I need some help with creating a good performance and compliant with Best Practice configuration for situation described below.
The client has two leased locations in the building, physically separated by a distance of app. 200m. Locations are connected by fiber-optic cable belonging to the owner of the building. And for security reasons this connection must be encrypted.
The network actively uses vlans, same tags may occur on both side.
Intended view of the L1 will look like:
Code: Select all
switch A <sfp+> router A <sfp+ with tunnel> router B <sfp+> switch B
The current (test) configuration:
Code: Select all
sfp28-1 on both sides used as physical connection between routers
/30 network used on this layer
sfp-sfpplus1 on both sides used as physical connection to switches.
EoIP with IPSec over /30 network is the next layer.
Next, bridge that includes EoIP and sfp-sfpplus1 interfaces. On both sides.
And finally, vlans with bridge as parent interface.
With that in mind, I have two questions:
- How correct is this configuration?
- What can be changed in it to improve performance?
- What are the optimal MTU values in this configuration and should they be changed at all?
- Are there any better options for providing an encrypted tunnel under these conditions?