03-16-2005 01:45 AM - edited 03-03-2019 09:03 AM
Scenario,
We have a number of static VPNs (over 10) over GRE tunnels between Hong Kong (HKG) and Mainland China. (SITEA, SITEB, SITEC, etc )
Each remote office is using an 831 router with most offices having a single FTTP 3Mbps internet connection.
In HKG we have 2 x 1721 routers with VPN accelerators each configured for a different ISP for redundancy. (ISPA and ISPB).
For each remote site there is a VPN to HKG via ISPA and a VPN to HKG via ISPB with one being a primary and the other a backup. EIGRP is configured for all routers and on all tunnels.
Now the problem we have is that the internet connection between SITEA and HKG via ISPA sometimes becomes slow (800-1200ms) but is able to still keep the GRE tunnels alive and as such doesnt switch to the backup VPN to HKG via ISPB, (which proves much faster when manually switched). The reverse sometimes occurs with the VPN to HKG via ISPB
Were wondering if there is any way to choose a data path based on latency rather than load?
03-16-2005 04:21 AM
OER would do exactly this:
http://www.cisco.com/en/US/netsol/ns471/networking_solutions_package.html
We're currently working on a way for EIGRP to return to it's original concept of dynamic metrics, as well, but it woul dbe based on the interface dealy, rather than actual traffic (as OER is), and it's going to take us some time to get it implemented, etc.
:-)
Russ.W
03-16-2005 04:49 AM
Many thanks for the quick response,
I read a bit about OER and it seems to suit the configuration we want to implement. It doesnt however seem quite ready yet for the routers we have installed, certainly something to look out for in the future.
EIGRP using calculated metrics for delay would also work.
We also know of other Firewall products that use syn and ack packets for latency calculation and best link decisions (mainly for ISP sharing but can be used for link sharing) but we dont want to implement these at each site, (training, hardware and licensing issues).
What we were hoping for as workable solution is a method to shut down a GRE tunnel after it reached a predefined latency and thus automatically activating the backup circuit via EIGRP.
For this we also looked at using a dialer watch group but they appear to only operate with a dialer interface within the same router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide