dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



Suggested prerequisite reading
»Cisco Forum FAQ »Setting Up Private Site-To-Site Connections

Tips:

* Use private subnets whenever feasible
* If most of branches or departments within your organization already use let's say 192.168.x.x subnet, then keep using it. You may have renumber the 3rd octet to avoid overlap.
* Avoid discontiguous networks at all costs
* Assign separate subnets for infrastructure interconnections, servers, workstations, routers, switches, firewalls, IDS/IPS devices, UPS, and all other network devices
* When assigning subnets to network devices, plan network growth room for at least the next 5 years
* When there would be only two devices directly connected to each other, assign /30 or /31 subnet
* Avoid running dynamic routing protocols unless there are multiple exits with the equivalent administrative distances, connection technology, or bandwidth
* Should you decide to use OSPF, then keep in mind that you don't really need to have multiple areas unless you have a good reason to have so
* Consider resilient disaster recovery which might require layer-2 and layer-3 redundancies
* Do not "force" to have load balance over multiple links due to possible side effects of asymmetric routing

1. Hub and Spoke

Typical setup

* There is one site (probably the main or corporate office) that has direct connection to all other sites; called "Hub"
* All other sites (usually remote offices or branches) only has a single connection to the Hub; called "Spoke"
* Hub-to-Spoke communication use the direct connection
* Spoke-to-Spoke communication must go through the Hub as "intermediate hop"
* Connection to external network (i.e. the Internet) only exists at the Hub
* Communication between Spoke and external network must go through the Hub

Tips:

* Since from Spoke perspective, traffic must go through Hub to reach other sites or external network; a single static route as default gateway pointing to Hub should be sufficient to cover all communication type
* From Hub perspective, traffic must go through each dedicated connection to reach specific Spoke or external network; a single static route as default gateway pointing to the external network (i.e. the ISP) and several static routes to reach Spokes should be sufficient to cover all communication type
* No need to run dynamic routing
* To have more resilient connection, bonded circuits (i.e. bonded T1/E1 circuits) between Hub and Spokes can be considered. Other consideration is to have redundant circuits between Hub and Spokes that are served by multiple ISP
* Hub network device should be the most powerful one compared to the Spoke network device since Hub must support traffic from all Spokes and the external network where the Spoke only support traffic within itself
* Should there future need to have backup connection beyond bonded circuit, refer to the next setup

2. Full Mesh

Typical Setup

* There is probably no single main or corporate office as the Hub
* All sites have direct connection to all other sites
* All sites might have direct connection to external network (i.e. the Internet)
* Multiple path to reach the same site from one site perspective might exist

Tips:

* When there are multiple path to reach the same site, running dynamic routing protocol (i.e. OSPF or EIGRP) is highly recommended to have resilient or optimal connection
* All sites should have equivalent network device specification and circuit bandwidth to maintain predictable network behavior

3. Partially Mesh

Typical Setup

* There are probably at least two main sites (two "Hubs" that have direct connection to all other sites ("Spokes")
* All other sites (the Spokes) have one direct connection to 1st main site and another direct connection to 2nd main site
* Connection from Spoke to 1st main site is probably the preferred (primary) connection
* Connection from Spoke to 2nd main site is probably the alternate (backup) connection
* Connection between two main sites is probably using the most reliable and feasible connection, that could be in a form of single or multiple redundant connections
* Multiple path to reach other site from one site perspective exists
* Connection to external network (i.e. the Internet) might only exist at main site
* As illustration, the Spoke primary connection is in a form of Frame Relay circuit where the backup connection is in a form of ISDN (dialup) or broadband circuit; and connection between two main sites is in a form of bonded T1/E1 circuits

Tips:

* Since there are multiple path to reach the same site, running dynamic routing protocol (i.e. OSPF or EIGRP) is highly suggested to provide resilient and optimal connection

Network Topology Variations

* Hub and Spoke with one primary and one backup connections between Hub and all Spokes
* Each Spoke has direct connection to reach the external network (i.e. the Internet) without go through Hub

Running Dynamic Routing Protocol in Primary-Backup Connection Scenario

1. Both Primary and Backup Circuits are always up on flat rate from billing perspective

* At remote site, dynamic routing protocol run over both primary and backup circuit
* Primary circuit from the routing protocol perspective should have lower cost compared to the backup circuit
* When there are multiple main sites (the Hub and Spoke with multiple Hub), route from Spoke to Main Hub might be preferrable over route from Spoke to Secondary Hub

2. Only Primary Circuit is always up on flat rate from billing perspective

* To avoid the backup circuit goes up due to the Hello mechanism, no dynamic routing run over backup circuit; just static routes with higher administrative distance or metric than the dynamic routing protocol's
* When primary circuit terminates at different equipment than the backup circuit, there might be a need to redistribute the static route that run over backup circuit to the dynamic routing protocol domain with the purpose of introducing known alternate path

For illustrations, check out following threads:

»Pix 520 with multiple ISP connections?
»[Config] ISDN Multisite dialup using OSPF cost issue

Expand got feedback?

by aryoba See Profile
last modified: 2007-07-19 11:40:52