Hi Guys / Gals
Need a bit of help, The current situation is we have dual connection sites MPLS and IPSEC site to site VPN.
Now we use PBR with the validate next hope option to ensure end to end connectivity with the use of GRE tunnels for delay sensitive traffic with a secondary statement for backup, now this is very inefficient as we are are losing the full mesh benefit of both the internet and the MPLS VPN our ISP provide.
So I'm thinking ....load sharing with performance routing? is it possible to securely (loose term) route via site to site VPN's without Tunnels over the internet (This will be possible but the administration needed for each site would be a pain). Currently we are operating a dual homed hub and spoke design.
I have yet to read the 300 page .pdf on performance routing but i am under the impression it can route traffic dependant on DSCP marking, so our delay sensitive traffic will be (under normal circumstances) be routed via the MPLS network?
If you don't want to dig through the design guide PDF, I would recommend poking through the docwiki site, as it is one of the more full-featured docwiki topics I've seen:
I don't have any real world experience with PfR, but I find it an interesting topic to read about!
PfR provides at minimum the following 4 capabilities:
1) Link capacity monitoring/management.
2) Load balancing.
3) Routing based on application requirements (i.e.: delay, jitter, loss, etc).
4) Routing around soft network errors (i.e.: brownout conditions, blackout conditions, etc).
I would recommend looking into PfR as it looks to be the right feature for your requirements listed in this thread.
Let me know if you have any further questions.
Steve Lyons - Cisco
If you have a larger network it may also be worth considering GET VPN, a tunneless VPN technology.
The advantages of the technology can be found here:
• Provides highly scalable any to any mesh topology natively and eliminates the need for complex peer-to-peer security associations.
• For Multiprotocol Label Switching (MPLS) networks, maintains network intelligence (such as full-mesh connectivity, natural routing path, and QoS).Grants easy membership control with centralized key servers.
• Helps ensure low latency and jitter by enabling full-time, direct communications between sites, without requiring transport through a central hub.
• GETVPN allows replication of the packets after encryption. This allows the multicast traffic to be replicated at the core, thereby reducing the load and band width requirement on the Customer Premises Equipment (CPE).
• IP Address Preservation enables encrypted packets to carry the original source and destination IP addresses in the outer IP header rather than replacing them with tunnel endpoint addresses.
See also the following link