NHRP via FRR for dynamic full mesh inter-data center topology
-
I have 5 data centers, 3 in the US and 2 in the EU. Due to application and disaster recovery requirements a hub and spoke topology for connecting these sites causes issues. I am using site-to-site VTI IPSEC tunnels with OSPF and it is a hodgepodge of mesh and hub and spoke and it is already cumbersome to manage. We are going to add 2 new data centers this year and the current configuration does not scale well.
https://docs.frrouting.org/en/latest/nhrpd.html#
I have read that FRR supports NHRP which allows the spoke (Next Hop Client (NHC)) to register its address with the hub (Next Hop Server (NHS)), so that NHC can communicate directly with another NHC. Apparently, this happens with tight integration with strongSwan to dynamically create the full mesh topology from the manually created hub and spoke config. pfSense definitely has FRR, as I already use it for OSPF and I believe pfSense also uses strongSwan. How would you go about configuring this on pfSense?
-
Well according to this documentation NHRP via FRR is not available for FreeBSD.
http://docs.frrouting.org/en/latest/overview.html#feature-matrix