So I've got 2 sites, likely to be 3 soon, and possibly 4 within the next year or two.
At each site, I have/will have two edge routers. These peer with the providers for internet access. They also terminate PtP links between sites, which are currently and will probably remain in a ring topology.
There is also a firewall at each site, which will have routes into the DMZ. So if you can picture it, one big ring, having two edge routers at each site, and then each site having a firewall, connected to both edge routers on the inside, to form a triangle if you were to diagram it.
My goal here is to have flexibility in routing public IPs within our network, and to be able to control where they are routed depending on what's advertised from the firewalls.
My questions are:
Is it a bad idea to pick two sites and make those two firewalls route reflectors? If so, why?
Would it be a better or worse idea to give all sites a route reflector (still the firewall), rather than just two?
Also, can route reflectors advertise routes themselves? I assume so, but maybe that is not the case.
No comments:
Post a Comment