I also have pretty much the exact same setup and it works very well for me On Tue, Jul 26, 2011 at 1:14 PM, Owen DeLong <o...@delong.com> wrote:
> I needed fast reliable internet access at home, so, I have Comcast Business > Class for fast and Raw Bandwidth DSL for reliable. I have my own ARIN > direct assignments for my internal networks and I have routers in a couple > of colo's where I get my true upstream connectivity. > > I run a Juniper router here at home and in one of the colo's. In the other > colo, I use the datacenter's router to terminate the tunnels. I use GRE > tunnels to both cool's across both Comcast and Raw Bandwidth and run > BGP to my house (small router) feeding default to the house and getting > the local prefixes (192.159.10.0/24, 192.124.40.0/23, 2620:0:930::/48) > advertised upstream to the colo routers. > > The colo routers are full-feed BGP speakers. > > My Comcast gateway is running in straight L2 bridge mode, so, there is > no issue there. When Comcast changes my IP address, things get very > slow until I can reconfigure the tunnel end-points. Raw Bandwidth provides > me with a static address. > > I'm not doing any NAT and the GRE tunnels carry all of my actual traffic. > The Comcast and Raw Bandwidth internet feeds are used only to provide > L2 transport for the GRE tunnels. > > This allows me to do convenient cost-effective multihoming without NAT > at home using commodity internet access. > > Owen > > On Jul 26, 2011, at 8:38 AM, PC wrote: > > > I have GRE tunnels and l2tp tunnels over those comcast boxes. l2tp is > less > > hassle because it handles NAT, but you can do GRE instead -- just make > sure > > you assign yourself a public static IP. > > > > First, go into the gateway and make sure all firewalls are disabled (it > has > > a web GUI). > > > > Second, if it's the comcast SMC 4 port "gateway" thing I think it is, the > > device is somewhat retarded. You plug into the switch and pull DHCP, and > > you get a natted address and it routes. > > > > You can plug into the same switch and set a static IP on your device > > (internet public IP), and it will work without NAT, assuming your account > > has a static IP. > > > > Set said static IP on your microtik box and it should pass end-to-end > > without drops. > > > > On Tue, Jul 26, 2011 at 9:07 AM, Nate Burke <n...@blastcomm.com> wrote: > > > >> Hello, I'm hoping that someone here might have run into a similar issue > and > >> might be able to offer me some pointers. > >> > >> I have a customer that I am providing redundant paths to, one link over > a > >> microwave connection, and a backup link over a Comcast Business Class > >> Connection. Everything on the Microwave link is working fine. On the > >> Comcast Connection, I have a Static IP from Comcast, and I want to setup > a > >> vendor specific GRE tunnel (Mikrotik EoIP) from my NOC to the Comcast > Static > >> IP Address. It looks like the SPI Firewall inside the SMC Gateway > required > >> by comcast is blocking the GRE packets, I'm basing this on the fact that > >> when I power cycle the modem, I get 1 ICMP Packet through the GRE Tunnel > >> while the modem is booting up, then it stops again. I have gotten to > Tier2 > >> support who swears that all Firewalls on the SMC Gateway are disabled. > >> > >> As a workaround, I was able to establish a PPTP tunnel to my NOC, > however > >> it seems like the tunnel will only run for a few hours, then becomes > slow to > >> the point of being unusable. In my mind this would be no different than > >> setting up a permanent VPN back to a corporate office, which I would > think > >> happens all the time, so I'm not sure why I'm running into issues with > it. > >> > >> Anyone with Insights or comments would be appreciated. > >> > >> Thanks, > >> Nate Burke > >> > >> > > >
