No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-Does Mid-Low End Router Of Huawei Support IPSEC+OSPF

Publication Date:  2012-07-27 Views:  37 Downloads:  0
Issue Description
Does the mid-low end router of Huawei support IPSEC+OSPF?
Alarm Information
No
Handling Process
No
Root Cause
By configuring the peer, OSPF could transmit packet over the port configured with IPSEC. However, when receiving the packet, the routing protocol has to determine the port to receive it according to the source address. The source address of the packet received via the port configured with IPSEC is the remote IP (incapable of direct connecting), so source address cannot help determine the corresponding port, and it fails then. 
According to the protocol, OSPF determines the route via exchanging the status of links of routers in nature. The channel configured with IPSEC cannot form a link to the remote (logic), so it cannot run OSPF. 
The following two points explain why IPSEC+OSPF cannot be supported: 
1.Unlike GRE, IPSEC does not have the similar Tunnel port, but it would use the same physical interface to run public and private network routes, resulting in mixture of both public network routes and private network routes; 
2. Dynamic routing protocol (not including BGP) requires that its neighbour must be direct-connected with single hop, and the direct connection could be either physical or logic (such as Tunnel of GRE).
Suggestions
Huawei's mid-low end routers don't support IPSEC+OSPF. If it needs to run dynamic route by IPSEC, it is suggested to run OSPF via GRE+IPSEC. 

END