Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
5
Helpful
5
Replies

Tracking link managed by a service provider for own backup link

9w.boye
Level 1
Level 1

‎06-18-2004 06:16 AM - edited ‎03-02-2019 04:28 PM

Hello,

between two sites is a FR-link managed by a service provider with his own provider edge routers at the sites. He is doing the routing on his own and supplies an ethernet interface as the gateway for the clients on each site.

Now the customer sets up his own router at each site for vpn-backup over a separate internet provider. Clients should now point to this router and this router will forward to the service provider router or in case of failure using its vpn-tunnel over the internet.

How can he track dynamically the functioning of the fr-link to switch over to his own vpn-backup in case of failure.

I am thinking of setting up a gre-tunnel with a routing protocol in it. Learning so the route over the fr-link. In case of failing using a floating static route.

But this solution would mean to stuff all the traffic into the tunnel. Is there a solution not to put the traffic into the tunnel?

Thanks a lot for every advice, William

Labels:
0 Helpful
5 Replies 5

9w.boye
Level 1
Level 1
In response to ebreniz

‎06-24-2004 11:11 PM

Thanks a lot,

but both ways don't work in my case.

To clarify: I am getting no information from the provider edge routers about the state of the FR-link.

your first solution means that the router with the floating static is getting eigrp information from the provider edge

your second solution deals with GLBP and testing the reachability with the track-command. This means to see if there is a valid route in the routing table which must also be dynamically learned - like in your first solution.

What I want:

SITE A -- PE-R1 -- FR-Link -- PE-R2 -- SITE B

-- CE-R1 - customer controlled VPN - CE-R2 --

CE-R1 und CE-R2 should decide wether to send packets to their PE-Rx or to send traffic over the VPN, but they are having no information about the FR-Link and they are getting no dynamic information from their PE-Rx-Routers.

CE-R1 would be the default gateway for Site A and CE-R2 the one for Site B.

0 Helpful

ROBERT WATSON
Level 1
Level 1
In response to 9w.boye

‎06-25-2004 04:43 AM

You can also try running 2 vpn tunnels 1 over the primary and one over the backup link. With GRE enabled ipsec you can enable keepalives over the tunnels themselves and if the primary path is unavailable the protocol state of your gre tunnel will go down and with dynamic routing available you will recoverge over the backup.

Or if you are running 12.3 (4)T or better you must be on a T train to do this you can configure Service assurance agents to verify next hop reachability regardless of routing protocol or interface state like so.

http://www.cisco.com/en/US/about/ac123/ac114/ac173/Q2-04/department_techtips.html

9w.boye
Level 1
Level 1
In response to ROBERT WATSON

‎06-25-2004 06:16 AM

Hi Robert,

this helps a lot and this 12.3T-Feature is something I was looking for for a long time!

But one question, when setting up the solution with a tunnel over the FR which was my thought too, I have one problem in mind. In mind, because I had no chance to try it so far.

Think of the ethernet-Interface of my CE-Router as the default-gateway-Interface for my clients on that site and at the same time it it is the tunnel-endpoint-interface of the gre-tunnel with the same ip-address.

Is this going to be a problem? The endpoint-address itself is part of the target-network I want to stuff into the tunnel.

Solution with Policy Based Routing?

I appreciate your thoughts very much.

regards, William

0 Helpful

vcjones
Level 5
Level 5
In response to 9w.boye

‎06-28-2004 03:56 AM

Another alternative is to run BGP over the primary path to detect when it is up/down. See the white paper on VPN redundancy on my web site for an example configuration. Unlike OSPF or EIGRP, BGP does not require the neighbors to be adjacent, so it works just fine through intermediate routers and/or VPNs.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

0 Helpful
Customers Also Viewed These Support Documents