EIGRP over GRE Tunnel

I believe I have a situation that is going to require this scenario of letting EIGRP neighbor up over a GRE Tunnel at work. Is this ever a bad idea in you guys professional opinion? I'd only advertise a default route and one other route over it. Not the whole routing table.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

FloOz

We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct

CodeBlox

Cool. IPSec won't be running over the tunnel. Its intended purpose is for failover. This particular site has two options for failover and this is one of them and should be preferred over the alternative. With some new requirements the floating static route is no longer a reasonable option.

DevilWAH

I played around with this in labs when I was first playing with GRE tunnels. no reason it should not work just fine.

RouteMyPacket

FloOz wrote: »

We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct

This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.

nerdydad

I used to work at a Fortune 10 company, that until recently, used this model at most of their sites worldwide.

DevilWAH

RouteMyPacket wrote: »

This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.

If I was going to do it I Would be inclined to wrap it up in ipsec if the routers have he capacity to do it both in feature set and resources. If not I would be running EIGRP authentication, and have serious thought about data security across the tunnel. I am assuming you are setting this up across a public link to branch office and not with in a single campus. Even a leased line or circuit I would not trust to run plain text data through. I have meet the guys that work in ISP's

CodeBlox

It's over a private network. The backup GRE is intended to traverse our MPLS network. It's not going over a public link.