s*****g
发帖数: 1055 | 1 I am looking to re-architect our WAN infrastructure, currently we have full
mesh GRE/IPsec across a bunch major sites, obviously this solution does not
scale. Cisco DMVPN comes to mind, but we don't like ISR pricing, we don't
want go to MPLS-VPN path either at this moment as Op cost is too high.
Do you guys know any alternative solution that can meet our needs? we need
direct spoke-to-spoke communication across Internet. Does Junos have
similar solution as DMVPN? anybody has experience with Net... 阅读全帖 |
|
s*****g
发帖数: 1055 | 2 Internally why would an enterprise need mVPN? they can either run GRE over IPsec or
DMVPN or if they get MPLS-VPN service from a provider, mVPN would be totally
transparent to enterprise. |
|
s*****g
发帖数: 1055 | 3 Multip-point GRE which is typically used in CISCO IOS to implement DMVPN or
multi-cast MPLS VPN, MGRE is different for regular point-to-point GRE in the
sense that tunnel destination is not pre-determined, buy rather decided
dynamically on the fly to PEs to encapsulate customer traffic. |
|
s*****g
发帖数: 1055 | 4 MPLS VPN is efficient in the way it can be provided as a service by ISPs
MPLS VPN makes inter-connecting private networks over Internet not only
possible but easier and scalable. From customer's point of view, the service is transparent.
IPsec VPN is mostly point to point (DMVPN developed by Cisco is an exception
) it is over Internet but managed by customers themselves, i.e. ISPs are not
involved.
MPLS VPN does not address encryption, technically ISPs can see your traffic
in clear text. |
|
a***n
发帖数: 262 | 5 For your short term and long term career goal. I would recommend you get
CCNP, then CCIE. Just take your time. CCIE will take some time and effort to
obtain. But it is still well respected in the field. Just see how hard it
is to get it. If you are a Cisco shop, then try to go annual Cisco
Networkers/Live conference.
For the career, try to get as much experience as possible. Like security.
For Cisco like ASA, VPN, FWSM, DMVPN ....
Good Luck. |
|
s*****g
发帖数: 1055 | 6 Almost every big enterprise I know uses DMVPN and slowly migrating to MPLS-
VPN, what other vendors are
proposing? any Juniper, ALU or any other vendor experts care to comment? |
|
a***n
发帖数: 262 | 7 crypto map is old fashion, new way in Cisco is Virtual Tunnel Interface.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide
So basically, there are IPSec VPN, SSL VPN, Easy VPN, DMVPN, GET VPN, and
MPLS VPN(L2 or L3) in terms of VPN world.
Almost all of these VPNs could be integrated with VRF to further separate
traffic.
Now days, most firewall features are VRF aware too.
router's mind:
is GRE tunnel, so router encap's original packet with IP-GRE header, which
subsequently triggers... 阅读全帖 |
|
a***n
发帖数: 262 | 8 Up to your performance requirements.
We used ISR891/1900 for some remote/branch office
gre/ipsec or dmvpn back to central office.
We also have some sites using ASA5510.But if you have too
many branches, ISR is more flexible. |
|
a***n
发帖数: 262 | 9 Up to your performance requirements.
We used ISR891/1900 for some remote/branch office
gre/ipsec or dmvpn back to central office.
We also have some sites using ASA5510.But if you have too
many branches, ISR is more flexible. |
|
z**r
发帖数: 17771 | 10 ISR too expensive?
full
not |
|
s*****g
发帖数: 1055 | 11 Very, to a small shop like us. |
|
|
|
w*f
发帖数: 111 | 14 Used ISR 3800 is now very cheap |
|
s*****g
发帖数: 1055 | 15 Can I get support/software license for the used ISRs from Cisco? |
|
|
n**********l
发帖数: 271 | 17 only certified refurbished are eligible for smartnet? not those on ebay/cg?
There are a lot of smartnet alternatives for hardware support.. I don't know
about software. |
|
z**r
发帖数: 17771 | 18 I don't really care about hardware RMA if I buy used ISRs, so cheap to get
your own depot
?
know |
|
s*****g
发帖数: 1055 | 19 Tough decision, we will need both software and hardware support, just in
case when shit hits the fan we can have somebody to rely on. |
|
L******t
发帖数: 1985 | 20 Anyone gives me a real case some vendor beat Cisco because of multicast?
full
not |
|
|
t*******r
发帖数: 3271 | 22 中国北京新时代证券公司内网视频项目(MX/M10i/M7i)
跟account team的人讲案例?! 呵呵.... |
|
L******t
发帖数: 1985 | 23 No, I'm just curious. Can you get more details which area Juniper is doing
better than Cisco in terms of multicast? Multicast routing only or combined
with switching? |
|
t*******r
发帖数: 3271 | 24 组播VPN同时承载ipv4/ipv6流量, 用BGP做信令, 不需在核心运行PIM
combined |
|
|
t*******r
发帖数: 3271 | 26 是思科的哪一个客户啊? 思科路由器参与了组播运行没有? 还是只是enable了MPLS其他
什么都没干的core router? |
|
