[bdNOG] Cisco VPN Router
Aniruddha Barua
aniruddha.barua at colbd.com
Sat Nov 16 00:20:21 BDT 2013
Roman bhai,
Threads. It would be threads. Not threats.;-)
Regards,
ANIRUDDHA BARUA
Email: aniruddha.barua at colbd.com, cto at colbd.com
Cell: +880.1713.111222
Web: http://www.colbd.com
On Nov 15, 2013, at 11:07 PM, Nurul Islam <nurul at apnic.net> wrote:
> I think Momen's question is about the overlay VPN model (5/10 years ago)
> where CPE router create IPSec tunnel (customer data security purpose) and
> SP POP router need to create another tunnel (GRE/IPSec) to isolate their
> routing prefixes. Because several customer or SP infrastructure might use
> the same private address range. I think this overlay VPN model is replaced
> with MPLS L3 VPN where SP do not need to create any GRE/IPSec tunnel to
> isolate their routing prefix. SP now simply create VRF on the POP router
> and individual customer prefixes are isolated by VPNv4 address family etc
> etc.
>
> By asking "VRF instead of GRE on PE" if you mean MPLS L3/L2 VPN, then yes
> it is available in Dhaka. At least Pseudo-wire for sure. Is VPLS also
> available in Bangladesh?
>
> What is the required CPE hardware that is also discussed on other reply.
>
> Thanks to bdNOG community. Keep posting more threats and let everyone
> participate. We need active people to run our NOG.
>
> Regards
>
> Roman
>
>
> On 16/11/13 2:14 AM, "Md. Khairul Alam" <khairulbd at yahoo.com> wrote:
>
>> Hi,
>>
>> I think the the technology using by the SP is not the main concern of the
>> banks. Banks should have own policy to secure the data transmission
>> between HO and branches. As a customer I must want the maximum
>> availability of the link from the SP and choose the security technology
>> in my routers.
>>
>> For small branches most are using 1900 series with K9 license I guess and
>> 2900 series for larger bandwidth requirement.
>>
>> Thanks very much bdNOG for giving us the opportunity to share.
>>
>> BR//Khairul
>> --------------------------------------------
>> On Fri, 15/11/13, Aniruddha Barua <aniruddha.barua at colbd.com> wrote:
>>
>> Subject: Re: [bdNOG] Cisco VPN Router
>> To: "NOG list, bdNOG" <nog at bdnog.org>
>> Received: Friday, 15 November, 2013, 6:33 PM
>>
>>
>>
>>
>>
>>
>>
>>
>> Dear Mr. Momen,
>>
>>
>>
>> I believe you are asking the question considering the
>> entire architecture, not just from the customer (Bank) or
>> the provider (SP) point of view. If a bank wants to connect
>> their branch routers in Layer 2 over SP network, the SP has
>> to give them either GRE based tunnels (Mikrotik's EoIP
>> or PPTP-Bridge etc., are common technics) or MPLS Layer 2
>> (EoMPLS, VPLS etc.). If a bank wants to connect the branch
>> routers in Layer 3 over SP network, the SP can give them
>> anything from simple routing (Static or Dynamic) to plain
>> VRF (i.e. VRF Lite) to MPLS Layer 3 to even dedicated fiber
>> (this is too much though!!).
>>
>>
>>
>> To maintain information security and confidentiality,
>> regardless of what the SP is providing in its
>> infrastructure, the bank has to encrypt-decrypt (mostly with
>> IPSec) its traffic in between its routers, which will pass
>> through either the Layer 2 tunnels or the Layer 3 routed
>> paths provided by the SP.
>>
>>
>>
>> My question to all is, should banks demand a specific
>> technology like VRF or MPLS or any other from the SP as long
>> as their requirements are met perfectly well by the SP using
>> its current technologies?
>>
>>
>>
>> bdNOG mailing list is on the jazz today. Regards to
>> all,
>>
>>
>>
>> ANIRUDDHA BARUA
>>
>>
>>
>> Email: aniruddha.barua at colbd.com, cto at colbd.com
>>
>>
>>
>> Cell: +880.1713.111222
>>
>>
>>
>> Web: http://www.colbd.com
>>
>>
>>
>>
>>
>>
>>
>> ---------- Original Message
>> -----------
>>
>>
>> From: Abdul Momen <abdulmomen918 at gmail.com>
>>
>>
>>
>> To: ariful.islam at totalofftec.com
>>
>>
>>
>> Cc: nog-bounces at bdnog.org, "nog at bdnog.org"
>> <nog at bdnog.org>
>>
>>
>>
>> Sent: Fri, 15 Nov 2013 17:22:33 +1000
>>
>>
>>
>> Subject: Re: [bdNOG] Cisco VPN Router
>>
>>
>>
>>
>>
>>> Thanks everyone.
>>
>>
>>> I believe it is mostly ipsec (CPE
>> router) inside GRE(PE router)? Is it possible to get VRF
>> instead of GRE on PE
>> router.
>>
>>
>>> Thanks & regards
>>
>>
>>
>> Momen
>>
>>
>>> On Fri, Nov 15, 2013 at 4:37 PM, Arif @
>> TOTALOFFTEC
>> <ariful.islam at totalofftec.com>
>> wrote:
>>
>>
>> I have fortinet wifi router.
>>
>>
>> -arif- +8801678005123
>> . Apologies kept short sent from my BlackBerry® smartphone
>> - Airtel
>>
>>
>>
>>
>> -----Original Message-----
>>
>>
>> From: Nurul Islam <nurul at apnic.net>
>>
>>
>> Sender: nog-bounces at bdnog.org
>>
>>
>> Date: Fri, 15 Nov 2013 06:17:25
>>
>>
>> To: fakrul at dhakacom.com<fakrul at dhakacom.com>;
>> nog at bdnog.org<nog at bdnog.org>;
>> Abdul Momen<abdulmomen918 at gmail.com>
>>
>>
>> Subject: Re: [bdNOG] Cisco VPN Router
>>
>>
>>
>> Few more on the [UTF-8?]listÅ .MikroTik, Fortigate, What
>> model? what
>> else?
>>
>>
>>
>> And obviously Cisco. (For the elite class I suppose. :).
>>
>>
>>
>> Regards
>>
>>
>>
>> -Roman
>>
>>
>>
>> On 15/11/13 3:42 PM, "Fakrul Alam" <fakrul at dhakacom.com>
>> wrote:
>>
>>
>>
>>
>>> Dear Mr Momen,
>>
>>
>>
>>
>>> Ya, it's mainly 800 series with K9 bundle. I know
>> few banks who use
>> 1900
>>
>>
>>> series in metropolitan branches where there is higher
>> b/w & pps
>>
>>
>>> requirements.
>>
>>
>>
>>
>>> Thanks
>>
>>
>>
>>
>>> Fakrul Alam
>>
>>
>>
>>
>>
>>
>>> On 11/15/13, 6:29 AM, Abdul Momen wrote:
>>
>>
>>>> Dear bdnog people,
>>
>>
>>
>>
>>>> I have a quick question. What are the commonly used
>> VPN router used
>> in
>>
>>
>>>> the
>>
>>
>>>> bank brunches in Dhaka. I guess CISCO831-K9 still
>> used in some
>> places.
>>
>>
>>>> Correct? What are other cost effective
>> alternatives.
>>
>>
>>
>>
>>>> Regards
>>
>>
>>
>>
>>>> Momen
>>
>>
>>
>>
>>
>>
>>
>>
>>>> _______________________________________________
>>
>>
>>>> nog mailing list
>>
>>
>>>> nog at bdnog.org
>>
>>
>>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>
>>
>>
>>
>>> _______________________________________________
>>
>>
>>> nog mailing list
>>
>>
>>> nog at bdnog.org
>>
>>
>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>
>>
>>
>>
>> _______________________________________________
>>
>>
>> nog mailing list
>>
>>
>> nog at bdnog.org
>>
>>
>> http://mailman.bdnog.org/mailman/listinfo/nog
>>
>>
>>
>>
>> ------- End of Original Message
>> -------
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org
>> http://mailman.bdnog.org/mailman/listinfo/nog
>>
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org
>> http://mailman.bdnog.org/mailman/listinfo/nog
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
More information about the nog
mailing list