12-03-2009 07:02 AM - edited 03-04-2019 06:52 AM
Hello guys,
I have 4 locations across the world connected to an MPLS cloud (2851 CE routers connected to my Core switches running OSPF) speaking BGP to PE routers. I am redistributing OSPF into BGP and vise versa on my CEs to get all routes from location A to location B. On my core switches I see the routes coming from the MPLS as O EX 2 which is fine.
On the other side, I have VPN failover routers in every location conencted to my Core switches (inside interface) and Internet (outside interface) and I am running VPN Tunnel with OSPF. So, comparing OSPF metrics on my Core Switches I am able to choose which path is prefered (MPLS or VPN). The VPN failover was tested and it is OK.
Everyhitng is working great to the moment I have connectivity problems with MPLS (somewhere in the MPLS cloud). My CE routers (speaking BGP with PEs) cannot detect BGP onnectivity problems and my Core Switches don't fail over the VPN link because they still see OSPF OEX 2 comming from BGP MPLS. The BGP table is full in my CEs but I cannot pass data because of the connectivity problem somewhere in the cloud. How can I spead up the link faulure detection on my CEs?
I am thinking about track objects (set a ping to an IP address on another location) but seems like my network architecture doesn't aloow me to do that (if possible at firts place).
I am thinking about running OSPF GRE Tunnel from CE to CE to be able to quickly detect the MPLS problem (OSPF over the Tunnel will do the job) but it requires to have full mesh GRE Tunneled topology between all location, meaning.... location A has to have tunnel to location B, C, and D, location B nad to have tunnels to A, C and D and so on.
Please advice if there is anything else I can do to get faster link failure detection over the MPLS link and failove the Internet VPN.
12-03-2009 09:18 AM
One option is to advertise only loopbacks on the CE<->PE connection and then create other BGP session(s) from CE<->CE using those loopbacks and advertise all your routes via those sessions. It may require more BGP peering but you will be able to detect failure when the BGP peering goes down much quicker than the MPLS cloud and you will avoid the dreaded GRE tunnel approach.
Regards
Edison.
12-04-2009 12:28 AM
So, not a lot of options here. Thank you for the idea.
Regards,
rvr
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide