Imagine you have a main MPLS circuit, router in the hub1 and hub2 are C3945. Routing protocol between C3945 CE and PE is BGP. Circuit is DS3.
There is a backup circuit on each hub1 and hub2, router C2951 connected via Internet IPsec tunnel. Therefore if the main MPLS circuit goes down, it is OK that the IP traffic can flow via the IPSec tunnel and reach all other sites on MPLS - OK.
There is an important call center server housed in the hub2.
If the main MPLS circuit goes down in Hub1, business wants the backup router and backup circuit to take over and route traffic as soon as possible since if the application remains down for more than 30 seconds agents in hub1 needs to relogon, complain a lot and cause political motive to complain technology does not work.
What I proposed: Create an IP SLA icmp in the C6509 distribution switch in which both C3945 and C2951 are connected to, and monitor the IP address of the call center application server in hub2, based on the C3945 hub1 interface.That way if IP SLA timesouts when pinging the hub2 server application IP address, take ip route <backup_router>.
Some engineers are saying that even if I am successful with fast detection for the egress traffic, making the route flow via the backup-router and backup-circuit in few seconds after the MPLS circuit goes down, the issue is that the traffic coming from the server application in hub2 would still believe the active route is via the main circuit, since BGP could take up to 90 seconds to remove route from routing table and application would still remain failed anyway for 90 seconds until BGP detects route is down.
Is this objection true? Do you see anything to help improve this and make this ingress traffic from the server-application in hub2 select the backup-router and backup-circuit and operate accordingly?
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
If your WAN edge is a pair of 3945s and a 2951, PfR might cause faster failure over by inserting a new (BGP) route to use the remaining good path.