Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NHRP via FRR for dynamic full mesh inter-data center topology

    IPsec
    dmvpn mesh ipsec ospf frr
    1
    2
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rtw915
      last edited by rtw915

      I have 5 data centers, 3 in the US and 2 in the EU. Due to application and disaster recovery requirements a hub and spoke topology for connecting these sites causes issues. I am using site-to-site VTI IPSEC tunnels with OSPF and it is a hodgepodge of mesh and hub and spoke and it is already cumbersome to manage. We are going to add 2 new data centers this year and the current configuration does not scale well.

      https://docs.frrouting.org/en/latest/nhrpd.html#

      I have read that FRR supports NHRP which allows the spoke (Next Hop Client (NHC)) to register its address with the hub (Next Hop Server (NHS)), so that NHC can communicate directly with another NHC. Apparently, this happens with tight integration with strongSwan to dynamically create the full mesh topology from the manually created hub and spoke config. pfSense definitely has FRR, as I already use it for OSPF and I believe pfSense also uses strongSwan. How would you go about configuring this on pfSense?

      1 Reply Last reply Reply Quote 0
      • R
        rtw915
        last edited by

        Well according to this documentation NHRP via FRR is not available for FreeBSD. 😞

        http://docs.frrouting.org/en/latest/overview.html#feature-matrix

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.