Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
2
Replies

Best place for a default route

Matt qomat
Level 1
Level 1

‎07-12-2009 06:42 PM

What is the best place in a network to redistribute a default route from?

Distribution, Edge distribution, Core?

Right now we have our two routers attached to a distribution and sending a default inside. We are thinking to move them and attach them to the core. Is it good place? from other side they are attached to a firewalls, firewalls point to our Internet routers. They get a default from ISP routers. But those routers do not redistribute that default. Only those on our distribution. What is the recommendation and best practice for sending a default from ?

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-14-2009 04:09 AM

A bit unclear whether you're asking where the default should be distributed, logically or physically. I think you're asking about physically. However, logically, best distribution point usually is the router closest to the default path and "knows" whether such path is good. (In your example, those connected to the FWs.)

Physically, I would try to have the shortest physical path (fewest router hops) to/from the default path for hosts that are using it. Placement, though, would be impacted by many other possible considerations, which can range from "politics" (i.e. who maintains particular devices) to I've run out of ports on the device I desire to use.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-14-2009 09:11 AM

Hello Mateuz,

the border routers with the eBGP sessions with the ISPs would be the better choice but there are the firewalls that are likely blocking any IGP routing protocol messages.

Cisco appliances like ASA support OSPF or EIGRP routing if used in single context mode.

A possible solution could be GRE tunnels from edge routers to inside routers.

The problem of the chain :

router -FW -- border router is the fault detection part if using static routes.

Where to connect internet connections / default routes connection point:

in some campus network design the internet block connects to its own distribution nodes that then connect to the core.

Of course it can be possible to connect them to core directly.

The underlying idea is that core nodes have to do only L3 forwarding without ACLs for traffic or even route filters that are left to distribution.

As I said I would be more concerned of checking that the design is really fault tolerant: able to detect remote failures the point where these internal routers connect is less important in comparison.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents