Thanks for replies,
All sites have their own public static IP address
It would be interesting that traffic wouldn't pass through "A" site when "B" is talking with "C" (assuming "A" is the main company site)
So, for 15 sites, should I build 14 tunnels each ?? , manually ? statically ?
it is very good to know if you have all static IP address for all sites.
It would make the implementation easier.
>It would be interesting that traffic wouldn't pass through "A" site when "B" is talking with "C" >(assuming "A" is the main >company site)
>So, for 15 sites, should I build 14 tunnels each ?? , manually ? statically ?
What you are referring to is a "full mesh network", and in this case, you want a site to site full mesh VPN connection.
Mesh network is defined here:
As you mentioned above, we can do n-1 tunnel for n number of sites, and n*(n-1) number of total tunnels to be created. So for 15 sites, we need to create 15*14=210 tunnels.
And since MK L2TP is actually point to point, yes, we have to create each tunnel manually and statically, while this is possible, it might not be practical nor easy to manage.
For Mikrotik L2TP interface, while this is not a Full mesh VPN, this does not mean that we can't create a flat dynamically connected Layer 2 site to site VPN, in this case, for each site, it would be just one tunnel to connect to a HUB site.
1. we can designate a HUB site, perhaps it is the main site with big enough bandwidth to have all sites connected to this site, and then we create a single tunnel for each site to the HUB site, a spoke-hub topology
2. Since it is a Layer 2 (L2TP) implementation, it would be transparent for all sites on the IP Layer 3, however, on the physical connection, all the traffic will still have to go through the HUB (e.g. site A), just as what you have commented above, for example for site B to talk to site C, it still have to go via site A (HUB site).
3. On the routing issue, we can use OSPF for each site to dynamically update their routing tables as new sites become available, static routes will not be easy to manage.
Both these info below are applicable if we can follow the instruction closely:
http://wiki.mikrotik.com/wiki/Manual:BC ... _bridging)
Basically we can use L2TP interface with BCP bridging.