1 remote subnet, 1 local subnet, 2 dsl lines, 2 877 routers, pos

Damien Silman · ‎11-14-2013

Hi all,

Generally when we set up a remote site, if we've got a certain number of devices we'll get two lines put in, one for voice, one for data, and run two seperate tunnels connecting 2 different subnets.

I've got a site coming up, where we've got two lines ordered, but the amount of voice devices compared to data does not really warrant a whole line to itself.

Is it possible to have something set up like the horrible below text drawn diagram:

Remote office

172.20.0.0/16

|

\/

Internet

|

---------VPN---------

| |

\/ \/

PubIP1 PubIP2

877_1 877_2

| |

-------------------

|

\/

172.30.99.0/24

(most likely a 3560 switch)

With the connection set up like this, we'd be looking to ideally utilise both lines for data and voice, I can imagine a headache with router over two VPNs with the same subnet destination/source.

Any thoughts/suggestions or am I just insane? I keep trying to think how I could make VRRP tie in to make this work.

Thanks!

Lei Tian · ‎11-14-2013

Hi,

Assume you want the 2x877 be active/stanby, that is supported. On the LAN side, your L2/L3 and subinterface (if you have multiple VLAN) are on 877. You can config the FHRP (HSRP, VRRP) on 877. On the internet side, both 877 will have same vpn tunnel back to remote office, but only one is active.

If you want both 877 be active, then you might need PBR to send the traffic based on the traffic type. On the LAN side, your L2/L3 is on 3560. PBR on the 3560 decides either send to 877_1 or 877_2 based on traffic type. On the internet side, different vpn tunnel back to remote office, both are active. On the remote office, PBR is configured to route traffic based on traffic type.

HTH,

Lei Tian

Damien Silman · ‎11-14-2013

Hi Lei,

Thanks for your suggestions; I'll more than likely use them in an active/standby fashion (it would be the most elegant way to do it).

In an ideal world it would use both lines for all traffic, but given the kit involved I can't do that.

I have two subnets of traffic; 172.30.99.0/24 and 10.30.99.0/24.

I'm assuming I could run one router as active for 172 and passive for 10 whilst the other router would be passive for 172 and active for 10? Obviously the relevant router would pick up the additional traffic if it's partner router dropped.

Lei Tian · ‎11-14-2013

Hi,

Yes, you can have VPN tunnel on both 877 up to utilize 2 DSL lines. You might need make the traffic symmetrical if there is any stateful device in between.

HTH,

Lei Tian

Joseph W. Doherty · ‎11-14-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Sure you can do that. If you're mixing VoIP and data, shaping for DSL bandwidths, and prioritizing VoIP, very much recommended.

If you want to maximize your performance and/or take full advantage of all the bandwidth you're paying for, you might equal cost route across both VPNs. If one side is L2, you might use GLBP.

Damien Silman · ‎11-14-2013

Hi Lei and Joseph,

Thanks for your feedback, so I would be able to utilise both DSL lines for all traffic?

Not quite sure where to start on achieving that though...

1 remote subnet, 1 local subnet, 2 dsl lines, 2 877 routers, possible?