Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2298
Views
0
Helpful
3
Replies

Dual ISP MPLS Link Failover Redundancy

Kpanchal
Level 1
Level 1

ā€Ž05-14-2019 10:53 PM

Dear  Team,

I have two MPLS link provided by ISP, with IP Address 10.10.20.5/30 and 10.10.4.73/30 at there end and IPs 10.10.20.6/30 and 10.10.4.74/30 at our end and these two links are terminated at two router C3925. I need to configured for Link redundancy i.e., If both the links are up then all traffic should goes through highest priority (primary) router and if primary router link fails then traffic should shift to secondary router and when primary router link is up again then it should shift back to primary router link.

But actually, when we have both the links are up, and we have set higher priority for 10.10.4.73 link, outgoing packets from our end router (10.10.4.74) goes through 10.10.4.73 but for income packets we get it from 10.10.20.5. So due to this packets start getting drop at our routers (ping and traceroute works fine but from outside cant access portal and other services as packets get drop). So we aren't able to keep both the link up simultaneously and we have to shut the port manually even though HSRP is configured at our end.

And Ɣgain when both the links are up and when we have set higher priority for 10.10.20.5 link, for some region we get same route ( incoming and outgoing route is same i.e 10.10.40.5) but for some region reverse route get change to 10.10.7.73 due to this packets get dropped for some region.

Please find the attached configuration:

Currently router 1 is set to higher priority.

Router 1:

 

interface GigabitEthernet0/0
description "ISP-MPLS-Link-1"
bandwidth 100000
ip address 10.10.20.6 255.255.255.252
ip accounting output-packets
ip ospf network point-to-point
duplex auto
speed auto
!

!
interface GigabitEthernet0/2
description **LAN_CONN_WITH_L3_CC_SW**
bandwidth 100000
ip address 10.100.2.98 255.255.255.248
ip inspect http in
ip inspect http out
standby version 2
standby 1 ip 10.100.2.100
standby 1 priority 115
standby 1 preempt delay minimum 1
standby 1 track 1 decrement 10
ip ospf cost 20
duplex auto
speed auto
!
!
router ospf 1
max-metric router-lsa
redistribute static subnets
network 10.10.20.4 0.0.0.3 area 0
network 10.100.2.96 0.0.0.7 area 0
!
track 1 ip sla 1
!
ip sla 1
icmp-echo 10.10.40.5 source-interface GigabitEthernet0/0
frequency 5

 

Router 2:

 

interface GigabitEthernet0/0/0
description **ISP-MPLS-Link-2**
ip address 10.10.4.74 255.255.255.252
ip accounting output-packets
ip ospf network point-to-point
duplex auto
speed auto
!

!
interface GigabitEthernet0/2
description **CONN_TO_LAN_L3_SW**
bandwidth 100000
ip address 10.100.2.99 255.255.255.248
standby version 2
standby 1 ip 10.100.2.100
standby 1 priority 110
standby 1 preempt delay minimum 1
ip ospf cost 20
duplex auto
speed auto
!
router ospf 1
max-metric router-lsa
redistribute static subnets
network 10.10.4.72 0.0.0.3 area 0
network 10.100.2.96 0.0.0.7 area 0

 








Regards
Ankit Kumar Singh

+91-7903163128

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

ā€Ž05-15-2019 12:43 AM

With Metric manipulation you can control over the links, but we are not sure how other side configured ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

ā€Ž05-15-2019 12:43 AM

Hello Ankit,

all your issues are originated by the usage of security feature CBAC

the ip inspect commands on the LAN internal interface.

Without CBAC in place asymmetric routing wouldn't be an issue.

Also what kind of MPLS service are you using?

If it is a L3 MPLS VPN and you are using OSPF, your devices are peering with ISP PE routers.

 

From what you have written my guess is that you are using an MPLS L3 VPN service with multiple sites.

In a case like yours to support multiple links and also avoid asymmetric routing that would stop traffic for the presence of CBAC configured on your devices you need to work with the ISP tech people asking them to configure their PE routers accordingly.

Because if you have an MPLS L3 VPN service the choice of the path can be different from different remote sites depending on how the remote site serving PE sees the two PE nodes serving your local site.

For example if you explain your needs to the ISP engineers that can make one PE's routes more preferred everywhere for example by setting a local preference of 150.

 

There are also two aspects of OSPF configuration that make me think:

a)

why you have configured under OSPF process

max-metric router-lsa

This command should be used carefully as it increses the cost of each link in the router LSA to maximum intra area cost of 65,535.

This command does not allow your routers to differentiate their cost to the internal network to the PE routers.

I think you should remove it.

 

b) How you make a path preferrable over the other ?

I would expect you to tweak the OSPF costs to the internal network in order to make the primary link/ router preferred.

 

Something like:

primary router

interface gi0/2

ip ospf cost 20

 

secondary router

interface gi0/2

ip ospf cost 2000

 

But as mentioned before to make this change effective from the point of view of PE nodes you need to remove the max-metric comand under router ospf.

 

Hope to help

Giuseppe

 

 

 

 

0 Helpful

Filip Knezevic
Level 1
Level 1
In response to Giuseppe Larosa

ā€Ž05-15-2019 01:44 AM

Surely the easiest way to achieve a basic redundancy is to use OSPF on primary link and statics with higher distance on the other one. That usually do a pretty good job in terms of failover with basic settings, and you don't have to use PBR or track etc. 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card