01-14-2005 07:35 AM - edited 03-02-2019 09:04 PM
Where I work, we currently have 4 remote offices (small, each with about 10 - 20 users), and one central HQ (about 200 users). I am debating whether or not to use a routing protocol, such as EIGRP for the WAN (point-to-point T1's), or just use static routes because there would only be about 2 entries.
Each remote site has a seperate Internet connection, that is used for IPSec GRE tunnel backup when/if the T1 goes down.
What is it that anyone would recommend?
01-14-2005 07:52 AM
Static routes will work just fine, with a floating static for your VPN backup. But be careful with your VPN, you may find that if two remotes are both on VPN, they can't talk to each other. That is guaranteed to be the case if the GRE tunnels end on a PIX rather than a router.
Also watch out for MTU problems. Your T1 will support 1500 byte data packets while your VPN backup may be limited to 1440 or so... This could cause MTU failures when you fail over from T1 to VPN with an established connection already up with a negotiated 1500 byte MTU.
FWIW: As you describe your situation, there is no real advantage to running a dynamic protocol. There is also no real advantage to using static routes, so feel free to do whatever floats your boat.
Good luck and have fun!
Vincent C Jones
01-14-2005 08:02 AM
A dynamic routing protocol is especially appropriate when there is potentially more than one way to get to destinations. A dyamic routing protocol allows you to choose the optimum path to the destination, and most important, the dynamic routing protocol allows you to adjust to changes in the network automatically.
Static routes are especially appropriate when there is a single way to get to destinations and there are no choices to be evaluated.
When you stated that your network is essentially hub and spoke with a T1 from the HQ to each remote, I was thinking that static routes would be the choice. When you added that the remotes have another Internet connection and should do IPSec with GRE over the Internet for connectivity to HQ as a backup, then you have added an alternative and a choice needs to be made. I believe that in this circumstance I would prefer to run a dynamic protocol such as EIGRP.
You probably could get it to work ok with a static route pointed at the serial interface and a floating static pointed to the internet. If the serial interface went down the primary static would be withdrawn and the floating static would be inserted into the routing table. But if it were me I would do this with EIGRP. I believe that EIGRP might react to some problems that the static route pointing to the serial interface might not catch.
HTH
Rick
01-14-2005 12:03 PM
Thank you for your replies! I was leaning more towards the EIGRP way, but just wanted some feedback and others' personal experience with those situations.
Thanks again!
01-14-2005 12:08 PM
One more thing...so if I go the EIGRP route (no pun intended), on one of my remote routers, would the routing config look something like this:
router eigrp 1
network 10.150.0.0 0.0.255.255
network 192.168.0.0 0.0.255.255
no auto-summary
eigrp log-neighbor-changes
ip route 10.150.0.0 255.255.0.0 Tunnel0 10.150.2.20 250
ip route 192.168.1.0 255.255.255.0 Tunnel0 10.150.2.20 250
with the static routes using the GRE tunnel interface and the next-hop IP of the head-end router.
If not, then could you provide me with a way that you might do it?
01-15-2005 12:52 AM
If you want those static routes to be seen by the EIGRP, you will have to redstribute then specifically. They will not be picked up automatically by the network commands. Try adding something like:
redistribute static metric 10000 100 254 1 1500 subnets
Kevin Dorrell
Luxembourg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide