EIGRP over GRE Tunnel

CodeBloxCodeBlox Posts: 1,363Registered Members
I believe I have a situation that is going to require this scenario of letting EIGRP neighbor up over a GRE Tunnel at work. Is this ever a bad idea in you guys professional opinion? I'd only advertise a default route and one other route over it. Not the whole routing table.
Currently reading: Network Warrior, Unix Network Programming by Richard Stevens

Comments

  • FloOzFloOz Posts: 1,614Registered Members
    We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct :)
  • CodeBloxCodeBlox Posts: 1,363Registered Members
    Cool. IPSec won't be running over the tunnel. Its intended purpose is for failover. This particular site has two options for failover and this is one of them and should be preferred over the alternative. With some new requirements the floating static route is no longer a reasonable option.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • DevilWAHDevilWAH Posts: 2,996Registered Members
    I played around with this in labs when I was first playing with GRE tunnels. no reason it should not work just fine.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • RouteMyPacketRouteMyPacket Posts: 1,104Registered Members
    FloOz wrote: »
    We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct :)

    This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • nerdydadnerdydad Posts: 261Registered Members
    I used to work at a Fortune 10 company, that until recently, used this model at most of their sites worldwide.
  • DevilWAHDevilWAH Posts: 2,996Registered Members
    This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.

    If I was going to do it I Would be inclined to wrap it up in ipsec if the routers have he capacity to do it both in feature set and resources. If not I would be running EIGRP authentication, and have serious thought about data security across the tunnel. I am assuming you are setting this up across a public link to branch office and not with in a single campus. Even a leased line or circuit I would not trust to run plain text data through. I have meet the guys that work in ISP's :)
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • CodeBloxCodeBlox Posts: 1,363Registered Members
    It's over a private network. The backup GRE is intended to traverse our MPLS network. It's not going over a public link.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
Sign In or Register to comment.