I Can Fix Anything With a Tunnel

"I can fix anything with a tunnel". I had a boss at a previous job tell me that one time. He proclaimed to be a "First 100 CCIE", although I never verified that. But, he did know networking. We'd be sitting in design meetings and be stuck on a design issue and he start saying, "we can fix this with a tunnel". For example, once we had a problem with a firewall and BGP and he starts saying, "Screw it, just tunnel through the Firewall and be done with it". I actually think I got that job because I answered a question during the interview by using a tunnel. Best I can remember the problem went something like:

  • There's a user and she's a real pain. She understands traceroute and wants her Internet traffic to go in and out this circuit.
  • But routing is sending her out a closer gateway and the ISP is bulk routing her traffic back to the wrong peering point.
  • How can you get around this?

Totally irrelevant but an interesting problem (like something you'd get on a CCIE Lab). I whiteboarded and asked questions and finally said, "Well, you could just put a tunnel in and route her traffic through that". I don't think that was what he was looking for, but I think he loved the answer since he loved tunnels. I got the job offer later that day. Then, during that job, I fixed an Internet DNS problem between two hosting sites with a GRE tunnel between the two sites. Now, I was impressed. You can fix anything with a tunnel. Using this idea, I actually suggested tunnels as a fix for a campus design issue we were dealing with a couple years ago. Access Switches connected to a Core Router that also serves as an OSPF ABR must be done with a triangle design to avoid black holes caused by address summarization.

If you don't so this and do a box design you could black hole traffic.
With this design, and OSPF summarization, traffic can be blackholed if an uplink goes down. Yes, you can not put the links between the core routers in Area 0, but then your ABRs won't have direct links between each other. All good campus design issues to work through. The problem is links are expensive, especially with 10GIG ports. Our team worked through this while defining our templates a couple years back and I thought about my old boss - "I can fix anything with a tunnel". So I proposed some tunnels:
The trick is making sure which interfaces the tunnels are sourced and destined to. But it can be done. Elegant and cheap.....but no one liked it. So we did the standard box design and chewed up 10GIG ports. My idea would've worked though. ;-) I wrote this blog because I read Mark Lewis' blog on L2TPv3 Ethernet Pseudowires. How cool is that? I can think of ways to use that today in our network. Just another way to fix problems with a tunnel.

More >From the Field blog entries:

A Day in the Life....

No Love For Central Office Techs

How to Establish an Architecture Revision Process

Do You Have an Architecture Review Board?

NX-OS's Best Feature: Virtual Device Contexts (VDCs)

Come Visit Me at FutureNet

Tips on spending your time well at Cisco Networkers, plus: bring back the CCIE party!!

* NX-OS - Some Software For all that New Nexus 7000 Hardware

* A CCIE job that only offers $150K - ummm...maybe...well...no.....

* The DC3....err....Nexus 7000 brings some exciting hardware to the DC LAN

Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.

Recent Cisconet blog entries

20 useful sites for Cisco networking professionals

Network World's IT Buyer's Guide: Cisco products

Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.