Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1049
Views
5
Helpful
4
Replies

Route to 2nd Internet Location in another Office? Tell Internal L3 Switch that there is a new Route to Internet?

Go to solution
stownsend
Level 2
Level 2

‎10-31-2017 02:42 PM - edited ‎03-05-2019 09:24 AM

We are looking to build in some redundancy in our network.

We currently have Inter-Office Links and all of the Offices access the Internet from HQ. 

If HQ is destroyed to the ISPs are offline, we wanted to be able to route traffic to the 2nd ISP in another office. Though the Gear that Tells where the Internet is online is the Firewall. If the Firewall Survives but the HQ ISP does not, the HQ Firewall knows that the internet link is down, though the L3 switch routing to that firewall does not know that the ISP is down as the firewall is its default gateway.   

 

How can the Upstream L3 Switch/Router get notified from the HQ firewall that we need to switch to another Internal Firewall to use the 2nd ISP from another office?

 

Does that make sense? 

HQ Firewall - ASA 5525X

L3 Switches - SG500 and SG300

 

If we need to replace equipment, we understand. 

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to stownsend

‎11-02-2017 02:08 PM

Static routing is a good choice when there are not many alternatives to choose between about how to get to a destination and when you expect the network to be very stable. That may have been a good description of what your network has been like. But now you are adding additional paths that might be chosen and you want to react when the primary ISP becomes not available. These requirements are better satisfied by a dynamic routing protocol.

 

Many of us tend to think of EIGRP and OSPF as better routing protocols than RIP, especially because they scale to large sizes better and converge more quickly than RIP. But for a network that is small and not complex, like your is, I believe that RIP is a very satisfactory choice of protocol (and especially appropriate since there are devices in your network that support RIP but not EIGRP or OSPF). So go for RIP.

 

HTH

 

Rick  

HTH

Rick

View solution in original post

4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎10-31-2017 03:15 PM

We do not know much about your environment and that makes it difficult to give good advice. If you are using static routing between the firewall and the L3 switch it would be challenging and perhaps some type of SLA on the switch could test for connectivity to the ISP and change the default route if the ISP becomes unreachable. The better solution would be to have a dynamic routing protocol running so that the firewall can advertise the default route when the ISP is available and withdraw that default route if the ISP becomes unavailable. This would presume that the other office participates in the routing protocol and advertises its default route but with a worse metric so that it would only be used if the primary ISP is not working.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
stownsend
Level 2
Level 2
In response to Richard Burts

‎10-31-2017 03:43 PM

Currently it is all Static Routing.  Talk about dusting off some brain cells. (-;  Of Course. RIP, EIGRP, etc. 

 

Looks like the ASA supports both RIPv2 and EIGRP. The SG300/SG500 seem to only support RIPv2.

We currently have the SGX00 units routing about 6 VLANs across three Directly Connected sites. The Firewall connects up another 8 Home Offices. 

 

I would Assume that RIP would be enough to do this? I would rather not have to update the Core SGX00 Switches to routers or the Catalyst series. 

 

Thanks!

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to stownsend

‎11-02-2017 02:08 PM

Static routing is a good choice when there are not many alternatives to choose between about how to get to a destination and when you expect the network to be very stable. That may have been a good description of what your network has been like. But now you are adding additional paths that might be chosen and you want to react when the primary ISP becomes not available. These requirements are better satisfied by a dynamic routing protocol.

 

Many of us tend to think of EIGRP and OSPF as better routing protocols than RIP, especially because they scale to large sizes better and converge more quickly than RIP. But for a network that is small and not complex, like your is, I believe that RIP is a very satisfactory choice of protocol (and especially appropriate since there are devices in your network that support RIP but not EIGRP or OSPF). So go for RIP.

 

HTH

 

Rick  

HTH

Rick

Go to solution
stownsend
Level 2
Level 2
In response to Richard Burts

‎11-03-2017 11:45 AM

We used EIGRP back in '95 when we had 5 Schools and 4 remote offices all connected with ISDN and T1s.  Its been so long since we have needed any Dynamic routing that I totally spaced its use. 

 

I appreciate the Feedback!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card