Re: Branch Location Over The Internet

[Mike Hammett <nanog () ics-il net>]

EoIP will tunnel over anything IP, including the public Internet. VPLS will only go over your network. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com 



----- Original Message -----

From: "Colton Conor" <colton.conor () gmail com> 
To: "Jürgen Jaritsch" <jj () anexia at> 
Cc: nanog () nanog org 
Sent: Tuesday, August 11, 2015 5:27:22 PM 
Subject: Re: Branch Location Over The Internet 

EoIP seems to be what I am looking for, however this recent Mikrotik 
session says: 

EoIP could be a solution for tunneling L2 over L3. 
• EoIP disadvantages: – Fragmentation of L2 frames over multiple L3 packets 
– Performance issues • 
VPLS advantages: – No fragmentation. – 60% more performance then EoIP. 

So it sounds like VPLS might be better than EoIP? I can't find much about 
EoIP online, so is this a Mikrotik only protocol? 

On Tue, Aug 11, 2015 at 1:46 PM, Jürgen Jaritsch <jj () anexia at> wrote: 

> Hi, 
>
> Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: 
> MPLS+OSPF+BGP in the EoIP for additional features. 
>
> Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand 
> it over directly to the MX80 and at the new office you can work with small 
> boxes like Cisco 7301 (also available with redundant PS) or if you need 
> more ports: 19xx ... 
>
> #) cheap setup 
> #) can easily transport a few hundred Meg 
> #) you can use refurb parts if required 
> #) big community support for Mikrotik Routerboards 
> #) encrypted transport possible 
> #) works with dynamic IPs 
> #) MPLS in the EoIP allows you to transport VRFs with BGP signaling 
>
> Etc etc 
>
> Best regards 
>
>
> Jürgen Jaritsch 
> Head of Network & Infrastructure 
>
> ANEXIA Internetdienstleistungs GmbH 
>
> Telefon: +43-5-0556-300 
> Telefax: +43-5-0556-500 
>
> E-Mail: jj () anexia at 
> Web: http://www.anexia.at 
>
> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt 
> Geschäftsführer: Alexander Windbichler 
> Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT 
> U63216601 
>
>
>
> -----Original Message----- 
> *From:* Colton Conor [colton.conor () gmail com] 
> *Received:* Dienstag, 11 Aug. 2015, 20:23 
> *To:* NANOG [nanog () nanog org] 
> *Subject:* Branch Location Over The Internet 
>
> We have an enterprise that has a headquarter office with redundant fiber 
> connections, its own ASN, its own /22 IP block from ARIN, and a couple of 
> gigabit internet connections from multiple providers. The office is taking 
> full BGP routes from tier 1 providers using a Juniper MX80. 
>
> They are establishing their first branch location, and need the branch 
> location to be able to securely communicate back to headquarters, AND be 
> able to use a /24 of headquarters public IP addresses. Ideally the device 
> at the HQ location would hand out public IP address using DHCP to the other 
> side of the tunnel at the branch location. 
>
> We know that in an ideal world it would be wise to get layer 2 transport 
> connections from HQ to the branch location, but lets assume that is not an 
> option. Please don't flood this thread about how it could be an option 
> because it's not at this time. This setup will be temporary and in service 
> for the next year until we get fiber to the branch site. 
>
> Let's assume at the branch location we can get a DOCSIS cable internet 
> connection from a incumbent cable provider such as Comcast, and that 
> provider will give us a couple static IP address. Assume as a backup, we 
> have a PPPoE DSL connection from the ILEC such as Verizon who gives us a 
> dynamic IP address. 
>
> What solution could we put at the HQ site and the branch site to achieve 
> this? Ideally we would want the solution to load balance between the 
> connections based on the connections speeds, and failover if one is down. 
> The cable connection will be much faster speed (probably 150Mbps down and 
> 10 Upload) compared to the DSL connection (10 download and 1 upload). If we 
> need more speed we can upgrade the cable modem to a higher package, but for 
> DSL that is the max speed so we might have to get multiple DSL lines. The 
> cable solution could always be used as the primary, and the DSL connection 
> could only be used as backup if that makes things easier. 
>
> If you were to do this with Juniper or Cisco gear what would you have at 
> each location? What technology would you use? 
>
> I know there is Pepewave and a couple of other software solutions that seem 
> to have a proprietary load balancing solutions developed, but I would 
> prefer to use a common Cisco or Juniper solution if one exists. 
>
> There will be 50 users at the branch office. There is only one branch 
> location at this time, but they might expand to a couple more but under 10.