Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
0
Helpful
3
Replies

EIGRP to Replace RIP V2

dbrill001
Level 1
Level 1

‎11-02-2016 11:15 AM - edited ‎03-08-2019 08:01 AM

We have 3 buildings (2103, 2080, and SMS) and two buildings connected with a Fiber Connection. The two buildings connected with fiber are 2103 and 2080. 2103 and SMS are connected currently through a Metro 10 Mb/s connection.

We use RIP V2 for routing between subnets. We have 7 subnets in 2013, 5 subnets in 2080, and 1 subnet in SMS.

We have recently added a second ISP because of costs and contracts we have 2. North State ISP is connected to 2103 and We have Level 3 connected to 2080.

We have enabled EIGRP but not sure it is working and not sure if it is configured correctly. We have read you need 3 routers to make this work. Here are my questions:

1. Can we have a true fail over?

2. How does a chat application work in our call center for instance. The Firewall knows about the connection coming in one connection but it leaves the other connection it will be broken?

3. Will we ever drop RIP?

I am in the process of moving services over to the Level 3 ISP which mean changing IPs. 

Labels:
0 Helpful
3 Replies 3

chrihussey
VIP Alumni
VIP Alumni

‎11-02-2016 12:17 PM

There is much to consider here but for starters if the switches at all three sites are L3 switches and running EIGRP properly you should see neighbor relationships and the routes to networks should be EIGRP routes and not RIPv2 routes.

As for your questions:

1- True ISP fail over is possible, there are many ways to accomplish this, but it can get involved. This would be a discussion in and of itself.

2- If the firewalls are stand alone entities, asymmetrical routing will break the connection.

3- If you are running RIPv2 with the SonicWalls, then you're probably stuck with RIPv2 or you may want to consider OSPF (provided the FWs do OSPF) instead of EIGRP, since EIGRP is Cisco specific. If you are just running EIGRP between the three sites then you can probably get rid of the RIP. If you want verify the EIGRP routing, we could look at that.

0 Helpful

dbrill001
Level 1
Level 1
In response to chrihussey

‎11-07-2016 05:40 AM

Ok, I am still learning I can try this. I do not understand how this works. Let's say a chat packet comes in the North State connection but EIGRP decides the packet is best to go out Level 3 connection how does the firewall map the session back to the client and server?

0 Helpful

chrihussey
VIP Alumni
VIP Alumni
In response to dbrill001

‎11-07-2016 06:29 AM

In the scenario you propose, you are saying packets from the Internet would come in through one provider and firewall and the return path would be out the other firewall and provider.

The purpose of a firewall is to protect the inside network from the Internet. If it sees only 1/2 of a data exchange (only one direction), it should not allow for the connection and drop the packets. It may allow something from the inside to the Internet, but any firewall worth it's salt wouldn't allow a connection inbound (from the Internet) without the associated part of the exchange in the other direction.

Much also depends on the rule set in the firewall of course and unless the firewalls are working in an active/active state and are synching their connections with each other for stateful failover (which I assume is not the case), as a general networking rule you want to avoid asymmetrical routing in the manner you describe. It just doesn't work.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card