Announcement

Collapse
No announcement yet.

Cisco 1800 Series

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 1800 Series

    Afternoon, A few questions regarding Cisco 1800 routers.

    We have ~25 branch offices, which are currently connected in a full mesh using openvpn tunnels via SDSL circuits with static (almost always /24) routes defined on each tunnel. The device running openvpn also acts as an internet / default gateway for clients.

    The sites need to remain in a full-mesh due to inter-site IP telephony.

    Will the Cisco 1800 series routers allow for site-to-site vpn tunnels in this fashion (to each other)? Is it possible to use any routing protocols over these vpn tunnels rather than defining static routes on every device?

    If not can you recommend any other devices that will? As I'm sure you can imagine having static routes everywhere is becoming burdensome - when we originally put openvpn devices in the network was much smaller.

    Thanks for your input.

  • #2
    Re: Cisco 1800 Series

    Full mesh just for IP telephony?
    Why not host the IP telephony server at your ISP data center and connect all the branches using MPLS VPN? That way you could even have a simple router at each office, and the ISP will have to worry about all the routes etc.

    Comment


    • #3
      Re: Cisco 1800 Series

      That's a lot off connections and routes to look after. I'm thinking a hub and spoke design might work better. Where is the VOIP "master unit" located. If it's in the head office I don't see how a mesh topology helps you in any way. If the head office isn't reachable, then office 2 is not going to be able to call office 3 regardless of the mesh because the VOIP master unit is down. With a hub and spoke you only need to use default routing assuming each office is connected via a dedicated circuit to the head office. If each office is connected to the head office using branch-to-branch VPN connections through the internet (which it sounds like the case is) then you can still use a small static routing table at each office. The head office will have a route to each branch via the VPN connection and each branch would have a single static route to the head office via the VPN connection. If all of your resources are located in the head office then a mesh does no good because when the head office is down no one can access any resources. It won't matter if office 2 can reach office 3 if office 3 doesn't have any resources that office 2 needs to use. Am I offbase on my analysis?

      Comment


      • #4
        Re: Cisco 1800 Series

        Full mesh just for IP telephony?
        Why not host the IP telephony server at your ISP data center and connect all the branches using MPLS VPN? That way you could even have a simple router at each office, and the ISP will have to worry about all the routes etc.
        Each branch office has its own voice controller due to various business needs (Mitel 3300).

        If the head office isn't reachable, then office 2 is not going to be able to call office 3 regardless of the mesh because the VOIP master unit is down
        Again, sorry I should have explained before. As each office has its own VOIP controller, if one site is down, all other sites can still communicate.

        If each office is connected to the head office using branch-to-branch VPN connections through the internet (which it sounds like the case is) then you can still use a small static routing table at each office. The head office will have a route to each branch via the VPN connection and each branch would have a single static route to the head office via the VPN connection.
        I wondered about routing all traffic via "Head Office", I dont know the impact this will have on the voip due to increased latency. We also have two sites which house exchange servers, Head office & a second larger office - I would rather not "double-hop" email traffic through Head office due to the amount of traffic.

        Thanks for all your help.

        Comment


        • #5
          Re: Cisco 1800 Series

          Well, to keep it simple an MPLS VPN can still work, it's not a full mesh but rather a "hub and spoke" so to say, but the hub is your ISP datacenter so if it will go down it will probably have the same effect because you wont have internet connectivity so a full-mesh won't help.

          As for your exchange server(s) - it might also be a good idea to put them in your ISP datacenter, that way the head office upload will be free to handle other traffic, and you might also be able to reduce costs by getting a slower connection.

          Try talking to your ISP and see if they provide with MPLS VPN option, it seems like the best option for your case, another option if you must encrypt traffic between the branches is to put a FW (perhaps a Checkpoint NGx) at the ISP datacenter and smaller FWs (perhaps an Edge) at all the branches.

          Yet again, working with hub and spoke topology is much more simple than a full mesh, and if your hub is the ISP, you get a lot of benefits.

          Comment


          • #6
            Re: Cisco 1800 Series

            Hi Idos,

            Thanks for your reply. MPLS is one option we could look into, however I expect the price may be off-putting?

            We would also like to keep our exchange servers in-house rather than at an ISP datacenter.

            Rather than going full-mesh will the Cisco 1800 series support Hub-and-spoke with two "hub" sites? .... We have two sites with good connectivity (20mbit fiber) which both house exchange servers - I would like to have direct routes to each from all sites.

            Comment


            • #7
              Re: Cisco 1800 Series

              It is do-able with two "hub" sites. What you'll have then is called a partial mesh.

              Comment


              • #8
                Re: Cisco 1800 Series

                well joe is correct .

                Better option for you is HUB & SPOKE.

                With HUB & SPOKE you can also use EIGRP routing prortocol .

                With EIGRP thing will be very simple you just need to advertise the subnet .And if any connectivty is lost from HUB then you have alternative to route it from other way within milliseconds with the help of EIGRP.


                We do have have HUB & SPOKE Topology in our company


                its veri befitial if one site connectivity got down with hub then it will automatically routed from another site to HUB .

                So best is HUB & SPOKE


                Cheers
                DT

                Comment

                Working...
                X