wan virtualization using over-the-top (otp) techadvantage webinar
DESCRIPTION
Slides and recording from the December 2013 Cisco TechAdvantage Webinar that provides an introduction to our latest enterprise routing feature: Over-the-Top (OTP). OTP enables customers to quickly and easily deploy remote offices and data centers in multi-carrier IP WAN design. Customers no longer need to peer and exchange internal routes with Service Providers, creating filters, and redistribute routes into and out of their Internet Gateway Protocol (IGP). OTP simplifies multi-site deployments by utilizing a "route reflector" architecture where all participating WAN routers exchange their internal routes, and the data path operates independently from the underlying WAN network thereby facilitating seamless introduction of new branch sites into the customer WAN network. With OTP, customers can deploy Enhanced Interior Gateway Routing Protocol (EIGRP) end-to-end, from site-to-site over the WAN, making their IGP network behave as a single autonomous system. This greatly reduces operational costs and simplifies WAN deployments. The session will expose you to configure various deployments scenarios including point-to-point site connections, route reflectors, dual home, and dual providers, and encryption for public networks. WebEx Replay: https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=EC&rID=73537722&rKey=db4b96a94fca1d5bTRANSCRIPT
Cisco TechAdvantage Webinars WAN Virtualization using OTP
Donnie Savage – TME Chris Le – PM
Follow us @GetYourBuildOn
We’ll get started a few minutes past the top of the hour.
Note: You may not hear any audio until we get started.
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
• Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists
• Please complete the post-event survey
• For WebEx audio, select COMMUNICATE > Join Audio Broadcast
• Where can I get the presentation? Or send email to: [email protected]
• Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage
• For WebEx call back, click ALLOW phone button at the bottom of participants side panel
Housekeeping
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Panelists Speaker
Donnie Savage Technical Leader
Saul Adler Technical Leader
Chris Le Product Manager [email protected]
Speaker & Panelists Introduction
Overview
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
PE-CE Issues
§ Service Provider must redistributed and carry Enterprise routes via MP-iBGP; – Either EIGRP or eBGP must be run between the CE/PE – BGP route propagation impacts Site’s convergence – Provider often limits number of routes being redistributed – Route flaps within sites results in BGP convergence events – Route metric changes results in new extended communities flooded into the core
§ Enterprise and Service Provider must co-support deployment – Managed services is required, even if not needed – Control of traffic flow using multiple providers is problematic – Changing providers results in migration issues
5
PE1 PE2
CE1 CE2
MPLS VPN Core
Site 2 Site 1
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
PE-CE Issues with Backdoor Links
§ Route redistribution adds deployment complications – Without PE/CE support, back-door must be redistributed into a second instance of EIGRP – With PE/CE support, use of SoO (route) tagging must be used to prevent count-to-infinity issues
due to BGP’s slower convergence
6
CE1
CE2
Backdoor Link
C3
PE1 PE2
CE1 CE2
MPLS VPN Cloud
Site 2 Site 1
C4
CE2
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Overview WAN Virtualization using OTP § OTP supports transparent CE to CE Routing § Single “end-to-end” IGP solution with:
– NO special requirement on Service Provider
– NO special requirement on Enterprise
– NO routing protocol on CE/PE link
– NO need for route redistribution
– NO no need for default or static routes
7
PE/CE
BGP Complexity
Carrier Involvement
Multiple Redistribution
Public & Unsecure
EIGRP OTP
EIGRP Simplicity
Carrier Independence
Zero Redistribution
Private & Secure
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Enterprise Benefits
EIGRP Support for WAN Transparency § EIGRP OTP Enterprise benefits
– Simple configuration and deployment for both IPv4 and IPv6 – Single routing protocol solution, convergence is not depending on Service Provider
– Routes are carried over the Service Provider’s network, not though it – No artificial limitation on number of routes being exchanged between sites
– Support for multiple MPLS VPN backbone connections – Support connections not part of the MPLS VPN backbone (“backdoor” links)
– Only the CE needs to be upgraded – Works with both traditional managed and non-managed internet connections
– Compliments an L3 Any-to-Any architecture (optional hair pinning of traffic)
8
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Service Provider Benefits
EIGRP Support for WAN Transparency § EIGRP OTP Service Provider benefits
– Allow customers to segment their network using an MPLS VPN backbone – All user traffic appears and unicast IP data packets – No routing protocol is needed on CE to PE link – Customer routes are NOT carried in MPLS VPN backbone – Customer route flaps do not generate BGP convergence events – Smaller BGP routing tables, smaller memory foot print, lower CPU usage – No upgrade requirements for PE or any MPLS VPN backbone router – Multivendor PE support
9
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP WAN Solution Analysis Overview EIGRP OTP DMVPN / Internet MPLS VPN MPLS+DMVPN
Control Plane EIGRP IGP/BGP + NHRP; LAN IGP
eBGP/iBGP; LAN IGP
IGP/BGP + NHRP; eBGP; LAN IGP
Data Plane LISP mGRE IP IP + mGRE
Privacy GETVPN IPSec over mGRE GETVPN GETVPN + DMVPN
Routing Policies EIGRP, EIGRP Stub EIGRP Stub Redistribution and route filtering
EIGRP Stub, Redistribution, filtering, Multiple AS
Network Virtualization VRF/EVN to LISP multi-tenancy
DMVPN VRF-Lite; MPLS or DMVPN
Multi-VRF CEs and multiple IP VPNs
Multi-VRF CEs and DMVPN VRF-Lite
Convergence Branch/Hub
Branch Fast; Hub – Fast
Branch Fast; Hub - Fast
Branch / Hub carrier dependent
Carrier and DMVPN hub dependent
Multicast Support Planned PIM Hub-n-Spoke PIM MVPN MVPN + DMVPN Hub-n-Spoke
Provider Dependence
No No Yes Yes/No
10
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – How it Works
§ CE routers exchange information using unicast packets – Internal site routes are passed “Over the ToP” to other Sites – Routes are not redistributed into the WAN
§ Unicast packets are sourced FROM the public interface – No static routes are needed – No default routes are needed
§ Data packet delivery is accomplished using LISP to encapsulate site-to-site traffic
11
Service Provider MPLS VPN
EIGRP AS 4453
CE-1 CE-2
EIGRP AS 4453
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Data Plane LISP Header Format (IPv4 example)
12
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
DATA LISP DATA
External Interface Internal Interface
LISP0
LISP encapsulation uses 36 bytes : IP header (20 Bytes) UDP header (8 Bytes) LISP header (8 Bytes)
OH – Outer Header (LISP Encap packet) Source Routing Locator:
Public address of external Interface Destination Routing Locator
Public address provided by network configuration Source Port - Set by LISP Instance ID - Set by EIGRP
IH – Inner Header (Site Data packet) Source EID (Site private address) Destination EID(Site private address)
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP Configuration Overview
§ Checking for support (IOS/XR, ISR): show eigrp plugins detail
§ Configuration used by OTP 1. configure terminal 2. router eigrp virtual-name 3. address-family ipv4 autonomous-system as-number 4. af-interface interface-type interface-number 5. no split-horizon 6. no next-hop-self 7. exit-af-interface 8. neighbor {ip-address | ipv6-address} interface-type interface-number [remote maximum-hops [lisp-encap [lisp-id]]] 9. end
§ Cisco Configuration Guide: http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-eigrp-over-the-top.html
13
CE4#show eigrp plugins detailed !EIGRP feature plugins:::! eigrp-release : 15.00.00 : Portable EIGRP Release ! : 4.00.00 : Source Component Release(dev15)! + HMAC-SHA-256 Authentication! parser : 2.02.00 : EIGRP Parser Support ! igrp2 : 2.00.00 : Reliable Transport/Dual Database ! + Wide Metrics! bfd : 2.00.00 : BFD Platform Support ! mtr : 1.00.01 : Multi-Topology Routing(MTR) ! eigrp-pfr : 1.00.01 : Performance Routing Support ! + IPv4 PFR! EVN/vNets : 1.00.00 : Easy Virtual Network (EVN/vNets) ! + IPv4 EVN/vNets! ipv4-af : 2.01.01 : Routing Protocol Support ! + Dynamic Remote Neighbors! ipv6-af : 1.02.00 : Service Distribution Support ! + Dynamic Remote Neighbors!
Point to Point Peering
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
DATA LISP
OTP – Deployment Point-to-Point
§ Control Plane peering is accomplished with EIGRP “neighbor” statement – CE-1 sends unicast packets to CE-2’s public address (172.16.2.2) – CE-2 sends unicast packets to CE-1’s public address (172.16.1.1)
§ Data Plane packet delivery is accomplished with LISP encapsulation – Encapsulation happens on the CE routers
15
Service Provider MPLS VPN
EIGRP AS 4453
EIGRP AS 4453
Hello Hello
interface Ethernet0/2 ip address 172.16.1.1 255.255.255.0 ! router eigrp ROCKS address-family ipv4 unicast auto 4453 neighbor 172.16.2.2 Ethernet0/2 remote 10 lisp-encap ...
interface Ethernet0/2 ip address 172.16.2.2 255.255.255.0 ! router eigrp ROCKS address-family ipv4 unicast auto 4453 neighbor 172.16.1.1 Ethernet0/2 remote 10 lisp-encap ...
DATA DATA CE-1 CE-2
Route Reflector Peering
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Point to Multi-Point – Multiple Branch Sites
§ Use EIGRP Route-Reflectors when setting up multiple branches
17
router eigrp ROCKS address-family ipv4 unicast auto 4453 remote-neighbors source Serial 0/0 unicast-listen lisp-encap af-interface serial 0/0 no split-horizon exit-af-interface ...
RR
EIGRP AS 4453
= DP
= CP
§ Chose one of the CE routers to function as Route Reflector (RR)
§ Purpose of the Route Reflector is to ‘reflect’, or advertise routes received to other CE routers
§ Control plane is deployed in a “Hub-and-spoke” topology
§ Data from CE routers will ‘hairpin’ though RR Q : In the example, if CE-1 advertises a route to
the RR, will the Route Reflector propagate it to CE-2 and CE-3?
A : Only if split horizon is disabled on the interface!
EIGRP AS 4453 EIGRP
AS 4453
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 18
RR
EIGRP AS 4453
= DP
= CP
EIGRP AS 4453 EIGRP
AS 4453
OTP – Deployment Point to Multi-Point – Adding Branch Sites
§ EIGRP Route Reflector simplifies adding additional branches
§ Configure the new CE to point to the RR § Adding additional CE routers does not
require a change to the configuration of the Route Reflector (RR)
address-family ipv4 unicast auto 4453 neighbor 172.16.1.1 Serial 0/2 remote 10 lisp-encap ... exit-address-family
EIGRP AS 4453
18 18
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Point to Multi-Point – Any-to-Any Data
§ Any-to-Any data is accomplished using 3rd Party Next hop support
19
§ Each CE normally shows the Route Reflector (RR) as the next hop, and data will ‘hairpin‘ though the RR to get to other sites
§ Configuring “no next-hop-self” on the Route Reflector will cause the original next-hop to be preserved when route updates are sent
§ When a CE gets an update with a non-zero next-hop address install it in the RIB
§ Traffic will be forwarded directly to the remote CE will be sent to that next-hop
router eigrp ROCKS address-family ipv4 unicast auto 4453 remote-neighbors source Serial 0/0 unicast-listen lisp-encap af-interface serial 0/0 no split-horizon no next-hop-self exit-af-interface ...
EIGRP-IPv4 VR(ROCKS) Topology Table for AS(4453)/ID(10.1.0.1) .... P 10.1.1.0/24, 1 successors via 10.1.2.1
19
EIGRP AS 4453
= DP
= CP
EIGRP AS 4453 EIGRP
AS 4453
RR
Backdoor Links
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Backdoor Links
§ Use MPLS-VPN core for the site-to-site connectivity § Use “back-door” link in case of a failure (these are usually are low-speed links)
21
§ EIGRP end-to-end ensures - Prefixes appear as native routes in across ISP network - Internal routes show up as internal
§ Normal path selection using ‘delay’ on interface to influence path selection
Remote Office
Headquarters
Service Provider MPLS VPN
Backdoor Link
CE
CE
C2 C1
EIGRP-OTP Session
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Backdoor Links
22
interface Serial0/0 delay 40000 . . .
interface Serial0/0 delay 40000 . . .
Remote Office
Headquarters
Service Provider MPLS VPN
Backdoor Link
CE
CE
C2 C1
§ Convergence events in Customer’s network: - Are not depend on MPLS convergence - Do not impact the MPLS Core
§ Routing works as expected in event of outage via Service Provider
OTP Deployment Considerations
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Route Reflector – Redundancy
24
OTP Dual Hub, Dual Service Provider § OTP is able to handle Dual Hub and Dual Service Provider
connections § Stub Co-Existence Allows for Dual Hubs
– Support for dual Hubs for redundancy for load-balancing – Spoke to spoke load balancing and redundancy
§ Equal Cost MultiPath (15.2(3)T, 15.2(1)S) – Destination network is reachable via more than one peer on the same
interface, the ip next-hop needs to be preserved over both paths § Add-path (15.3(1)S)
– Spoke site has multiple spoke routers and want to be able to load-balance spoke-spoke tunnels going into this spoke site
– Up to 4 additional Nexthops addresses (5 total)
Hub 1
Service Provider 1
Service Provider 2
Hub 2
Site1 Site2
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Route Reflector – Scaling
EIGRP Hub and Spoke (STUBs) § EIGRP offers the best scaling performance of all IGPs § If these spokes are remote sites, they have two
connections for resiliency, not so they can transit traffic between A and B
§ A should never use the spokes as a path to anything, so there’s no reason to learn about, or query for, routes through these spokes
§ What happens when a route or link is lost? → EIGRP query's ALL neighbors → Each neighbors using it to reach the destination will also
query their neighbors
B A
Don’t Use These Paths
RR-2 RR-1
10.1
.1.0
/24
25
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Route Reflector – Scaling
§ Marking sites as “stubs” allows them to signal the Route Reflector they are not valid transit paths
§ The Route Reflector will not query other sites which are marked as “stubs”, reducing the total number of queries
§ The “stub” keyword can not be used of the remote sites contains complex topologies (multiple routes)
§ The back-up routes can be deployed at remotes using “leak-maps”
Router eigrp ROCKS address-family ipv4 unicast auto 4453 neighbor 172.16.1.2 Serial 0/2 remote 10 lisp-encap eigrp stub ...
26
B A RR-2 RR-1
10.1
.1.0
/24
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Route Reflector – Scaling
§ Most EIGRP Neighbors Recommended – Maximum of 500 deployed in live, working networks – 2500 (Stubs) is the largest number ever tested in a lab environment
§ Key Strategy for achieving scalability is design! – Minimize advertisements between sites – Use summaries with static summary metric option – Stubs to create a hub and spoke environments – Use any-to-any traffic to reduce bandwidth and load on Route Reflector – Use add-path feature to better utilize redundancy
27
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Route Reflector – Security
Hash-based Message Authentication Code (HMAC) § EIGRP offers Secure Hash Algorithms SHA2-256 bit Algorithms § The addition of SHA2-256 HMAC authentication to EIGRP packets ensures that
your routers only accept routing updates from other routers that know the same pre-shared key.
§ This prevents someone from purposely or accidentally adding another router to the network and causing a problem.
§ The SHA2 key is a concatenation of the user-configured shared secret key along with the IPv4/IPv6 address from which this particular packet is sent. This prevents Hello Packet DOS replay attacks with a spoofed source address.
ü Simpler configuration mode using a common ‘password’
ü Keychain support when additional security is needed
RR
CE1 CE2
28
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
• Simple configuration using only one password
• Additional security can be added with key-chains
router eigrp DC012-md5 address-family ipv4 auto 4453 af-interface default authentication key-chain DC012-CHAIN exit-af-interface af-interface Ethernet0 authentication mode hmac-sha-256 ADMIN exit-af-interface af-interface Ethernet1 authentication mode hmac-sha-256 CAMPAS exit-af-interface af-interface Ethernet2 authentication mode hmac-sha-256 LAB authentication key-chain DC012-LAB exit-af-interface!
router eigrp ROCKS address-family ipv4 auto 4453 af-interface default authentication mode hmac-sha-256 my-password exit-af-interface!
key chain DC012-CHAIN key 1 key-string securetraffic ! router eigrp ROCKS address-family ipv4 auto 4453 af-interface default authentication mode hmac-sha-256 my-password authentication key-chain DC012-CHAIN exit-af-interface!
• Interface inheritance can simplify configuration
OTP – Deployment Route Reflector – Security
29
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OTP – Deployment Route Reflector – Security
30
Group Encrypted Transport VPN (GETVPN) Encryption § OTP offers secure site to site encryption using GETVPN § The addition of GETVPN ensures that data and control plane
traffic sent from site to site is not decodable to outside sources
§ IPsec or GETVPN can be used
- Apply crypto maps to either public interface, or the LISP0 (virtual Interface)
- EIGRP forms peers over the ‘public’ interface, so control traffic will be encrypted
§ Split encryption can be accomplished by peering to a loopback
- Applying encryption to the loopback
- Default traffic would be forward to the physical interface un-encrypted
EIGRP
GETVPN
Public Interface
Inside Interface
Default Traffic
Site to Site
Traffic
LISP0
RIB
Route Updates
Case Study
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Acme Corporation
Requirements: – Fast convergence (<1s if possible) – Direct Spoke-to-spoke traffic – 1600+ sites across four countries – Active/active load balancing – Encryption across WAN
Nice to have: – Easy provisioning § No config changes on hubs as new sites are added § Zero touch deployment of branch wan router (CE)
– Provider flexibility § Multiple providers in each country § Easy migration between providers § No routing exchange of internal addresses
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Acme Corporation
33
Corporate Backbone
France
… …
MPLS VPN MPLS
VPN
Sweden
… …
MPLS VPN MPLS
VPN
England
… …
MPLS VPN
MPLS VPN
USA
… …
MPLS VPN
MPLS VPN
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Acme Corporation Route Exchange
34
Spokes
WAN Hubs 2 x ASR1000
… …
MPLS VPN for Branches and ATMs
B
MPLS VPN for Branches and ATMs
A
RR RR
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Acme Corporation WAN Security with GET VPN
35
KEY SERVER
MEMBER MEMBER
WAN Services 2 x 3945E
WAN Hubs 2 x ASR1000
MEMBERS
… …
RR RR
MPLS VPN for Branches and ATMs
B
MPLS VPN for Branches and ATMs
A
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Acme Corporation
– IGP speeds via end-to-end EIGRP solution – Use of no nexthop-self on RR – Up to 500 EIGRP spokes per RR – Ability to add 4 additional ECMP via addpath – GET VPN
– Route Reflectors – Route Reflectors – Multiple neighbor configs supported – Built into OTP – Built into OTP
Requirements: – Fast convergence (<1s if possible) – Direct Spoke-to-spoke traffic – 1600+ sites across four countries – Active/active load balancing – Encryption across WAN
Nice to have: – Easy provisioning § No config changes on hubs as new sites are added § Zero touch deployment of branch wan router (CE)
– Provider flexibility § Multiple providers in each country § Easy migration between providers § No routing exchange of internal addresses
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Additional Information § OTP Availability
– ASR 1000 Series – IOS-XE 3.10 ISR, ISR G2, 7200 Series – IOS 15.4(3)
§ For more information on EIGRP visit: – EIGRP
§ http://www.cisco.com/go/eigrp – Open EIGRP (IETF Draft):
§ http://tools.ietf.org/html/draft-savage-eigrp
– OTP: § http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-eigrp-over-the-
top.html § https://techzone.cisco.com/t5/EIGRP/EIGRP-OTP-Over-the-ToP/ta-p/317994
– GETVPN: § http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/
GETVPN_DIG_version_1_0_External.pdf
Q&A
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
• Thank you! • Please complete the post-event survey • Join us for upcoming webinars:
Register: www.cisco.com/go/techadvantage Follow us @GetYourBuildOn