Routing – Cant ping across router

You likely have a routing problem, but it probably isn't on R1 (which should know both subnets because they are directly connected). We wouldn't be able to confirm without knowing the router/host configurations and possibly the router vendor/model.

Having more than one router, each with distinct networks beyond it and not directly connected to the other routers, on the same subnet as hosts can be less than ideal. While it can work just fine, there are generally not "good" solutions to the problems that arise.

First, you do have to make sure that the each router knows about the networks beyond the other routers. Static routes are problematic as they are more difficult to maintain and prone to error. So this means running a routing protocol. (For the rest of my answer, I will assume that a routing protocol is running between the routers.)

Running a routing protocol on the routers on the same network where hosts are connected creates security implications. This can provide valuable information to an attacker (internal or external on compromised resource) about the network topography and subnets in use. Additional steps would be required to secure this.

Second, you have the issues associated with the hosts themselves. Typically hosts only have one "default" route or gateway where they will send all traffic destined to non-local subnets.

Here you have a number of options, none of them what I would consider "good":

1. Configure static routes for other subnets on each host: again management issues and prone to error.
2. Configure hosts to participate in a routing protocol: again security concerns and you need to make sure that the hosts can't inject routes into the router's routing table.
3. Depend on ICMP redirects: security implications and more security implications. Generally turned off on routers and hosts are often configured to not respond to ICMP redirects. You would need to make sure it was enabled on all devices.
4. Let the routers do the work without ICMP redirects. Probably the best option, but this means that your routers acting as default gateways will be processing more traffic, which means that they may need to be "bigger" (i.e. higher performance, possibly faster interfaces) and there are some security concerns. Why is this the case? Because traffic that is intended for those other routers needs to be received on an interface and then sent back out that same interface to another router.

So, what are alternatives? Well, if you go back to my statement early on in this post, there are a few things I could consider better options:

1. Provide direct connections between your router(s) acting as the default gateway and the other routers using physical interfaces. This require more interfaces per router and still may require a "bigger" router, but it provides a number of benefits.
   • You can run your routing protocol on interfaces where hosts are not connected.
   • You avoid any security concerns when you would receive and send the same traffic on the same interface.
   • You avoid "doubling" the outbound traffic by not receiving and sending the same traffic on the same interface.
   • Increased redundancy when using HSRP, VRRP, GLBP or similar to provide gateway redundancy.
2. Provide direct connections between your router(s) acting as the default gateway and the other routers using "virtual" interfaces, for example through the use of VLANs and trunking/tagged links. Gives the same first two benefits I mentioned in the first option.
3. Add a router (or routers for redundancy) between hosts in Net1 and R1/R2/R3 (as well as other similar locations such as Net2/Net4). Basically provides all the benefits from the first option, but requires extra hardware to a manage.