Link to home
Start Free TrialLog in
Avatar of Steve Jennings
Steve Jennings

asked on

Load balancing inbound IPSec GRE tunnels

I have 1200 sites (site to site, no client VPN software) that I want to connect using DMVPNs, hub and spoke style. I am trying to figure out how to get head-end redundancy and reliability. I'm thinking that I could load balance the inbound tunnel connections and I cant think of a reason why not. I'd use pre-shared keys and load balance using Catalyst 6500 with server load balancing, and farm out the IPSec/GRE tunnels based on data volume or number of connected tunnels.

Thanks,
SteveJ

I haven't done anything like this on this scale and need some help.
Avatar of arnold
arnold
Flag of United States of America image
Do you need spoke to spoke communication?
Do you have tiered locations with better connectivity than others?

i.e. site's a, b, c have very high availalbe bandwith T1,DS3
sub-sites d, e, f have partial T's or Frame
the rest have have DSL

An alterntive to hub and spoke might be a mesh which would also provide for convergence in the event a particular network path is not available.

sitea, siteb, sitec will be connected by DMVPN amongst themselves.
Each would have a bunch of spokes and each spoke will have a VPN connection to two or three other spokes of equal bandwidth

using routing protocol i.e. ospf or BGP you can route the inter-spoke and all the way up to any node.

The only thing is that all sites have to have unique LAN segments or you would need to compensate for that using IP transforms/translation.
Avatar of Steve Jennings
Steve Jennings

ASKER

Actually, I don't want spoke to spoke communication, and, yes, there are variations from site to site regarding bandwidth. To be honest, a peer suggested DMVPN because she'd read something about it but has no direct experience. I will need to do some multicast so that's why I am looking at DMVPN further. The real issue to me is head-end redundancy which I hope to be able to provide with load balancing and IPSec stateful failover.

So . . . load balancing at the head end? You think this can be done?

Thanks for the response Arnold

Steve
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Steve Jennings
Steve Jennings

ASKER

Thanks for responding . . .