Hi specialists,

I am trying to find the best practice for the SDWAN tracker setup having two Internet links.

The site have two vEdges and each each will have Internet link and interconnecting by TLOC Extension.

And, each vEdge will have 2 GRE tunnels to Zscaler Service Edge for cloud security service.

We're using the GRE tunnel for default route for any VPN1(service) traffic pointing to GRE1 and GRE2 interface.

And as the secondary default route, we're adding default route with higher AD poiting to TLOC Extension interface.

For LAN side redundancy, we're using VRRP. 

And for Internet link failover with Tracker, I put the Internet next hop IP as the tracking end point IP.

So in that case, I guess the primary vEdge will remove the default route from the routing table and the subsequent default route with AD 250 will be on the routing table. 

And traffic will be transferred to the backup vEdge over TLOC Extension link.

The design is based on theory and not sure if this is the best practive for the redundancy and tracker design.

Can you please give me any advise me if there is any problem or better idea about this?

Following is configuration example and drawing.

>> vEdge_1 setup <<

ZS GRE 1

GRE Source: ge0/0

GRE Destination: 1.1.1.1

ZS GRE 1

GRE Source: ge0/0

GRE Destination: 1.1.1.2

vpn1

ip gre-route 0.0.0.0/0 vpn 0 interface gre1 gre2

Ip route 0.0.0.0/0 vpn 0 interface ge0/1.2 250

Vpn0

ip route 0.0.0.0/0 2.2.1.1

ip route 0.0.0.0/0 10.1.1.2 250

Tracker1

Track endpoint ip: 2.2.1.1

>> vEdge_2 setup <<

ZS GRE 1

GRE Source: ge0/0

GRE Destination: 1.1.1.1

ZS GRE 1

GRE Source: ge0/0

GRE Destination: 1.1.1.2

vpn1

ip gre-route 0.0.0.0/0 vpn 0 interface gre1 gre2

Ip route 0.0.0.0/0 vpn 0 interface ge0/1.1 250

Vpn0

ip route 0.0.0.0/0 2.2.1.1

ip route 0.0.0.0/0 10.1.2.1 250

Tracker1

Tracking endpoint ip: 2.2.2.1