Solutions

Example of an Xpress configuration for a meshed topology while Internet access is provided by the core

Solutions ID:    KB3271
Version:    3.0
Status:    Published
Published date:    08/13/2009
Updated:    11/08/2013
 

Problem Description

The existing PacketShaper documentation explains how to configure Xpress where the Internet is reached via a single core location in a hub-and-spoke topology. It assumes a point-to-point topology with each remote PacketShaper having a single static tunnel to the core.  

Resolution

This configuration example assumes a meshed topology with the Internet reached via the core PacketShaper. A mesh of dynamic tunnels is also allowed to form between remote sites. Traffic between remote sites uses dynamic tunnels. Traffic from a remote site to the Internet traverses a static tunnel to the core PacketShaper. In this example, it is assumed that the 10 net is being used for the internal intranet and since this is private address space, it would not exist on the Internet. See attached diagram.

Each remote site has a static tunnel defined to the core (San Jose). Associated with this static tunnel are two tunnel remote entries:

  • The first defining the address range of 0.0.0.0-9.255.255.255.
  • The second defining the address range of  11.0.0.0-255.255.255.255. 

The 10 net is excluded. Any traffic between remote sites would be destined to a 10 net address and force the creation of a dynamic tunnel between remote sites. Any traffic from a remote location to a public address on the Internet or to the 10.0.1.0/24 subnet in San Jose, would use the static tunnel to the San Jose PacketShaper. For simplicity, each site has a local address range comprising one class c subnet on the 10 net.

At the remote sites, since tunnel local discovery is not disabled, the static tunnel local entry step could be skipped. It is included in this example to make it obvious which addresses are local to each remote site. At the core location (San Jose), tunnel local discovery must be disabled to prevent the core PacketShapers tables from being overwhelmed by potentially huge numbers of Internet hosts.

San Jose  PacketShaper:   

tun ip conf main 10.0.1.3 255.255.255.0 10.0.1.254

tun disc on  (default setting)

tun loc add main 10.0.1.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun com on

 

San Jose forms dynamic tunnels to all remote sites and exchanges its tunnel local subnet with all the  remote partners. These dynamic tunnels are automatically formed as a response to the static tunnels set up from each remote site.

 

Los Angeles PacketShaper:

tun ip conf main 10.0.2.3 255.255.255.0 10.0.2.254

tun disc on  (default setting)

tun loc add main 10.0.2.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun new main 10.0.1.3 SanJose

tun rem add SanJose 0.0.0.0-9.255.255.255

tun rem add SanJose 11.0.0.0-255.255.255.255

tun com on

 

Seattle PacketShaper:

tun ip conf main 10.0.3.3 255.255.255.0 10.0.3.254

tun disc on  (default setting)

tun loc add main 10.0.3.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun new main 10.0.1.3 SanJose

tun rem add SanJose 0.0.0.0-9.255.255.255

tun rem add SanJose 11.0.0.0-255.255.255.255

tun com on

 

 Denver PacketShaper:

tun ip conf main 10.0.4.3 255.255.255.0 10.0.4.254

tun disc on  (default setting)

tun loc add main 10.0.4.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun new main 10.0.1.3 SanJose

tun rem add SanJose 0.0.0.0-9.255.255.255

tun rem add SanJose 11.0.0.0-255.255.255.255

tun com on

 

Attachment


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question