Network World
Friday, August 22, 2008
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Michael Morris: From the Field

Cisco Subnet
NetworkWorld.com > Community > Michael Morris: From the Field

Navigation

I Can Fix Anything With a Tunnel

Submitted by michaeljmorris on Wed, 03/26/2008 - 5:05pm.

"I can fix anything with a tunnel". I had a boss at a previous job tell me that one time. He proclaimed to be a "First 100 CCIE", although I never verified that. But, he did know networking.

We'd be sitting in design meetings and be stuck on a design issue and he start saying, "we can fix this with a tunnel". For example, once we had a problem with a firewall and BGP and he starts saying, "Screw it, just tunnel through the Firewall and be done with it".

I actually think I got that job because I answered a question during the interview by using a tunnel. Best I can remember the problem went something like:

  • There's a user and she's a real pain. She understands traceroute and wants her Internet traffic to go in and out this circuit.
  • But routing is sending her out a closer gateway and the ISP is bulk routing her traffic back to the wrong peering point.
  • How can you get around this?

Totally irrelevant but an interesting problem (like something you'd get on a CCIE Lab). I whiteboarded and asked questions and finally said, "Well, you could just put a tunnel in and route her traffic through that". I don't think that was what he was looking for, but I think he loved the answer since he loved tunnels. I got the job offer later that day.

Then, during that job, I fixed an Internet DNS problem between two hosting sites with a GRE tunnel between the two sites. Now, I was impressed. You can fix anything with a tunnel.

Using this idea, I actually suggested tunnels as a fix for a campus design issue we were dealing with a couple years ago. Access Switches connected to a Core Router that also serves as an OSPF ABR must be done with a triangle design to avoid black holes caused by address summarization.

Photobucket

If you don't so this and do a box design you could black hole traffic.

Photobucket

With this design, and OSPF summarization, traffic can be blackholed if an uplink goes down. Yes, you can not put the links between the core routers in Area 0, but then your ABRs won't have direct links between each other. All good campus design issues to work through.

The problem is links are expensive, especially with 10GIG ports. Our team worked through this while defining our templates a couple years back and I thought about my old boss - "I can fix anything with a tunnel". So I proposed some tunnels:

Photobucket

The trick is making sure which interfaces the tunnels are sourced and destined to. But it can be done. Elegant and cheap.....but no one liked it. So we did the standard box design and chewed up 10GIG ports. My idea would've worked though. ;-)

I wrote this blog because I read Mark Lewis' blog on L2TPv3 Ethernet Pseudowires. How cool is that? I can think of ways to use that today in our network. Just another way to fix problems with a tunnel.

More >From the Field blog entries:

A Day in the Life....

No Love For Central Office Techs

How to Establish an Architecture Revision Process

Do You Have an Architecture Review Board?

NX-OS's Best Feature: Virtual Device Contexts (VDCs)

Come Visit Me at FutureNet

Tips on spending your time well at Cisco Networkers, plus: bring back the CCIE party!!

* NX-OS - Some Software For all that New Nexus 7000 Hardware

* A CCIE job that only offers $150K - ummm...maybe...well...no.....

* The DC3....err....Nexus 7000 brings some exciting hardware to the DC LAN

Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.

Recent Cisconet blog entries

20 useful sites for Cisco networking professionals

Network World's IT Buyer's Guide: Cisco products

Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items

Beware of CPU Issues

Useful answer?
0
Submitted by Jon (not verified) on Mon, 03/31/2008 - 6:23pm.

I think it depends on the platform, but I recall that using GRE tunnels in some devices (namely switches) will cause significant CPU interrupts as packet are processed in software. Depending on bandwidth and what "services" you have enabled on the tunnel interface, this may be a large CPU hit.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

About Michael Morris

Michael Morris is a communications team lead and network architect at a $3 billion high-tech company. His background is in enterprise WANs working with telcos, and developing large-scale routing designs. He has worked on networks at government and corporate organizations, including networks at two Fortune 10 companies. In his current role, he leads large-scale IT networking projects and develops and maintains architectural standards for data networks, storage area networks, IP Telephony, and security. Michael is a CCIE and has 11 years experience in networking and communications, including four years as a paratrooper in the U.S. Army. He has a bachelor's degree in MIS from the University at Buffalo. Recently, he was awarded the Network Professional Association® (NPA) Professional Excellence and Innovation Award for his work on network architecture, templates and enterprise MPLS design.

Contact him.

RSS feed XML feed

From the Field archive.

Cisco Subnet / RSS feed Cisco news RSS

Advertisement: