[bdNOG] Cisco VPN Router

Fri Nov 15 23:07:35 BDT 2013

I think Momen's question is about the overlay VPN model (5/10 years ago)
where CPE router create IPSec tunnel (customer data security purpose) and
SP POP router need to create another tunnel (GRE/IPSec) to isolate their
routing prefixes. Because several customer or SP infrastructure might use
the same private address range. I think this overlay VPN model is replaced
with MPLS L3 VPN where SP do not need to create any GRE/IPSec tunnel to
isolate their routing prefix. SP now simply create VRF on the POP router
and individual customer prefixes are isolated by VPNv4 address family etc
etc.

By asking "VRF instead of GRE on PE" if you mean MPLS L3/L2 VPN, then yes
it is available in Dhaka. At least Pseudo-wire for sure. Is VPLS also
available in Bangladesh?

What is the required CPE hardware that is also discussed on other reply.

Thanks to bdNOG community. Keep posting more threats and let everyone
participate. We need active people to run our NOG.

Regards

Roman     

On 16/11/13 2:14 AM, "Md. Khairul Alam" <khairulbd at yahoo.com> wrote:

>Hi,
>
>I think the the technology using by the SP is not the main concern of the
>banks. Banks should have own policy to secure the data transmission
>between HO and branches. As a customer I must want the maximum
>availability of the link from the SP and choose the security technology
>in my routers.
>
>For small branches most are using 1900 series with K9 license I guess and
>2900 series for larger bandwidth requirement.
>
>Thanks very much bdNOG for giving us the opportunity to share.
>
>BR//Khairul
>--------------------------------------------
>On Fri, 15/11/13, Aniruddha Barua <aniruddha.barua at colbd.com> wrote:
>
> Subject: Re: [bdNOG] Cisco VPN Router
> To: "NOG list, bdNOG" <nog at bdnog.org>
> Received: Friday, 15 November, 2013, 6:33 PM
> 
> 
> 
>  
>  
> 
> 
> 
> Dear Mr. Momen,
> 
> 
> 
> I believe you are asking the question considering the
> entire architecture, not just from the customer (Bank) or
> the provider (SP) point of view. If a bank wants to connect
> their branch routers in Layer 2 over SP network, the SP has
> to give them either GRE based tunnels (Mikrotik's EoIP
> or PPTP-Bridge etc., are common technics) or MPLS Layer 2
> (EoMPLS, VPLS etc.). If a bank wants to connect the branch
> routers in Layer 3 over SP network, the SP can give them
> anything from simple routing (Static or Dynamic) to plain
> VRF (i.e. VRF Lite) to MPLS Layer 3 to even dedicated fiber
> (this is too much though!!).
> 
> 
> 
> To maintain information security and confidentiality,
> regardless of what the SP is providing in its
> infrastructure, the bank has to encrypt-decrypt (mostly with
> IPSec) its traffic in between its routers, which will pass
> through either the Layer 2 tunnels or the Layer 3 routed
> paths provided by the SP.
> 
> 
> 
> My question to all is, should banks demand a specific
> technology like VRF or MPLS or any other from the SP as long
> as their requirements are met perfectly well by the SP using
> its current technologies?
> 
> 
> 
> bdNOG mailing list is on the jazz today. Regards to
> all,
> 
> 
> 
> ANIRUDDHA BARUA 
> 
> 
> 
> Email: aniruddha.barua at colbd.com, cto at colbd.com
> 
> 
> 
> Cell: +880.1713.111222
> 
> 
> 
> Web: http://www.colbd.com
> 
> 
> 
> 
> 
> 
> 
> ---------- Original Message
> -----------
> 
> 
> From: Abdul Momen <abdulmomen918 at gmail.com>
> 
> 
> 
> To: ariful.islam at totalofftec.com
> 
> 
> 
> Cc: nog-bounces at bdnog.org, "nog at bdnog.org"
> <nog at bdnog.org> 
> 
> 
> 
> Sent: Fri, 15 Nov 2013 17:22:33 +1000
> 
> 
> 
> Subject: Re: [bdNOG] Cisco VPN Router
> 
> 
> 
> 
> 
> > Thanks everyone.
> 
> > 
> 
> > I believe it is mostly ipsec (CPE
> router) inside GRE(PE router)? Is it possible to get VRF
> instead of GRE on PE
> router.
> 
> > 
> 
> > Thanks & regards
> 
> > 
> 
> > 
> 
> Momen     
> 
> > 
> 
> > On Fri, Nov 15, 2013 at 4:37 PM, Arif @
> TOTALOFFTEC 
> <ariful.islam at totalofftec.com>
> wrote:
> 
> > 
> 
> I have fortinet wifi router.
> 
> > 
> 
> -arif- +8801678005123
> . Apologies kept short sent from my BlackBerry® smartphone
> - Airtel
> 
> > 
> 
> 
> > 
> 
> -----Original Message-----
> 
> > 
> 
> From: Nurul Islam <nurul at apnic.net>
> 
> > 
> 
> Sender: nog-bounces at bdnog.org
> 
> > 
> 
> Date: Fri, 15 Nov 2013 06:17:25
> 
> > 
> 
> To: fakrul at dhakacom.com<fakrul at dhakacom.com>;
> nog at bdnog.org<nog at bdnog.org>;
> Abdul Momen<abdulmomen918 at gmail.com>
> 
> > 
> 
> Subject: Re: [bdNOG] Cisco VPN Router
> 
> > 
> 
> > 
> 
> Few more on the [UTF-8?]listÅ .MikroTik, Fortigate, What
> model? what 
> else?
> 
> > 
> 
> > 
> 
> And obviously Cisco. (For the elite class I suppose. :).
> 
> > 
> 
> > 
> 
> Regards
> 
> > 
> 
> > 
> 
> -Roman
> 
> > 
> 
> > 
> 
> On 15/11/13 3:42 PM, "Fakrul Alam" <fakrul at dhakacom.com>
> wrote:
> 
> > 
> 
> 
> > 
> 
> >Dear Mr Momen,
> 
> > 
> 
> >
> 
> > 
> 
> >Ya, it's mainly 800 series with K9 bundle. I know
> few banks who use
> 1900
> 
> > 
> 
> >series in metropolitan branches where there is higher
> b/w & pps
> 
> > 
> 
> >requirements.
> 
> > 
> 
> >
> 
> > 
> 
> >Thanks
> 
> > 
> 
> >
> 
> > 
> 
> >Fakrul Alam
> 
> > 
> 
> >
> 
> > 
> 
> >
> 
> > 
> 
> >On 11/15/13, 6:29 AM, Abdul Momen wrote:
> 
> > 
> 
> >> Dear bdnog people,
> 
> > 
> 
> >>
> 
> > 
> 
> >> I have a quick question. What are the commonly used
> VPN router used 
> in
> 
> > 
> 
> >>the
> 
> > 
> 
> >> bank brunches in Dhaka. I guess CISCO831-K9 still
> used in some 
> places.
> 
> > 
> 
> >> Correct? What are other cost effective
> alternatives.
> 
> > 
> 
> >>
> 
> > 
> 
> >> Regards
> 
> > 
> 
> >>
> 
> > 
> 
> >> Momen
> 
> > 
> 
> >>
> 
> > 
> 
> >>
> 
> > 
> 
> >>
> 
> > 
> 
> >> _______________________________________________
> 
> > 
> 
> >> nog mailing list
> 
> > 
> 
> >> nog at bdnog.org
> 
> > 
> 
> >> http://mailman.bdnog.org/mailman/listinfo/nog
> 
> > 
> 
> >>
> 
> > 
> 
> >_______________________________________________
> 
> > 
> 
> >nog mailing list
> 
> > 
> 
> >nog at bdnog.org
> 
> > 
> 
> >http://mailman.bdnog.org/mailman/listinfo/nog
> 
> > 
> 
> 
> > 
> 
> _______________________________________________
> 
> > 
> 
> nog mailing list
> 
> > 
> 
> nog at bdnog.org
> 
> > 
> 
> http://mailman.bdnog.org/mailman/listinfo/nog
> 
> > 
> 
> 
> 
> ------- End of Original Message
> -------
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Inline Attachment Follows-----
> 
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
> 
>_______________________________________________
>nog mailing list
>nog at bdnog.org
>http://mailman.bdnog.org/mailman/listinfo/nog