05-08-2007 06:33 AM - edited 03-05-2019 03:56 PM
Hello
We need to build a redundant Gbps VPN platform for partner and 3rd party connections. A big discussion started whether to go for layer 2 (HSRP/GLBP) or layer 3 (OSPF) redundancy. Now I'm looking for the pros and cons re stability, complexity, convergence, etc.). Our concern for layer 2 is the risk of STP, broadcast storm, etc. which would take down both systems.
thanks!
05-08-2007 06:40 AM
Martin,
What are the devices you are thinking to use here.What would be the final network topology that you are thinking. Please let us know the toplogy and we will be able to help you. Using HSRP/GLBP or OSPF depends on final network design that you have.
-amit singh
05-08-2007 07:30 AM
It's all very open. We know that the design depends on how we'd want to implement redundancy. That's why we'd like to get a better idea of the two ways.
We have two data centers with full layer 3 connectivity outside the firewalls and on the inside (intranet). The partners need to be able to access our servers with 1:1 NATed public IPs in the DMZs. We terminate the VPN in a different DMZ (on Cisco Routers). The servers are available in both data centers (different physical machines with different public IPs).
One way would be to lay a layer 2 connection between the two sites and connect the two VPN gateways and run HSRP or GLBP. The other idea is to use a routing protocol with reverse route injection on the VPN gateways.
The solution does NOT need to be highly available.
Again, it's not really the design I'm looking for, it's the pros & cons of layer 2 vs. layer 3 redundancy.
thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide