03-03-2013 08:32 PM - edited 03-04-2019 07:11 PM
Hello folks, here is the scenario:
Imagine you have a main MPLS circuit, router in the hub1 and hub2 are C3945. Routing protocol between C3945 CE and PE is BGP. Circuit is DS3.
There is a backup circuit on each hub1 and hub2, router C2951 connected via Internet IPsec tunnel. Therefore if the main MPLS circuit goes down, it is OK that the IP traffic can flow via the IPSec tunnel and reach all other sites on MPLS - OK.
Issue:
There is an important call center server housed in the hub2.
If the main MPLS circuit goes down in Hub1, business wants the backup router and backup circuit to take over and route traffic as soon as possible since if the application remains down for more than 30 seconds agents in hub1 needs to relogon, complain a lot and cause political motive to complain technology does not work.
What I proposed:
Create an IP SLA icmp in the C6509 distribution switch in which both C3945 and C2951 are connected to, and monitor the IP address of the call center application server in hub2, based on the C3945 hub1 interface.That way if IP SLA timesouts when pinging the hub2 server application IP address, take ip route <backup_router>.
Objection:
Some engineers are saying that even if I am successful with fast detection for the egress traffic, making the route flow via the backup-router and backup-circuit in few seconds after the MPLS circuit goes down, the issue is that the traffic coming from the server application in hub2 would still believe the active route is via the main circuit, since BGP could take up to 90 seconds to remove route from routing table and application would still remain failed anyway for 90 seconds until BGP detects route is down.
Is this objection true? Do you see anything to help improve this and make this ingress traffic from the server-application in hub2 select the backup-router and backup-circuit and operate accordingly?
04-16-2013 12:55 PM
Is this objection true? Do you see anything to help improve this and make this ingress traffic from the server-application in hub2 select the backup-router and backup-circuit and operate accordingly?
Yes, this objection is true. By default BGP will time out after 180s. So there will be problem with asymetric routing.
Better aproach will be speed up BGP convergence with various tools:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/cs_bsfda.html
http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/brbadv.html
http://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srbgpbfd.html
http://blog.ine.com/2010/11/22/understanding-bgp-convergence/
Best Regards
Please rate all helpful posts and close solved questions
04-16-2013 04:52 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If your WAN edge is a pair of 3945s and a 2951, PfR might cause faster failure over by inserting a new (BGP) route to use the remaining good path.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide