Bridging Private Sites over Public Infrastructure

[elpiegrandes]

Hi All,

I have a requirement to remote bridge between two private sites over an IP WAN link. I have the restrictions below:

1. The hub site and remote site must operate on the same subnet.
2. Hub and remote are private networks seperated by multiple hop public infrastructure.
3. Remote site hosts will use DHCP and be able to make requests to the DHCP server from the hub site.

As below:

(Hub 10.0.0.0/24)---->(Public IP Internet cloud)<----(Remote 10.0.0.0/24)

I understand this solution is completely inefficient and routing would be a much better way to go however these are the restrictions that I am dealing with.

Initially I thought using a GRE tunnel between hub and remote was the way to go but the more research I do the less I am convinced that I can bridge over GRE using Cisco.

Any thoughts?

Many thanks
El.Piegrandes

 

[eurobadger]

Hi


Are you going to use existing hardware or are you buying something?

I have a client who bridges between sites using Frame Realay between two 1750s.

They use a BVI (Bridging Virtual Interface) between the two routers for the connectivity. Because this is bridged & not routed your DHCP requests should go over the link as the bridge will pass broadcasts.

EB

 

[elpiegrandes]

Hi

Well I'm using a 2651 and a 2811 for proof of concept so yes, using existing hardware.

I haven't had much experience with frame relay - will this allow me to encapsulate the bridged traffic to enable traversing a public network?

In the meantime I have made progress with my attempt at bridging GRE but am still not quite there. I have established a GRE tunnel between the two BVI interfaces of the two routers. The routers can ping each other's BVI interface but I'm not sure the bridging is configured correctly. The configs are below.

I want to bridge 192.168.63.0 from the Hub site to the Remote site. However I have not mentioned a 192.168.63.x address anywhere on the remote Router.

I have configured the Remote router Ethernet interfaces to bridge onto the GRE tunnel ... does this mean I should be able to put a 192.168.63.x host on one of these interfaces and expect it to be bridged?

Hub Router
bridge irb
!
interface Tunnel0
ip address 1.1.1.2 255.255.255.0
tunnel source BVI1
tunnel destination 10.0.1.245
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
no cdp enable
bridge-group 1
!
interface BVI1
ip address 192.168.63.245 255.255.255.0
!
bridge 1 protocol ieee
bridge 1 route ip
!


Remote Router
bridge irb
!
interface Tunnel0
ip address 1.1.1.1 255.255.255.0
tunnel source BVI1
tunnel destination 192.168.63.245
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
bridge-group 1
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
bridge-group 1
!
interface BVI1
ip address 10.0.1.245 255.255.255.0
!
ip default-gateway 10.0.1.100
!
bridge 1 protocol ieee
bridge 1 route ip

 

[bduross]

Hi All,

I have a similar (and equally illogical) requirement. Did you ever get the GRE solution to work?

Thanks!

 

[jneiberger]

I'm not overly familiar with it, but have you looked into using L2TP for this instead of GRE?

 

[elpiegrandes]

Hi Guys,

No i didn't quite manage to get this working in the end. I've read that it is possible but I believe that Cisco does not support it - their recommended solution for this situation is L2TPv3 (for which you will require 12.3(2)T and above, depending on the Cisco model).

Here's an interesting thread discussing the two ...

http://www.velocityreviews.com/forums/t32485-l2tpv3-vs-gre-for-layer-2-bridging.html

Good luck!