06-30-2022 07:58 AM
Hello Community,
I recently deployed active/standby set up for single router dual circuit where one circuit has slower speed and was meant to be a backup line incase primary failed. I made following two config changes to make it work and was curious if there is better way to do this.
1. Remote office outbound traffic: app-route policy preferred color (primary circuit) and backup preferred color (secondary circuit) set up to send pre-defined application traffic over primary circuit unless the SLAs were hit.
2. Remote office inbound traffic: applied OMP preference on primary circuit interface so the advertised routes from primary are preferred.
This works for most of the important traffic but not all as reliant on the apps-list defined. Is there a better way to deploy active/backup for Single Router Dual circuit scenario?
Appreciate your inputs in advance! Cheers!
07-02-2022 07:31 PM - edited 07-06-2022 06:05 AM
Hi @nvp1
Answering your question,
You can replace the list of applications to a list source Data Prefix., so you will cover all the source traffic. In the centralized politics of application aware routing.
Set the policy action for a Backup SLA Preferred Color match condition. When no tunnel matches the SLA, direct the data traffic to a specific tunnel. Data traffic is sent out the configured tunnel if that tunnel interface is available. If that tunnel interface is not available, traffic is sent out another available tunnel. You can specify one or more colors. The backup SLA preferred color is a loose matching, not a strict matching.
But, I would recommend setup both Transport doing load balancing. In fact, the secondary Transport with the least possible load always. That's one of the benefits of SD WAN having both Transport active/active.
I hope the information provided helps you.
<< Mark as helpful or answered, if the answer resolved the question, this helps future requests from other members of the community >>
10-11-2024 12:49 AM
There is a simpler way to achieve this which does not require any traffic engineering. Simply configure the command "Last Resort Circuit" under the "backup" tunnel-interface in vpn0. This means that whilst the main interface is up and has control connections, the backup will be down (no control or BFD sessions). If the "main" circuit fails the Last Resort circuit will enable and establish it's control and data plane. The switchover is very fast.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide