EIGRP over GRE Tunnel

CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
I believe I have a situation that is going to require this scenario of letting EIGRP neighbor up over a GRE Tunnel at work. Is this ever a bad idea in you guys professional opinion? I'd only advertise a default route and one other route over it. Not the whole routing table.
Currently reading: Network Warrior, Unix Network Programming by Richard Stevens

Comments

  • FloOzFloOz Member Posts: 1,614 ■■■■□□□□□□
    We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct :)
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    Cool. IPSec won't be running over the tunnel. Its intended purpose is for failover. This particular site has two options for failover and this is one of them and should be preferred over the alternative. With some new requirements the floating static route is no longer a reasonable option.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    I played around with this in labs when I was first playing with GRE tunnels. no reason it should not work just fine.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    FloOz wrote: »
    We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct :)

    This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • nerdydadnerdydad Member Posts: 261
    I used to work at a Fortune 10 company, that until recently, used this model at most of their sites worldwide.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.

    If I was going to do it I Would be inclined to wrap it up in ipsec if the routers have he capacity to do it both in feature set and resources. If not I would be running EIGRP authentication, and have serious thought about data security across the tunnel. I am assuming you are setting this up across a public link to branch office and not with in a single campus. Even a leased line or circuit I would not trust to run plain text data through. I have meet the guys that work in ISP's :)
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    It's over a private network. The backup GRE is intended to traverse our MPLS network. It's not going over a public link.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
Sign In or Register to comment.