Router question

Hi

A scenario question...

An HQ exists with 10 branch offices. HQ contains around 100 people, branch offices about 30-50 people.

The branch offices are connected to HQ via a leased line connection using a Cisco 2600 series router. The entire network layout is a hub and spoke, with HQ having a leased line connection to all branch offices, but the branch offices having one connection to the HQ.

WHat sort of router is recommended for the HQ? A 2800 series, or something bigger/ more powerful?

Thanks.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

keenon

your looking at something starting out in the 3640 on up.. something that can support a sub-rate DS3 to full DS3 without choking.

will this HQ router be the internet router as well? i hope not

Dilan77

Thanks

As for the internet router - wouldn't it be more effecient to have the branch offices' 2600 routers to have an interface that connects them directly to the local ISP (and therefore internet) rather than relying on HQ?

All routers will also be configured with an ISDN backup line.

What do you think?

keenon

i would rather not have each branch with its own internet connection.. as each branch would require managing individual security.

now using another router at HQ to connect to the internet, there you would have a central security to manage for your entire network. you could have a router, firewall and/or some sort of packet shaper. along with centralized servers as well

leased line option is good as well but if all your branches are in the same city you may want to look at frame relay as cost may be cheaper

Dilan77

keenon wrote:

i would rather not have each branch with its own internet connection.. as each branch would require managing individual security.

now using another router at HQ to connect to the internet, there you would have a central security to manage for your entire network. you could have a router, firewall and/or some sort of packet shaper. along with centralized servers as well

Could the same 3640 be used for the internet access, or would a different router altogether be safer?

keenon

Dilan77 wrote:

keenon wrote:

i would rather not have each branch with its own internet connection.. as each branch would require managing individual security.

now using another router at HQ to connect to the internet, there you would have a central security to manage for your entire network. you could have a router, firewall and/or some sort of packet shaper. along with centralized servers as well

Could the same 3640 be used for the internet access, or would a different router altogether be safer?

i would hope not, but i know money can be a factor.. so i would think on looking at the 3800 series but that is also going to create some major config work not including a total single point of failure

what is the total background on this?

Dilan77

keenon wrote:

what is the total background on this?

I've got a friend working in a place where they use VPN's at the moment to connect each office to HQ, but they want leased lines, and I was curious as to what his options were.
I think they're going to go with individual internet for each branch though...

Paul Boz

Having a leased line AND local internet charges is going to be really expensive... to the tune of out-costing (is that even a word?) the cost of a bigger pipe at the main office that runs through an edge router for the entire network. If they routed all of their internet traffic through the main office they could impliment stronger security maintain more uptime due to a higher quality of service on the main data connection (assuming that they go with el cheapo business class cable/dsl at the field offices as the alternate option), and monitor their bandwidth usage more.

keenon

depends on what the cost they can spend and the requirements that need to be met.

in a decent plan .. being that i'm in the US ( lmao)

depending on if all the branches are geographically in the same region( city, state)

1. i would weigh broadband (cost saving but not guarantee on service) but that would requires some sort of firewall/vpn device to connect to HQ and internet ( being that your using the internet) it should be able to support the total users of each branch.

2. i would look at leased or frame (a bit more costly but service guaranteed) as an option security devices wouldn't be required at each location (cost saving) cheaper routers could be used at each site, HQ would require at best 2 routers( 1 for internet and 1 for site termination)
optional firewall between internet router and HQ network, central network services/resources ( file servers, DHCP, ect)

Dilan77

keenon wrote:

depends on what the cost they can spend and the requirements that need to be met.

in a decent plan .. being that i'm in the US ( lmao)

bloody yanks

keenon wrote:

depending on if all the branches are geographically in the same region( city, state)

1. i would weigh broadband (cost saving but not guarantee on service) but that would requires some sort of firewall/vpn device to connect to HQ and internet ( being that your using the internet) it should be able to support the total users of each branch.

What they're using already, but very unreliable, hence why they want to move to....

keenon wrote:

2. i would look at leased or frame (a bit more costly but service guaranteed) as an option security devices wouldn't be required at each location (cost saving) cheaper routers could be used at each site, HQ would require at best 2 routers( 1 for internet and 1 for site termination)
optional firewall between internet router and HQ network, central network services/resources ( file servers, DHCP, ect)

Do you think using 1 router (interfaces for ISP connection and leased lines to branches) but with HSRP (so 2 in reality) would be better? The router would advertise a default route to the internet? Or, as you say above, 2 routers carrying out different roles?

Thanks for your input, much appreciated..

keenon

Do you think using 1 router (interfaces for ISP connection and leased lines to branches) but with HSRP (so 2 in reality) would be better? The router would advertise a default route to the internet? Or, as you say above, 2 routers carrying out different roles?

Thanks for your input, much appreciated..

1 router is still a single point of failure if all the branches terminate on it and the internet is out of it as well.

better choice 1 router to the internet> firewall/security device> switch> main router for branch sites> branch site

only 1 security device needed

now if redundancy becomes a hot spot you can add 1 more device to each of the main sites gear and seconday link at branches that terminate on another router at the branch

i'm starting to think i'm going to need a consulting fee or send me a 3560..lol

Dilan77

keenon wrote:

Do you think using 1 router (interfaces for ISP connection and leased lines to branches) but with HSRP (so 2 in reality) would be better? The router would advertise a default route to the internet? Or, as you say above, 2 routers carrying out different roles?

Thanks for your input, much appreciated..

1 router is still a single point of failure if all the branches terminate on it and the internet is out of it as well.

better choice 1 router to the internet> firewall/security device> switch> main router for branch sites> branch site

only 1 security device needed

now if redundancy becomes a hot spot you can add 1 more device to each of the main sites gear and seconday link at branches that terminate on another router at the branch

cool, makes sense, many thanks!

keenon wrote:

i'm starting to think i'm going to need a consulting fee or send me a 3560..lol

hehe..