6

We have 4 offices in different countries. They are all connected via VPN to each other (i.e. at least one VPN tunnel from each office to all other three). Each office has between 1 and 4 separate subnets, and each office has an OpenVPN server. Two of the offices have a DMZ (because they host public services) and each office has direct routing to the Internet. Plus there is one "virtual" office, which is physically at the same place as one of the others, but logically completely separate and connected via a VPN tunnel. In total there are 16 subnets and at the moment this is all done with static routes, complete with failover routes. There are 12 main routers involved.

It all works fine, but I am beginning to wonder whether I should look into using OSPF. Everytime I need to add a subnet, I have quite a job on hand to make sure that all the routing tables are updated correctly.

So I was wondering whether anybody could offer advice on when to start using OSPF for this?

EDIT: If anybody can provide any pointers to a good tutorial or design guide for OSPF areas, I would be greatful.

wolfgangsz
  • 8,767
  • 3
  • 29
  • 34
  • 12 routers for 4 offices? Why not 8 routers? – pauska Jun 09 '11 at 15:58
  • Because some of these offices have complex internal networking which requires additional routers. – wolfgangsz Jun 09 '11 at 16:15
  • You shouldn't need a route for every single subnet at every single router. If you have chosen them well then you should be able to route granularly and refine as you get closer to the destination. – JamesRyan Jun 10 '11 at 10:18
  • Unfortunately a lot of these subnets were chosen badly and have been around for a long time. – wolfgangsz Jun 10 '11 at 10:33

2 Answers2

8

My recommendation would be "several sites ago".

Past 3 or 4 routers, statically routing everything feels like more of a chore than getting a route distribution protocol going.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
7

My 2 cents: I'd setup RIP for a small network like that. Heck I'd use it even if there were only two routers. OSPF is definitely more robust and fully capable of what you're doing, but also more complicated.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • 1
    Worth noting: If you just want all the sites to be fully aware of all routes, almost ever RIP daemon I've seen you can just turn on and make sure the routers can reach each other on UDP Port 520. In a matter of moments the daemons will sort it all out. Now if you don't want every subnet's route broadcast for some reason (wonky subnet for whatever reason) then you'll have to dig into the configuration a bit. – Chris S Jun 09 '11 at 17:41
  • Point taken. What would be good reasons not to use RIP? Number of devices? Number of subnets? – wolfgangsz Jun 10 '11 at 11:11
  • 1
    RIP like to transmit every subnet to every other RIP router, which in bigger networks may overload the route table, or at least make it impossible for a human to look at the table and diagnose problems. Also RIP uses fairly simple weights for routes. If you had a 56k connection directly between two routers, or a 1Gb connection with a hop in the middle, the 56k connection is more direct and usually will get the lower metric (though you can configure routing to make it higher); where OSPF would recognize that difference automatically. – Chris S Jun 10 '11 at 12:29
  • The book [IP Routing from O'Reilly](http://www.amazon.com/gp/product/0596002750) is a good intro to the most common protocols if you're interested. (Make sure you get the 2nd printing, Published Jan 2002, Printed Oct 2002, as the first edition had *some* errors) – Chris S Jun 10 '11 at 12:32
  • Book is on order. That's probably what I should have done in the first place. That's what earned you the 15 points. – wolfgangsz Jun 10 '11 at 13:35