Two routers on same subnet. Is there a speed problem?

Hi!  This is a networking performance question.  Here is my current setup:

I have a subnet with approximately 20 workstations and 10 servers.  Two NetScreen 50 (Juniper) routers are on this network.  Router A is used for internet access and remote VPN clients.  Router B is used for LAN-to-LAN VPN with approximately 20 sites with about 10 workstations each.  The default gateway for servers and workstations is Router B.  It means to get to the clients on remote sites, the traffic goes from the server to router B to router A and then to remote site.

My boss is persuaded that adding static routes to each servers for all remote sites to point directly to router A is better then using the routes in the default gateway (router B) because he says the traffic goes from the server to router B then goes back on the switch to router A and then to the remote site.

What would be the best setup?  Should I use static routes on each servers?  Should I use router A as default gateway and route internet and remote vpn clients traffic to router B?  Should I use only one bigger router? Any other idea is welcome.

Who is Participating?
skaap2kConnect With a Mentor Commented:
I've found in the past, that workstations & servers learn about the topology of the network with regards to having multiple routers & routes on the same subnet, once a device has been routed to a different router on the same subnet, the device & router will learn the MAC address of each other.  They will then communicate directly.

In the past, I have found no reason to add static routes to servers etc for this scenario.

rsivanandanConnect With a Mentor Commented:
Would you have a spare router ? The NS-50 you are mentioning are firewalls and not routers. If you had a router then you could do this;

On this router, you can add routes in such a way that it goes to different firewalls based on the destination. Again, the internal machines have to go to 2 hops but it would be much better than a firewall taking all the hits and then deciding about whether to send this across or send it to the other firewall.

Alternative solution would be to get a bigger firewall which would allow you to have all connections terminated on the same firewall. I would suggest to have something like ISG1000 (Where in you can even have IDP functionality).

Does your netscreen configuration support two untrusted networks?  If so, just route both networks through the one device.
The 5GT model works excellent in this scenario for my customer base of around 50 users.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.