Example of an Xpress configuration for a meshed topology while Internet access is provided by the core

Solution

Overview

The existing PacketShaper documentation explains how to configure Xpress where the Internet is reached via a single core location in a hub-and-spoke topology. It assumes a point-to-point topology with each remote PacketShaper having a single static tunnel to the core.  

Cause
Resolution

This configuration example assumes a meshed topology with the Internet reached via the core PacketShaper. A mesh of dynamic tunnels is also allowed to form between remote sites. Traffic between remote sites uses dynamic tunnels. Traffic from a remote site to the Internet traverses a static tunnel to the core PacketShaper. In this example, it is assumed that the 10 net is being used for the internal intranet and since this is private address space, it would not exist on the Internet. See attached diagram.

Each remote site has a static tunnel defined to the core (San Jose). Associated with this static tunnel are two tunnel remote entries:

  • The first defining the address range of 0.0.0.0-9.255.255.255.
  • The second defining the address range of  11.0.0.0-255.255.255.255. 

The 10 net is excluded. Any traffic between remote sites would be destined to a 10 net address and force the creation of a dynamic tunnel between remote sites. Any traffic from a remote location to a public address on the Internet or to the 10.0.1.0/24 subnet in San Jose, would use the static tunnel to the San Jose PacketShaper. For simplicity, each site has a local address range comprising one class c subnet on the 10 net.

At the remote sites, since tunnel local discovery is not disabled, the static tunnel local entry step could be skipped. It is included in this example to make it obvious which addresses are local to each remote site. At the core location (San Jose), tunnel local discovery must be disabled to prevent the core PacketShapers tables from being overwhelmed by potentially huge numbers of Internet hosts.

San Jose  PacketShaper:   

tun ip conf main 10.0.1.3 255.255.255.0 10.0.1.254

tun disc on  (default setting)

tun loc add main 10.0.1.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun com on

 

San Jose forms dynamic tunnels to all remote sites and exchanges its tunnel local subnet with all the  remote partners. These dynamic tunnels are automatically formed as a response to the static tunnels set up from each remote site.

 

Los Angeles PacketShaper:

tun ip conf main 10.0.2.3 255.255.255.0 10.0.2.254

tun disc on  (default setting)

tun loc add main 10.0.2.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun new main 10.0.1.3 SanJose

tun rem add SanJose 0.0.0.0-9.255.255.255

tun rem add SanJose 11.0.0.0-255.255.255.255

tun com on

 

Seattle PacketShaper:

tun ip conf main 10.0.3.3 255.255.255.0 10.0.3.254

tun disc on  (default setting)

tun loc add main 10.0.3.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun new main 10.0.1.3 SanJose

tun rem add SanJose 0.0.0.0-9.255.255.255

tun rem add SanJose 11.0.0.0-255.255.255.255

tun com on

 

 Denver PacketShaper:

tun ip conf main 10.0.4.3 255.255.255.0 10.0.4.254

tun disc on  (default setting)

tun loc add main 10.0.4.0/24

set var tnlLocalIpDiscovery  0

tun password test

tun new main 10.0.1.3 SanJose

tun rem add SanJose 0.0.0.0-9.255.255.255

tun rem add SanJose 11.0.0.0-255.255.255.255

tun com on

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB3271
Attachment Download File

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat