Hi Rick,
below my reply in bold:
Thank you for the additional information, and especially for the diagram. Your original post asked about 4 GRE tunnels but in the diagram I see only 2 GRE tunnels. A GRE tunnel originates on R1 and a second GRE tunnel originates on R2. It is not clear whether the remote end of the GRE tunnel is on R3 and R4 or whether the remote end of both GRE tunnels is on zscaler. Can you clarify?
The remote end of both GRE tunnels is on Zscaler.
Your diagram shows an OSPF network running on the 4 routers but does not include zscaler. Is that the case?
Yes, it does not include Zscaler.
You make it clear that you want R1 to go through R3 and R2 to go through R4. It is not clear whether you want to have failover. If there is a problem for R1 to get to zscaler using R3 would you want traffic from R1 to go through the path using R4?
One note, clients arrive at R1 and R2 respectively using an entry dns and are balanced at the HSRP level. Entry dns is a FQDN that resolves two IP, one (x.x.x.x) goes from R1 and the other (x.x.x.y) goes from R2 (entry example: example-it.test.it IN A x.x.x.x and example-it.test.it IN A x.x.x.y).
If for some reason R1 doesn't manage to turn traffic on R3 I'd like to make it send traffic on R2 and then end up on R4 and then on Zscaler.
Is it more clear now?
There is an option to control sending traffic from R1 using static routes. There may be an option to control that traffic with a dynamic routing protocol. When we know answers to the questions I have asked we will be in a better position to discuss advantages and disadvantages of each approach.
I think that the use of the static route is the solution in this case.
Regards,
Luca.
