Internet Auto Failover between 2 ISPs on 2 different data centers

omerzalmai1984 · ‎02-16-2017

Hello Gents,

My Network Setup is as below,

ISP - ABC is my PRIMARY.

ISP - XYZ is the DR.

@ ISP (ABC) i have router C1941 located in ABC DataCenter which further connect to my firewall and switch and servers

@ ISP (XYZ) i have router C881 located in XYZ DataCenter which further connect to my firewall and switch and servers

I do not have RIPE IPs, hence each ISP has provided me with their respective IPs on my WAN and LAN interfaces.

ISP ABC 168.187.X.X

ISP XYZ 62.215.X.X

All my clients are connected to ISP (ABC) using site-to-site VPN ,

There is not direct link b/w these two ISPs , hence i cannot run HSRP , VRRP etx

Both the Data Centers are located in completely different locations.

My Question is

How do i configure Auto-Failover , when ISP ABC is down , i need my clients to connect to ISP XYZ

Philip D'Ath · ‎02-16-2017

Why can't you have the clients build a VPN to both sites? Do the two sites use unique subnets on their "inside" interfaces?

omerzalmai1984 · ‎02-16-2017

[@p.dath]

VPN from Client towards both ISPs are established ( i forgot to mention that )

Both ISP's have unique subnet's on the WAN and LAN interfaces as below

ISP ABC has 168.187.X.X

ISP XYZ has 62.215.X.X

But this leads to another question.

Consider ISP ABC down, and the Clients are now connected to ISP XYZ.

Now ISP ABC is up again , how will the clients return back to ISP ABC.

Philip D'Ath · ‎02-16-2017

The clients wont return back to ABC very fast. Some might take quite a while. You could force it by making them all fail.

But it would be better to design your application so that a server can connect to either site and have it work.

Philip D'Ath · ‎02-16-2017

If the remote devices are Cisco devices then they can specify a backup VPN peer.