
> #) works with dynamic IPs=20
> #) MPLS in the EoIP allows you to transport VRFs with BGP signaling=20
>=20
> Etc etc=20
>=20
> Best regards=20
>=20
>=20
> J=C3=BCrgen Jaritsch=20
> Head of Network & Infrastructure=20
>=20
> ANEXIA Internetdienstleistungs GmbH=20
>=20
> Telefon: +43-5-0556-300=20
> Telefax: +43-5-0556-500=20
>=20
> E-Mail: jj@anexia.at=20
> Web: http://www.anexia.at=20
>=20
> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra=C3=9Fe 140, 9020 Klagenf=
urt=20
> Gesch=C3=A4ftsf=C3=BChrer: Alexander Windbichler=20
> Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT=20
> U63216601=20
>=20
>=20
>=20
> -----Original Message-----=20
> *From:* Colton Conor [colton.conor@gmail.com]=20
> *Received:* Dienstag, 11 Aug. 2015, 20:23=20
> *To:* NANOG [nanog@nanog.org]=20
> *Subject:* Branch Location Over The Internet=20
>=20
> We have an enterprise that has a headquarter office with redundant fiber=
=20
> connections, its own ASN, its own /22 IP block from ARIN, and a couple of=
=20
> gigabit internet connections from multiple providers. The office is takin=
g=20
> full BGP routes from tier 1 providers using a Juniper MX80.=20
>=20
> They are establishing their first branch location, and need the branch=20
> location to be able to securely communicate back to headquarters, AND be=
=20
> able to use a /24 of headquarters public IP addresses. Ideally the device=
=20
> at the HQ location would hand out public IP address using DHCP to the oth=
er=20
> side of the tunnel at the branch location.=20
>=20
> We know that in an ideal world it would be wise to get layer 2 transport=
=20
> connections from HQ to the branch location, but lets assume that is not a=
n=20
> option. Please don't flood this thread about how it could be an option=20
> because it's not at this time. This setup will be temporary and in servic=
e=20
> for the next year until we get fiber to the branch site.=20
>=20
> Let's assume at the branch location we can get a DOCSIS cable internet=20
> connection from a incumbent cable provider such as Comcast, and that=20
> provider will give us a couple static IP address. Assume as a backup, we=
=20
> have a PPPoE DSL connection from the ILEC such as Verizon who gives us a=
=20
> dynamic IP address.=20
>=20
> What solution could we put at the HQ site and the branch site to achieve=
=20
> this? Ideally we would want the solution to load balance between the=20
> connections based on the connections speeds, and failover if one is down.=
=20
> The cable connection will be much faster speed (probably 150Mbps down and=
=20
> 10 Upload) compared to the DSL connection (10 download and 1 upload). If =
we=20
> need more speed we can upgrade the cable modem to a higher package, but f=
or=20
> DSL that is the max speed so we might have to get multiple DSL lines. The=
=20
> cable solution could always be used as the primary, and the DSL connectio=
n=20
> could only be used as backup if that makes things easier.=20
>=20
> If you were to do this with Juniper or Cisco gear what would you have at=
=20
> each location? What technology would you use?=20
>=20
> I know there is Pepewave and a couple of other software solutions that se=
em=20
> to have a proprietary load balancing solutions developed, but I would=20
> prefer to use a common Cisco or Juniper solution if one exists.=20
>=20
> There will be 50 users at the branch office. There is only one branch=20
> location at this time, but they might expand to a couple more but under 1=
0.=20
>=20
