Cisco load balancing DSL and IPSEC Vpns

Curiosityx

Curiosityx

Curiosityx

Soldato
Joined
17 Oct 2002
Posts
3,941
Location
West Midlands
Greetings, i have a client who has several sites each with 2 x 8Mb/s ADSL Max connections and one primary site with 2 x 2Mb/s SDSL connections.

Currently they use ADSL bonding devices and run two VPN's per site to every other site for redundancy which i find odd but anyhow..

They would like to load balance or bond each site and run a Cisco meshed IPSEC VPN between each remote site and the primary site.

Now if it were just a single line at each site i wouldn't have a problem but not having dealt with load balancing or bonding before im a little stuck.

Ive been looking at Cisco Optimized Edge Routing, Policy based routing and Gateway Load Balancing Protocol but am unsure as what would be the best approach, i would like to achieve this with a single Cisco 2800 at each site and an ASA at the primary site too terminate the VPN's on and provide a stronger firewall policy.

Any comments would be much appreciated

:)
 
jamiemoles said:
Have they been reading about MPLS or something? Full meshed ADSL network?

Crazy.
Click to expand...

Indeed that was my first recommendation to the client but the approx cost was around the 50k mark, they weren't too happy with that.

I see what your trying to achieve aswell, would that require two tunnels, one per link configured at each site and let EIGRP calculate the routing to avoid loops?

The sites will be entirely Cisco so EIGRP is my first choice.
 
jimjamuk said:
hi - yes two gre tunnels per hub ==== site. RUn eigrp over gre tunnels and as long as the cost paths are the same (or you set the varience if they are slightly different) it will load balance across the two links. EIGRP wont see the tunnels and no routing loops will occur.

In fact I've just found a nice Cisco example at http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml

check it out - it shows how to config up EIGRP over GRE (hub and spoke) and all you need to do is double up and load balancing will occur - the load balancing stuff is at http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094820.shtml


I also though MPLS but that is overkill for a hub to spoke vpn solution
Click to expand...

Thank you very much for your advice, in regards to the second question they want to run a full mesh topology hence the MPLS. Im still going to try and push it as it would be much simpler and scalable in the long run.
 
bigredshark said:
I'd use ospf myself, EIGRP works but it ties you to cisco far too much for my liking.
Click to expand...

I do agree that in multihomed networks OSPF is the logical choice between vendors but being a Cisco house and the fact that EIGRP converges at blistering speeds it's the only choice in my opinion.
 
You must log in or register to reply here.
Back
Top Bottom