[bdNOG] Cisco VPN Router

Md Ashifuzzaman mashifuzzaman at banglalinkgsm.com
Sat Nov 16 09:11:22 BDT 2013


Can anyone would remove me from the mailing list as I am not relevant with this topics. 



Thanks & Best Regards,

Md Ashifuzzaman
Information Technology
Banglalink
Mobile: +88 019 26662 488 

-----Original Message-----
From: nog-bounces at bdnog.org [mailto:nog-bounces at bdnog.org] On Behalf Of Nurul Islam
Sent: Saturday, November 16, 2013 5:21 AM
To: Aniruddha Barua
Cc: bdNOGNOG list
Subject: Re: [bdNOG] Cisco VPN Router

Upssssss. You are right Barua "not threats" but threads. Apology. I should disable autocorrect in my mail client. :)

-Roman
 


On 16/11/13 4:20 AM, "Aniruddha Barua" <aniruddha.barua at colbd.com> wrote:

>Roman bhai,
>
>Threads. It would be threads. Not threats.;-)
>
>Regards,
>
>ANIRUDDHA BARUA
>Email: aniruddha.barua at colbd.com, cto at colbd.com
>Cell: +880.1713.111222
>Web: http://www.colbd.com
>
>
>On Nov 15, 2013, at 11:07 PM, Nurul Islam <nurul at apnic.net> wrote:
>
>> I think Momen's question is about the overlay VPN model (5/10 years 
>>ago)  where CPE router create IPSec tunnel (customer data security 
>>purpose) and  SP POP router need to create another tunnel (GRE/IPSec) 
>>to isolate their  routing prefixes. Because several customer or SP 
>>infrastructure might use  the same private address range. I think this 
>>overlay VPN model is replaced  with MPLS L3 VPN where SP do not need 
>>to create any GRE/IPSec tunnel to  isolate their routing prefix. SP 
>>now simply create VRF on the POP router  and individual customer 
>>prefixes are isolated by VPNv4 address family etc  etc.
>> 
>> By asking "VRF instead of GRE on PE" if you mean MPLS L3/L2 VPN, then 
>>yes  it is available in Dhaka. At least Pseudo-wire for sure. Is VPLS 
>>also  available in Bangladesh?
>> 
>> What is the required CPE hardware that is also discussed on other reply.
>> 
>> Thanks to bdNOG community. Keep posting more threats and let everyone 
>> participate. We need active people to run our NOG.
>> 
>> Regards
>> 
>> Roman     
>> 
>> 
>> On 16/11/13 2:14 AM, "Md. Khairul Alam" <khairulbd at yahoo.com> wrote:
>> 
>>> Hi,
>>> 
>>> I think the the technology using by the SP is not the main concern 
>>>of the  banks. Banks should have own policy to secure the data 
>>>transmission  between HO and branches. As a customer I must want the 
>>>maximum  availability of the link from the SP and choose the security 
>>>technology  in my routers.
>>> 
>>> For small branches most are using 1900 series with K9 license I 
>>>guess and
>>> 2900 series for larger bandwidth requirement.
>>> 
>>> Thanks very much bdNOG for giving us the opportunity to share.
>>> 
>>> BR//Khairul
>>> --------------------------------------------
>>> On Fri, 15/11/13, Aniruddha Barua <aniruddha.barua at colbd.com> wrote:
>>> 
>>> Subject: Re: [bdNOG] Cisco VPN Router
>>> To: "NOG list, bdNOG" <nog at bdnog.org>
>>> Received: Friday, 15 November, 2013, 6:33 PM
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Dear Mr. Momen,
>>> 
>>> 
>>> 
>>> I believe you are asking the question considering the entire 
>>> architecture, not just from the customer (Bank) or the provider (SP) 
>>> point of view. If a bank wants to connect their branch routers in 
>>> Layer 2 over SP network, the SP has to give them either GRE based 
>>> tunnels (Mikrotik's EoIP or PPTP-Bridge etc., are common technics) 
>>> or MPLS Layer 2 (EoMPLS, VPLS etc.). If a bank wants to connect the 
>>> branch routers in Layer 3 over SP network, the SP can give them 
>>> anything from simple routing (Static or Dynamic) to plain VRF (i.e. 
>>> VRF Lite) to MPLS Layer 3 to even dedicated fiber (this is too much 
>>> though!!).
>>> 
>>> 
>>> 
>>> To maintain information security and confidentiality, regardless of 
>>> what the SP is providing in its infrastructure, the bank has to 
>>> encrypt-decrypt (mostly with
>>> IPSec) its traffic in between its routers, which will pass through 
>>> either the Layer 2 tunnels or the Layer 3 routed paths provided by 
>>> the SP.
>>> 
>>> 
>>> 
>>> My question to all is, should banks demand a specific technology 
>>> like VRF or MPLS or any other from the SP as long as their 
>>> requirements are met perfectly well by the SP using its current 
>>> technologies?
>>> 
>>> 
>>> 
>>> bdNOG mailing list is on the jazz today. Regards to all,
>>> 
>>> 
>>> 
>>> ANIRUDDHA BARUA
>>> 
>>> 
>>> 
>>> Email: aniruddha.barua at colbd.com, cto at colbd.com
>>> 
>>> 
>>> 
>>> Cell: +880.1713.111222
>>> 
>>> 
>>> 
>>> Web: http://www.colbd.com
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> ---------- Original Message
>>> -----------
>>> 
>>> 
>>> From: Abdul Momen <abdulmomen918 at gmail.com>
>>> 
>>> 
>>> 
>>> To: ariful.islam at totalofftec.com
>>> 
>>> 
>>> 
>>> Cc: nog-bounces at bdnog.org, "nog at bdnog.org"
>>> <nog at bdnog.org>
>>> 
>>> 
>>> 
>>> Sent: Fri, 15 Nov 2013 17:22:33 +1000
>>> 
>>> 
>>> 
>>> Subject: Re: [bdNOG] Cisco VPN Router
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> Thanks everyone.
>>> 
>>> 
>>>> I believe it is mostly ipsec (CPE
>>> router) inside GRE(PE router)? Is it possible to get VRF instead of 
>>> GRE on PE router.
>>> 
>>> 
>>>> Thanks & regards
>>> 
>>> 
>>> 
>>> Momen     
>>> 
>>> 
>>>> On Fri, Nov 15, 2013 at 4:37 PM, Arif @
>>> TOTALOFFTEC
>>> <ariful.islam at totalofftec.com>
>>> wrote:
>>> 
>>> 
>>> I have fortinet wifi router.
>>> 
>>> 
>>> -arif- +8801678005123
>>> . Apologies kept short sent from my BlackBerry® smartphone
>>> - Airtel
>>> 
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> 
>>> 
>>> From: Nurul Islam <nurul at apnic.net>
>>> 
>>> 
>>> Sender: nog-bounces at bdnog.org
>>> 
>>> 
>>> Date: Fri, 15 Nov 2013 06:17:25
>>> 
>>> 
>>> To: fakrul at dhakacom.com<fakrul at dhakacom.com>;
>>> nog at bdnog.org<nog at bdnog.org>;
>>> Abdul Momen<abdulmomen918 at gmail.com>
>>> 
>>> 
>>> Subject: Re: [bdNOG] Cisco VPN Router
>>> 
>>> 
>>> 
>>> Few more on the [UTF-8?]listÅ .MikroTik, Fortigate, What model? what 
>>> else?
>>> 
>>> 
>>> 
>>> And obviously Cisco. (For the elite class I suppose. :).
>>> 
>>> 
>>> 
>>> Regards
>>> 
>>> 
>>> 
>>> -Roman
>>> 
>>> 
>>> 
>>> On 15/11/13 3:42 PM, "Fakrul Alam" <fakrul at dhakacom.com>
>>> wrote:
>>> 
>>> 
>>> 
>>> 
>>>> Dear Mr Momen,
>>> 
>>> 
>>> 
>>> 
>>>> Ya, it's mainly 800 series with K9 bundle. I know
>>> few banks who use
>>> 1900
>>> 
>>> 
>>>> series in metropolitan branches where there is higher
>>> b/w & pps
>>> 
>>> 
>>>> requirements.
>>> 
>>> 
>>> 
>>> 
>>>> Thanks
>>> 
>>> 
>>> 
>>> 
>>>> Fakrul Alam
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On 11/15/13, 6:29 AM, Abdul Momen wrote:
>>> 
>>> 
>>>>> Dear bdnog people,
>>> 
>>> 
>>> 
>>> 
>>>>> I have a quick question. What are the commonly used
>>> VPN router used
>>> in
>>> 
>>> 
>>>>> the
>>> 
>>> 
>>>>> bank brunches in Dhaka. I guess CISCO831-K9 still
>>> used in some
>>> places.
>>> 
>>> 
>>>>> Correct? What are other cost effective
>>> alternatives.
>>> 
>>> 
>>> 
>>> 
>>>>> Regards
>>> 
>>> 
>>> 
>>> 
>>>>> Momen
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>>> _______________________________________________
>>> 
>>> 
>>>>> nog mailing list
>>> 
>>> 
>>>>> nog at bdnog.org
>>> 
>>> 
>>>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>> 
>>> 
>>> 
>>> 
>>>> _______________________________________________
>>> 
>>> 
>>>> nog mailing list
>>> 
>>> 
>>>> nog at bdnog.org
>>> 
>>> 
>>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> 
>>> 
>>> nog mailing list
>>> 
>>> 
>>> nog at bdnog.org
>>> 
>>> 
>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>> 
>>> 
>>> 
>>> 
>>> ------- End of Original Message
>>> -------
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -----Inline Attachment Follows-----
>>> 
>>> _______________________________________________
>>> nog mailing list
>>> nog at bdnog.org
>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>> 
>>> _______________________________________________
>>> nog mailing list
>>> nog at bdnog.org
>>> http://mailman.bdnog.org/mailman/listinfo/nog
>> 
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org
>> http://mailman.bdnog.org/mailman/listinfo/nog

_______________________________________________
nog mailing list
nog at bdnog.org
http://mailman.bdnog.org/mailman/listinfo/nog


More information about the nog mailing list