Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2491
Views
0
Helpful
7
Replies

MPLS failover / redundancy

JASON BARBER
Level 1
Level 1

‎02-06-2014 07:53 AM - edited ‎03-04-2019 10:16 PM

I have MPLS setup in a lab environment with two local CE routers (on seperate circuits) using GRE to the PE router with RIP. Once it hits the PE routers, the core network redistributes it via BGP and it is learned again as a RIP route on the remote nodes.

With the typical setup, each local network is placed on the Trusted Interface and thus advertised. Each remote node will see the individual /24 network pointing to the local GRE tunnel IP.

The local firewalls at each location have static routes pointing to the trusted interface for access to the individual subnets...works fine.

What I am wanting to do is setup a MPLS failover (Active/Passive) on the 2 local lab routers where if one of them goes down the network is now advertised as living behind the second routers GRE IP. The LAN side is setup as both routers connected to a single firewall and HSRP is configured between the two routers. The firewall points the remote subnets to trusted IP which is  the HSRP IP. this appears to work fine locally, but the other nodes only see one routing entry which does not appear to change when failover happens.

Our processes on advertisements, configuration, etc are pretty strict to keep it like the above so I am a little confused on what to try here.

Any thoughts here?

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎02-06-2014 08:38 AM

Jason

Just to clarify.

You have a central site with two MPLS connections on different routers. The LAN interfaces of these routers running HSRP are in a common vlan with the firewall and the firewall has a default route (or routes to remote subnets) pointing to the HSRP VIP.

If so are the remote sites setup the same way or do they only have one router with two connections ?

Is there any reason you are not running BGP ie. why RIP through GRE tunnels ?

Can you summarise the central site routes ?

Jon

0 Helpful

JASON BARBER
Level 1
Level 1
In response to Jon Marshall

‎02-06-2014 09:56 AM

1. Yes that is mostly correct with the correction that it isnt central site routing. Our old setup was similar to the remot nodes with one MPLS termination and circuit. This is just to add a standby connection.

2. Remote sites only have a single router with one circuit/connection.

3. Due to issues with making the local router a PE router, and WAN design considerations, this is a current rule.

4. Only the local subnet is advertised.

Does this help?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to JASON BARBER

‎02-06-2014 10:06 AM

Sorry Jason, it's been a long day

I was assuming the problem was at the remote sites but you are saying they only a single router and connection.

So does each remote site only have one GRE tunnel or two ?

I'm not sure exactly which but isn't working.

Jon

0 Helpful

JASON BARBER
Level 1
Level 1
In response to Jon Marshall

‎02-06-2014 12:18 PM

example.jpg

Here is a basic diagram.

The 192.168.2.x will only ping to the 192.168.1.x network if the router marked Active is up. Once it fails, HSRP marks the standby as active correctly but I can no longer access the local network from the 192.168.2.x network

      

Ideally I would almost like the WAN side to act like the HSRP on the LAN side and go into Active / Standby rather than two routes advertised.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to JASON BARBER

‎02-06-2014 12:41 PM

Jason

It may be something to do with how you are running RIP across the MPLS cloud as i have only ever used BGP for this.

But i would have thought if the active device fails then it would stop advertising the RIP routes to the PE so the PE would automatically use the other GRE tunnel to the new active router. Unless it was the LAN interface of the active HSRP router that went down and you were redistributing statics into RIP on the active router in which case the PE device would still receive the routes.

In fact i am a little confused as to why the PE is not seeing equal cost routes to your 192.168.1.0/24 network via both GRE tunnels if both routers have GRE tunnels and are sending RIP advertisements to the PE. How does the PE know which tunnel you want to send the traffic down as it has no way of knowing which router is HSRP active.

Like i say i may be misunderstanding because of the way RIP is being used.

The GRE tunnels are only between the CE and PE devices at each site aren't they.

Jon

0 Helpful

JASON BARBER
Level 1
Level 1
In response to Jon Marshall

‎02-06-2014 12:46 PM

Jon,

Thanks for all your help on this.

I am going to continue working on the RIP routes and redistribution of connected.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to JASON BARBER

‎02-06-2014 12:52 PM

Jason

No problem.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card