I am working on changing the setup for a customer site and want to toss up a few ideas for discussion.
Basic Topology: 3 geographical sites. Site 1, Server Farm w/ 50+Mb pipe WAN and DSL to Site 2. Site 2 has 2 T-1 links to site 3. Site 3 has a DSL connection to WAN. (so Site 2 has no direct WAN access, the DSL is a private loop). Each 'site' is a /24.
Currently they have a pretty awkward configuration with static routing between the sites. I am going to suggest that they use a dynamic routing protocol so that they can have redundant routes via a VPN tunnel should the private lines go down.
Question - Should I use IPsec over GRE on the private T1 and DSL lines, or should I just use GRE, or nothing at all? I plan on using EIGRP and I do not know if the T1 and DSL will handle multicast traffic.
Or: should I stick with the static routing and just add some SLA and tracking objects to provide the redundancy.
Requirements of the job: mission critical redundancy.
Hardware: A mix of Cisco routers on the edge, Pix 515s at site 2 & 3, and PIX 506e at Site 1. Various vendor switches.
For redundancy I am planning a VPN backup link between Site1 and Site 3, which will allow the failure of any 1 link to site2.