The goal is to configure bridge mode to help user maintain simple deployment with high level security since they subscribe to full guard license and short of manpower to oversee the operation at branch if the firewall down any user without IT knowledge will able to swap and bypass the firewall.
However they also have requirement to maintain 2 gateway for failover http access if internal user not able to connect back through IPVPN which im not sure multipath & Qos is applicable in bridge mode. Thanks[H]
PS MPLS is expensive and can be replaced by RED technology.
Disagree with you somewhat on that statement Bob. [:)]
RED can usually replace MPLS, but not always. RED will always be limited by the Hub & Spoke design and the internet path between locations whereas MPLS is usually on a separate backbone with performance guarantees and topology options.
RED is certainly cheaper then MPLS and for most types of traffic, makes sense. The fact we have two RED sites with four more on the way, but only one MPLS line, kinda illustrates my point. Most of our traffic doesn't need the guarantee's MPLS offers.
MPLS gives you more flexibility in how you setup your WAN and depending on your needs, the provider can do some amazing things with MPLS that you can't do with RED. I've seen MPLS offered where the provider will offer reduced rates for bulk traffic that isn't latency sensitive.
MPLS also offers a more flexible topology so you can run the MPLS lines in hub & spoke, full mesh, partial mesh, whatever you need. With full mesh & OSPF or EIGRP, you can route internet traffic through HQ but maintain a secondary site so if HQ goes offline, you can reroute the internet through the secondary site. Ditto with internal servers.
