Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
0
Replies

Routing FlexVPN loopback through another router when tunnels are down

mhmservice
Level 1
Level 1

‎02-12-2021 02:39 AM

Hi all

 

I have a FlexVPN setup with 2x WAN routers in a branch (let's call them R1 and R2) connected to 2x hubs (HUB1 and HUB2)

 

R1 and R2 have a single ISP line each

 

Hub 1 Loopback = 1.1.1.1

Hub 2 Loopback = 1.1.1.2

R1 Loopback = 2.1.1.1

R2 Loopback = 2.1.1.2

R1/R2 local LAN = 192.168.1.0/24 (interface VLAN10)

 

I'm using iBGP on the FlexVPN and OSPF on the LAN

 

Routing configuration:

R1 routing configuration:

router ospf 1
 passive-interface default
 no passive-interface Vlan10
 network 2.1.1.1 0.0.0.0 area 1
 network 192.168.1.0 0.0.0.255 area 1
router bgp 65100
 bgp log-neighbor-changes
 network 192.168.1.0 mask 255.255.255.0
 network 2.1.1.1 mask 255.255.255.255
 timers bgp 15 30
 redistribute ospf 1
 neighbor 1.1.1.1 remote-as 65100
 neighbor 1.1.1.1 fall-over
 neighbor 1.1.1.1 next-hop-self
 neighbor 1.1.1.2 remote-as 65100
 neighbor 1.1.1.2 fall-over
 neighbor 1.1.1.2 next-hop-self

R2 routing configuration:

router ospf 1
 passive-interface default
 no passive-interface Vlan10
 network 2.1.1.2 0.0.0.0 area 1
 network 192.168.1.0 0.0.0.255 area 1
router bgp 65100
 bgp log-neighbor-changes
 network 192.168.1.0 mask 255.255.255.0
 network 2.1.1.2 mask 255.255.255.255
 timers bgp 15 30
 redistribute ospf 1
 neighbor 1.1.1.1 remote-as 65100
 neighbor 1.1.1.1 fall-over
 neighbor 1.1.1.1 next-hop-self
 neighbor 1.1.1.2 remote-as 65100
 neighbor 1.1.1.2 fall-over
 neighbor 1.1.1.2 next-hop-self

The problem I have is that when the tunnel on either R1 or R2 goes down, the loopback IP of the downed router is in the routing table but it's not accessible from the rest of the network - I believe this is because the down router doesn't know the route back to the rest of the network

 

For example if R2 is down, I can add a static route to R2, which fixed the problem (obviously not a practical solution)

ip route 0.0.0.0 0.0.0.0 2.1.1.1

 

I tried using the following commands

 

router ospf 1

redistribute bgp 65100 subnets

 

router bgp 65100

bgp redistribute-internal

 

This does work but has 2 problems - it's a bit of a dangerous feature and secondly what happened is that when R2 ISP is back up, the routes received through OSPF have a lower metric than BGP (110 for OSPF routes and 200 for iBGP), and I couldnt find a way to manipulate that,

 

Does anyone have an idea how I can get this working?

 

From the user perspective hte loopback not being accessible causes no problems but in the situation like an ISP IP needs changing or something, it's really awkward to have to SSH from another router on site / console in to fix the problem

 

Hope this makes sense

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents