VPN’s and VoIP – Getting economical “full mesh” Connectivity without MPLS!

April 7th, 2015

We see a lot of VoIP deployments that come to us for trouble shooting.  A common problem statement is that our HQ site can call both Chicago and Dallas, but Dallas and Chicago can’t call each other.  Savvy network administrator will have figured out that there is a routing issue, but how so?  Clearly HQ knows how to reach each remote site and the remote sites know how to reach HQ, so where is the break down!   At about this time, we learn they have VPN’s that provide tunnel connections to each location and we go clear!

The standard “tunnel” solutions include IP Security (IPSec), GRE, Easy VPN and the new “tunneless” Group Encrypted Transport VPN or  GET-VPN. Most folks make the mistake of picking IPSec for connectivity and being an inherently point-to-point technology, they end up with the problem statement summarized above.   Even a “hub and spoke” solution is not ideal unless we make it possible for “spoke to spoke” connectivity.   Ideally, we need to configure our VPN so Dallas can communicate with Chicago, without passing through HQ!

IPsec is really an encryption and authentication technology that enable secure communications through a public internet.  It is generally used in a multiple vendor deployments.   IPsec does not support any protocol other than IP,  so it can not be used with the routing protocols that might otherwise be used to solve our issue.   For this reason, many deployments will use GRE over IPsec.   GRE to address the routing protocol issues and the  IPsec to provide the security of authentication and encryption.  We are still however, in a point to point mode, or in heavy manual administration mode to configure a simple mesh!

The smart money is on “next hop resolution protocol or NHRP” used in strategies like FlexVPN, GETVPN or DMVPN.  These solutions provide a full mesh option while providing for encryption and data integrity.   In the problem statement above, had we installed FlexVPN, the Chicago and Dallas sites could communicate directly without having to route through HQ or hub.   We would have “spoke to spoke”  to communications!  As broadband becomes more widely accepted and bandwidth becomes less of an issue, we should see more VPN technology deployed in place or in concert with private network technologies like MPLS (GetVPN over MPLS is really kool).

Give us a call and we can noodle out what “full mesh” technology makes the most sense for your organization, both technically and economically!  We are here to help make the network!


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ask DrVoIP

ask drvoip

Network Readiness Assessment

drvoip readiness checklist

Is your network Ready?

Complimentary free download - DrVoIP VoIP Network Readiness Assessment Checklist (pdf)

Download Now ›

Training Videos

shoretel ipbx cisco cusm
shoretel ecc audio voice prompts
cisco uccx call back option
generic call queue cc admin


web stats

© Copyright DrVoIP.com 2021
Follow DrVoIP