01-16-2023 09:28 AM - edited 01-16-2023 09:34 AM
Hello guys,
I'm working on a project, here's the picture
Circle in the middle has MPLS configured, I've configured VRF's and managed to ping 3 sites Split, Makarska and Imotski. Next step I added internet router and configured static routes so each site can reach it. After that I configured IPSEC on the internet links so each site can reach eachother through IPSEC internet link aswell. Now when I ping pc's the traffic goes trough internet IPSEC links, and only goes trough mpls if i turn internet links off. I want primary route to be trough MPLS and only go trough IPSEC if MPLS fails.
On my CE router, those routes go trough internet link with AD 1.
Anyone has idea on how to route traffic so it goes trough MPLS first?
Solved! Go to Solution.
01-16-2023
09:36 AM
- last edited on
01-18-2023
09:35 PM
by
Translator
Hello @Mirko442 ,
you need to use floating static routes over the IPSec tunnel so that they have a greater , less preferred , admin distance
use something like 220 as you AD for the floating static routes
ip route <net > 255.255.255.0 172.4.1.1 220
and so on
warning: this works if you receive the same set of prefixes over MPLS with a dynamic routing protocol like eBGP or OSPF.
If route summarization is performed on the MPLS cloud the suggested change is not enough as the most specific route is preferred regardless of admin distance
Hope to help
Giuseppe
01-16-2023
09:36 AM
- last edited on
01-18-2023
09:35 PM
by
Translator
Hello @Mirko442 ,
you need to use floating static routes over the IPSec tunnel so that they have a greater , less preferred , admin distance
use something like 220 as you AD for the floating static routes
ip route <net > 255.255.255.0 172.4.1.1 220
and so on
warning: this works if you receive the same set of prefixes over MPLS with a dynamic routing protocol like eBGP or OSPF.
If route summarization is performed on the MPLS cloud the suggested change is not enough as the most specific route is preferred regardless of admin distance
Hope to help
Giuseppe
01-16-2023 09:39 AM
Since you have static Route that is taking preference as per the output, look below route preference :
So you looking here MPLS as prefered and if that Failed you want to user Internet VPN link ?
If you running OSPF why not use OSPF also IPSEC tunnel with metric to prefer path as MPLS ?
01-16-2023 09:44 AM - edited 01-16-2023 10:08 AM
AD for MPLS is = 1
AD for static default is = 1
so change the static AD to be = more than 1
check this solution.
01-16-2023 10:08 AM
if you prefer MPLS over direct connect then use PBR.
01-16-2023
09:48 AM
- last edited on
01-18-2023
09:36 PM
by
Translator
Hello guys, thanks for the quick replies,
@Giuseppe Larosa so I need to configure floating route on CE-ST for example:
ip route 10.30.5.0 255.255.255.0 132.4.2.2 220?
@balaji.bandi I didn't really understand your answer, I want my ping from PC1 to PC2 for example to go through MPLS and only go through IPSEC if MPLS interface is down.
01-16-2023 09:58 AM
i might have not clear here - what i was suggesting if you could able to run OSPF between Routers with metric you can make decision.
if you looking only static route increate the AD from 1 to XXX ( as suggested by @Giuseppe Larosa )
01-16-2023 10:16 AM
Thanks for all the replies, I've managed to make it with floating routes! Quick replies, love it
01-16-2023 10:18 AM
glad you able to fix, also test failure links.
My approach always use Dynamic protocol for good traffic engineering.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide