Thanks for anyone who answered. Guess, we sorted it out now. Sven On Sun, Feb 15, 2004 at 07:31:46PM +0000, E.B. Dreger wrote:
...
SH> As this is a small network internally everything is routed SH> via static routes.
Except for the smallest of networks, I try to avoid static routes. It's additional work and opportunity for error. Using BGP + TCP MD5 auth, OSPF auth, hardcoded ARP entries, per-port MAC address restrictions, prefix lists, route maps, etc., one can run a dynamic network and still keep security under control.
SH> R1 and R2 have full BGP views from the transit providers as SH> well as partial view from the peers.
Why not arrange the routers and switch in a single VLAN? (Or did I misunderstand your earlier ASCII-art diagram?) I usually use something like:
10.0.0.1/32 local sinkhole 10.0.0.2/28 virtual router (HSRP/VRRP; maybe XRRP now) 10.0.0.3/28 physical router #1 10.0.0.4/28 physical router #2 : : : : : : : 10.0.0.13/28 [routing] switch #2 10.0.0.14/28 [routing] switch #1
...