Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
3
Replies

MPLS Backup - Multiple Routers at remote site

j_pearcy00_2
Level 1
Level 1

‎11-10-2010 01:57 PM - edited ‎03-04-2019 10:25 AM

Today we have 7 offices on our MPLS. We are started to add secondary internet connections for failover. The initial idea was drop the internet connection in and then ship out a lower end router to be a VPN End point and it would be a manual failover. IE unplug MPLS router plug in backup router and turn up Point to Point IPSEC tunnel. I would like to use a dynamic routing protocol instead. I was thinking about MPLS but my biggest question is that if I have two routers in the brach and I point the end users to one of the routers and the primary connection dies what is the best way for that router (end users default gateway) to route requests to the other router. I know OSPF will get traffic thats destined for those routers down the right path but how do I get the end user to use the right gateway? The MPLS is managed by the ISP but they said they can setup OSPF or pretty much anything the routers will support for us. I have Cisco ASA 5540s in the main office and Cisco 881s for the backup internet connections in the branch offices

Any help will be greatly appreciated.

Labels:
0 Helpful
3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

‎11-10-2010 02:17 PM

Hello,

If I understand you correctly then you have an MPLS VPN currently running, and you want to create a backup solution using the usual internet access, and you want the failover to happen automatically without resorting to the manual changes.

This should not be a problem to do. The main idea of the solution is to run the routing protocol both with the MPLS VPN provider and over the backup tunnels, and make sure that the metric of routes learned via backup routes is (significantly) worse than the metric of the same routes learned via the MPLS VPN. When the MPLS VPN connectivity is lost, the routes learned from MPLS VPN cloud will be removed from the routing table and will instead be replaced by the routes learned via backup tunnels.

Special care has be taken about the administrative distance (AD) of the routes. As the MPLS VPN provider will be performing mutual redistribution between your routing protocol and its BGP, the routes learned from the MPLS cloud will be considered as external (redistributed). Routing protocols which differentiate between internal and external networks always prefer the internal route. That would, unfortunately, lead to complete reversal of priorities - the backup tunnels would be preferred because the routes would be learned as internal (no redistribution) while the MPLS-learned routes would be external and thus less preferred.

The RIP does not differentiate between the internal/external networks so this problem is not present with RIP. The EIGRP recognizes internal routes and assigns them AD=90, and external routes are assigned AD=170. You would need to manipulate the AD of these routes so that the internal routes become less preferred and thus the external routes coming from MPLS are used preferentially.

For OSPF, the situation is more complicated in that it internally differentiates between intra-area, inter-area and external routes without even using the concept of AD. The solution for OSPF is actually on the shoulders of your MPLS VPN provider - you should ask him to configure a so-called OSPF sham link to interconnect your branches. An OSPF sham-link is a feature that allows learning the networks on other branches as intra-area routes, instead of seeing them as inter-area or external routes.

Feel free to ask further.

Best regards,

Peter

0 Helpful

j_pearcy00_2
Level 1
Level 1
In response to Peter Paluch

‎11-10-2010 02:39 PM

Thank you for the very prompt response. I will look into EIGRP as that sounds like it might be the better option of the three. I know that was one of the options our ISP mentioned also.

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to j_pearcy00_2

‎11-10-2010 03:00 PM

Hello,

If you are running only Cisco gear then the EIGRP is fine - easy to configure, reacting fast, allows for arbitrary summarization (just as any distance-vector protocol), not demanding on CPU/memory resources. If, however, you expect also other vendors' routing devices to be used in some reasonable time in the future, the EIGRP may not be a good choice for obvious reasons of proprietarity. Also make sure that all your devices (ASA box, branch routers) currently support the EIGRP.

From your viewpoint, the OSPF would be actually the easiest to configure because you would just start it and modify the interface costs. The sham-link is a feature that your MPLS VPN provider would configure on his routers at your request. It is not your responsibility to configure the sham-link.

The choice is yours.

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card