10-02-2013 07:37 AM
Hi all,
Is it a recommended approach to use different multicast addresses if using one key server to manage several GET VPN groups? It isn't a hosted service provider environment but just for a single customer with a need for logical separation.
I figure it would be a good idea to do that but I'm not very familiar with multicast on a whole so I'd appreciate anyone sharing similar experiences or any potential pitfalls with this config. Is there anything I need to watch out for?
Xavier
Solved! Go to Solution.
10-02-2013 09:20 AM
Xavier,
since we can separate information on GDOI group level you shoudl not need to use mutliple addresses.
However consider a scenario in which a GM is part of group 1 but not group 2. It will recive rekey for both, but will not be able to understand group2 rekey, once an hour you will see log messages indicating a problem.
It makes sense to separate mcast addresses especially if this deployment might grow/fork/expand in future.
M.
10-02-2013 09:20 AM
Xavier,
since we can separate information on GDOI group level you shoudl not need to use mutliple addresses.
However consider a scenario in which a GM is part of group 1 but not group 2. It will recive rekey for both, but will not be able to understand group2 rekey, once an hour you will see log messages indicating a problem.
It makes sense to separate mcast addresses especially if this deployment might grow/fork/expand in future.
M.
10-04-2013 07:30 AM
Thanks Marcin, decided to go with the second multicast group after all. Just finished labbing it up so I should be good.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide