Hi again,

Thanks for your reply.

I have only Cisco equipment

Office1-Cisco 7206,3800, Catalyst 6500, Cisco Firewalls(which support only OSPF and RIP)

Office2- Cisco Firewall,Catalyst 3750 switches, and some Layer 2 switches.

Regional offices - Hub-Spoke. 15 small Cisco 871 to one Cisco 3800.

For OSPF i am a little bit worry about:

1.Maybe OSPF can load Catalyst 3750 with extencive calculations of routes

2.I have a very thin links 256kb to branches.So maybe OSPF can load these links,even the stub are configured.(I haven't been test it.)

3.EIGRP...I need a suggestion

4.Maybe i am wrong.

No chance for this topic? :)

You mentioned you only have Cisco equipment so I believe you should go with EIGRP.

I am rather new to these forums - but I think that an important factor is what YOU can support. It sounds like your network is not too large (under 100 sites) so I think processor power should not be an issue on your routers should you choose OSPF. If you pick OSPF, you need to be aware of its hierarchical requirements - Area 0 needs to be planned for tomorrow, not just today. In smaller networks, EIGRP is quite fine ... heck, I personally think in larger networks it is fine as well - but you need to plan it then as much as you do for OSPF.

Unless you have a high number of networks and network changes at each site, 256K should be fine for either protocol ... with EIGRP you have the option of restricting how much BW on the link it can take up for routing updates, but you may not need it and I would not tweak such a parameter unless I felt I had to. Each will send small updates once they are up and stable, each will support stub areas, each will support summarization.

I am not sure if this helps or not, but untilmately the choice in my mind lies on what you can support in large part.

Thanks,

Jason

Ok i agree with you EIGRP is alternate for OSPF. It is faster and Cisco proprietary. But what about Cisco Firewalls? They support only OSPF and Rip....

Sounds like you are going to have to use OSPF if you are going to include the pix in your routing.

Unless you have a very large number of routes I would just keep it simple. OSPF only floods the table out every 30 minutes and most the time this is spread out since all the LSA do not expire at the same time.

If are still using too much bandwidth a couple of things to do.

Make all the sites stub area's and send only the default route to the remote sites. The remote sites will only be sending their own routes. The limitation on this is you cannot have static routes (ie only network statements) at the remote site. If you cannot do this you can use a NSSA totally stub area and you can now redistribute static routes. There is a little more data send in a nssa area than a stub area.

There is also a command ip ospf flood-reduction. This command will cause the router to not send lsa unless a network change has occurred. I do not know if the pix has this option or how exactly you would apply it in a vpn configuration since this is a interface commnad.

I would just start and define normal ospf areas and see how it works.

"Sounds like you are going to have to use OSPF if you are going to include the pix in your routing."

But how can i avoid the OSPF on firewalls, but still has the routing to everywhere from pix? p.s. After enabling OSPF on ASA5510, the cpu usage became 35%. Before it was only 1%.

If you do not have that many routes you can look at static routing but if you want Dynamic like you said it is RIP or OSPF.