Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
1
Replies

mpls network ospf overlay using tunnels

carl_townshend
Spotlight
Spotlight

‎05-03-2013 03:37 AM - edited ‎03-04-2019 07:48 PM

Hi all

we have a mpls nework from the ISP, wires only so we manage the routers etc. its uses BGP.

however we need the traffic encrypted between all the sites and our HQ, we have a primary and backup router at HQ

The engineer has configured gre tunnels to the HQ primary router only, as the backup router tunnel IP will only be seen in bgp if the primary goes down.

my question is, i gather from the HQ end, would have to configure a tunnel to each remote site both on the primary and backup routers.?

and is this a good method to achieve this?

I noticed he also used crypto maps rather than vti tunnels, but only matched the GRE tunnel source and endpoints, is this OK ?

Labels:
0 Helpful
1 Reply 1

Florin Barhala
Level 6
Level 6

‎05-20-2013 12:34 AM

Hello,

First of all most of the time I prefer VTI instead of cryptomaps. There are few scenarios when VTI are not enough. I have couple scenarios like your up and running. Here is my setup:

- I keep both primary and secondary router IP address UP and running, then establish VTI between these two HQ routers and each branch.

- I run OSPF over all this infrastructure, then I add some inbound cost for each backup interface.

This helps me get a very good recovery time. Finally I use IP SLA and tracking.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card