Hello to everyone,
I was wondering what is the best practice to setup IPSEC with BGP
What I want to achieve is (based on the below diagram):
1) All routers reach the internet
2) All routers reach each other and their advertised networks
3) Each time that a new network is advertised the IPSEC policies on every router should be updated.
My approach is to write a script that runs every 10 secs and checks the active bgp routes and create policies and remove the stale .
WDYT?
Thanks in advance