In our environment, we typically have a layer 3 switch running several vlans and 2 WAN routers with Internet T1 circuits. On these WAN routers, we make IPSec/GRE VPN tunnels back to our headquarters. Our environment runs EIGRP and is all one AS so the switches and routers in a site are neighbors and the VPN routers in the branch and headquarters are EIGRP neighbors.
We have very large routing tables because we are not summarizing and I was wondering the following.
1- Can I just advertise an EIGRP summary address on each VPN router tunnel interface? In the attached example, can I advertise a summary of 10.0.0.0/22 on each branch VPN router tunnel interface and a summary of 192.168.0.0/22 on the HQ VPN router tunnel interfaces? Someone once told me that this could not be done unless there was a direct cable connection between the VPN routers. I would think just being EIGRP neighbors would be enough, no?
2- For the branches, how would it be best to do stub routing? Would I configure that just on the Layer-3 switch in the branch or would I also do this on the VPN routers?
My end goal is to implement summarization and possibly stub routing to shrink my routing tables and improve performance.
Thanks in advance.
1) you can summarize out an interface including a GRE interface: this modifies the set of updates sent to the EIGRP neighbor
It makes sense to summarize from core to branch.
on the branch towards the core you could summarize just up to what is in branch
You cannot have all the branches to advertise the same summary this would be a problem
2) EIGRP stub routing can be applied only to routers that haven't neighbors downstream so it can be applied to the L3 switch.
To move the stub routing to the VPN router you would need to use static routes to the L3 switch and to redistribute them in eigrp and declare the router eigrp stub connected static
Hope to help