Page 1 of 1

Suggestion for routing

Posted: Sat Nov 07, 2020 12:57 pm
by kunago
I need to ask for an advice since my current needs exceed my knowledge. The question is regarding routing and forwarding.
I have quite a few networks, over 10 at this point. All sites should be able to communicate with any other site. I recently tried to upgrade to IPv6 to eliminate the problem of NAT. Not all sites have public IPv4, some don't even have IPv6. When there is IPv6 available on both ends, I use GRE6, then there are public IPv4, I prefer GRE4, when there is neither one, I need to use OpenVPN. Problem arises when there are 2 sites that have neither IPv4, nor IPv6. Then I need to hop over another network to reach the destionation.

In order to connect the sites, I use the following links (the most prefer and the one with lowest distance in routing table on top):
  • GRE6
  • GRE4 (with public IPv4 on both sides)
  • OpenVPN (server when public IPv4 on at least one side, client to any other OpenVPN server)
It could be that one site has 6 GRE6 tunnels, 1 GRE4, serves a OpenVPN server and also as a OpenVPN client. Multiple failover, maybe redundant, but I just want to make sure I have it all secure.

So far I was only using Simple Static routing with different distances as a fail over. This no longer seems to be easy to manage. What protocol would you please suggest to manage routing? I read about OSPF3 which might be a way to go, or BGP. I have no knowledge over any solution yet and I am not looking for a step-by-step from anyone. I just need an advice as to what might be the easiest way to manage the network.

I am not sure whether my description is easy to understand so if not, I can try to draw something.

Re: Suggestion for routing

Posted: Sat Nov 07, 2020 2:25 pm
by kunago
I drew an example scheme with 4 sites. With 10 sites it is obviously way more complicated. In order to reach router bottom-right from the the router bottom left, I need to hop either routers on top. The also differ by connection speeds etc.

Re: Suggestion for routing

Posted: Tue Nov 10, 2020 4:17 pm
by IPANetEngineer
It appears you are trying to build a mesh VPN where any site can reach any other site.

Honestly, as much as I love MikroTik, ZeroTier is a better solution for this.

If you're going to use MikroTik, I would consider using L2TP and build tunnels to/from all routers. You can build IPv6 and IPv4 dual stack on top of those tunnels.