[bdNOG] Cisco VPN Router

Aniruddha Barua aniruddha.barua at colbd.com
Sat Nov 16 00:20:21 BDT 2013


Roman bhai,

Threads. It would be threads. Not threats.;-)

Regards,

ANIRUDDHA BARUA
Email: aniruddha.barua at colbd.com, cto at colbd.com
Cell: +880.1713.111222
Web: http://www.colbd.com


On Nov 15, 2013, at 11:07 PM, Nurul Islam <nurul at apnic.net> wrote:

> I think Momen's question is about the overlay VPN model (5/10 years ago)
> where CPE router create IPSec tunnel (customer data security purpose) and
> SP POP router need to create another tunnel (GRE/IPSec) to isolate their
> routing prefixes. Because several customer or SP infrastructure might use
> the same private address range. I think this overlay VPN model is replaced
> with MPLS L3 VPN where SP do not need to create any GRE/IPSec tunnel to
> isolate their routing prefix. SP now simply create VRF on the POP router
> and individual customer prefixes are isolated by VPNv4 address family etc
> etc.
> 
> By asking "VRF instead of GRE on PE" if you mean MPLS L3/L2 VPN, then yes
> it is available in Dhaka. At least Pseudo-wire for sure. Is VPLS also
> available in Bangladesh?
> 
> What is the required CPE hardware that is also discussed on other reply.
> 
> Thanks to bdNOG community. Keep posting more threats and let everyone
> participate. We need active people to run our NOG.
> 
> Regards
> 
> Roman     
> 
> 
> On 16/11/13 2:14 AM, "Md. Khairul Alam" <khairulbd at yahoo.com> wrote:
> 
>> Hi,
>> 
>> I think the the technology using by the SP is not the main concern of the
>> banks. Banks should have own policy to secure the data transmission
>> between HO and branches. As a customer I must want the maximum
>> availability of the link from the SP and choose the security technology
>> in my routers.
>> 
>> For small branches most are using 1900 series with K9 license I guess and
>> 2900 series for larger bandwidth requirement.
>> 
>> Thanks very much bdNOG for giving us the opportunity to share.
>> 
>> BR//Khairul
>> --------------------------------------------
>> On Fri, 15/11/13, Aniruddha Barua <aniruddha.barua at colbd.com> wrote:
>> 
>> Subject: Re: [bdNOG] Cisco VPN Router
>> To: "NOG list, bdNOG" <nog at bdnog.org>
>> Received: Friday, 15 November, 2013, 6:33 PM
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Dear Mr. Momen,
>> 
>> 
>> 
>> I believe you are asking the question considering the
>> entire architecture, not just from the customer (Bank) or
>> the provider (SP) point of view. If a bank wants to connect
>> their branch routers in Layer 2 over SP network, the SP has
>> to give them either GRE based tunnels (Mikrotik's EoIP
>> or PPTP-Bridge etc., are common technics) or MPLS Layer 2
>> (EoMPLS, VPLS etc.). If a bank wants to connect the branch
>> routers in Layer 3 over SP network, the SP can give them
>> anything from simple routing (Static or Dynamic) to plain
>> VRF (i.e. VRF Lite) to MPLS Layer 3 to even dedicated fiber
>> (this is too much though!!).
>> 
>> 
>> 
>> To maintain information security and confidentiality,
>> regardless of what the SP is providing in its
>> infrastructure, the bank has to encrypt-decrypt (mostly with
>> IPSec) its traffic in between its routers, which will pass
>> through either the Layer 2 tunnels or the Layer 3 routed
>> paths provided by the SP.
>> 
>> 
>> 
>> My question to all is, should banks demand a specific
>> technology like VRF or MPLS or any other from the SP as long
>> as their requirements are met perfectly well by the SP using
>> its current technologies?
>> 
>> 
>> 
>> bdNOG mailing list is on the jazz today. Regards to
>> all,
>> 
>> 
>> 
>> ANIRUDDHA BARUA 
>> 
>> 
>> 
>> Email: aniruddha.barua at colbd.com, cto at colbd.com
>> 
>> 
>> 
>> Cell: +880.1713.111222
>> 
>> 
>> 
>> Web: http://www.colbd.com
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ---------- Original Message
>> -----------
>> 
>> 
>> From: Abdul Momen <abdulmomen918 at gmail.com>
>> 
>> 
>> 
>> To: ariful.islam at totalofftec.com
>> 
>> 
>> 
>> Cc: nog-bounces at bdnog.org, "nog at bdnog.org"
>> <nog at bdnog.org> 
>> 
>> 
>> 
>> Sent: Fri, 15 Nov 2013 17:22:33 +1000
>> 
>> 
>> 
>> Subject: Re: [bdNOG] Cisco VPN Router
>> 
>> 
>> 
>> 
>> 
>>> Thanks everyone.
>> 
>> 
>>> I believe it is mostly ipsec (CPE
>> router) inside GRE(PE router)? Is it possible to get VRF
>> instead of GRE on PE
>> router.
>> 
>> 
>>> Thanks & regards
>> 
>> 
>> 
>> Momen     
>> 
>> 
>>> On Fri, Nov 15, 2013 at 4:37 PM, Arif @
>> TOTALOFFTEC 
>> <ariful.islam at totalofftec.com>
>> wrote:
>> 
>> 
>> I have fortinet wifi router.
>> 
>> 
>> -arif- +8801678005123
>> . Apologies kept short sent from my BlackBerry® smartphone
>> - Airtel
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> 
>> 
>> From: Nurul Islam <nurul at apnic.net>
>> 
>> 
>> Sender: nog-bounces at bdnog.org
>> 
>> 
>> Date: Fri, 15 Nov 2013 06:17:25
>> 
>> 
>> To: fakrul at dhakacom.com<fakrul at dhakacom.com>;
>> nog at bdnog.org<nog at bdnog.org>;
>> Abdul Momen<abdulmomen918 at gmail.com>
>> 
>> 
>> Subject: Re: [bdNOG] Cisco VPN Router
>> 
>> 
>> 
>> Few more on the [UTF-8?]listÅ .MikroTik, Fortigate, What
>> model? what 
>> else?
>> 
>> 
>> 
>> And obviously Cisco. (For the elite class I suppose. :).
>> 
>> 
>> 
>> Regards
>> 
>> 
>> 
>> -Roman
>> 
>> 
>> 
>> On 15/11/13 3:42 PM, "Fakrul Alam" <fakrul at dhakacom.com>
>> wrote:
>> 
>> 
>> 
>> 
>>> Dear Mr Momen,
>> 
>> 
>> 
>> 
>>> Ya, it's mainly 800 series with K9 bundle. I know
>> few banks who use
>> 1900
>> 
>> 
>>> series in metropolitan branches where there is higher
>> b/w & pps
>> 
>> 
>>> requirements.
>> 
>> 
>> 
>> 
>>> Thanks
>> 
>> 
>> 
>> 
>>> Fakrul Alam
>> 
>> 
>> 
>> 
>> 
>> 
>>> On 11/15/13, 6:29 AM, Abdul Momen wrote:
>> 
>> 
>>>> Dear bdnog people,
>> 
>> 
>> 
>> 
>>>> I have a quick question. What are the commonly used
>> VPN router used 
>> in
>> 
>> 
>>>> the
>> 
>> 
>>>> bank brunches in Dhaka. I guess CISCO831-K9 still
>> used in some 
>> places.
>> 
>> 
>>>> Correct? What are other cost effective
>> alternatives.
>> 
>> 
>> 
>> 
>>>> Regards
>> 
>> 
>> 
>> 
>>>> Momen
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>>> _______________________________________________
>> 
>> 
>>>> nog mailing list
>> 
>> 
>>>> nog at bdnog.org
>> 
>> 
>>>> http://mailman.bdnog.org/mailman/listinfo/nog
>> 
>> 
>> 
>> 
>>> _______________________________________________
>> 
>> 
>>> nog mailing list
>> 
>> 
>>> nog at bdnog.org
>> 
>> 
>>> http://mailman.bdnog.org/mailman/listinfo/nog
>> 
>> 
>> 
>> 
>> _______________________________________________
>> 
>> 
>> nog mailing list
>> 
>> 
>> nog at bdnog.org
>> 
>> 
>> http://mailman.bdnog.org/mailman/listinfo/nog
>> 
>> 
>> 
>> 
>> ------- End of Original Message
>> -------
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -----Inline Attachment Follows-----
>> 
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org
>> http://mailman.bdnog.org/mailman/listinfo/nog
>> 
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org
>> http://mailman.bdnog.org/mailman/listinfo/nog
> 
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog


More information about the nog mailing list