cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
775
Views
0
Helpful
4
Replies

What is the solution for service static routing with TLOC Extension.

kay.kang
Level 1
Level 1

Hi,

We're trying to set dual Internet connections on a branch site and each vEdge has one ISP connection.

And, vEdges are having the other ISP link through TLOC Extension.

Each vEdge has default GRE routes undet VPN1 for DAI Internet traffic. (ip gre-route 0.0.0.0 0.0.0.0 vpn0 gre1 gre2).

On LAN side, vEdges are runnning VRRP. (vEdge1 is master and vEdge2 is backup).

Currently, the Internet link on vEdge1 is down currently, but vEdge1 still have the control connections over the TLOC Extension link via vEdge2.

For the Internet traffic failover, we want vEdge1 send the traffic coming from LAN side(VPN1) send out to the TLOC Extension link and the traffic is going through vEdge2.

We have only ip gre-route 0.0.0.0 0.0.0.0 vpn0 gre1 gre2 and want to add sub-sequential static service route, but have no idea what static route should be added to make this failover.

4 Replies 4

Hi,

 

  Let me ask you a few thing in order to try to help:

 

"We're trying to set dual Internet connections on a branch site and each vEdge has one ISP connection."

Right, then, you are going to stablish your control connections using Internet. That´s right.

 

"And, vEdges are having the other ISP link through TLOC Extension."

You mean, you have redundancy through TLOC to other router. OK.

 

"Each vEdge has default GRE routes undet VPN1 for DAI Internet traffic. (ip gre-route 0.0.0.0 0.0.0.0 vpn0 gre1 gre2)."

You probably mean "DIA"? Direct Internet Access ? 

I was wondering why GRE tunnel for DIA. DIA, if that is the case, is used to Internet surfing, I mean, all traffic that you wont send to your data center.

 And would make more sense to me if you have something like "ip internet-route 0.0.0.0"

 

 

"On LAN side, vEdges are runnning VRRP. (vEdge1 is master and vEdge2 is backup)."

Probably the VRRF is running on the switch connected to the router.

 

"Currently, the Internet link on vEdge1 is down currently, but vEdge1 still have the control connections over the TLOC Extension link via vEdge2."

right.

 

"For the Internet traffic failover, we want vEdge1 send the traffic coming from LAN side(VPN1) send out to the TLOC Extension link and the traffic is going through vEdge2."

This should be happening already.

 

"We have only ip gre-route 0.0.0.0 0.0.0.0 vpn0 gre1 gre2 and want to add sub-sequential static service route, but have no idea what static route should be added to make this failover.""

Not sure how this works for you. Can you share the "show running-config" from both routers and switches involved? You can take off any sensitiv information please.

 If you can share the topology as well, would be great.

 

 

Hi Flavio,

 

To help you understand our setup, we don't run any overlay tunnel between vEdges.

We're using them as just WAN routers under vmanage control.

And, another thing about the setup regarding especially GRE tunnels, we are having Zscaler cloud service(like Umbrella SIG) and any Internet traffics are supposed to sent out the GRE tunnels established between our vEdge WAN router and Zscaler cloud service edge.

That's why we have the gre default static route under vpn1(service).

For our issue, each vEdge has GRE tunnels established through it's direct ISP link.

And they are also connected by TLOC Extension.

Under the normal condition, which means that traffic arrives at either vEdge1 or vEdge2 will send traffic over GRE tunnels.

But, when for example, vEdge1, which is VRRP primary router has its Internet link down and it has only TLOC extension route left.

The traffic will be still sent to vEdge1 because vEdge1 is still VRRP primary router, but vEdge doesn't have alive GRE tunnels anymore.

In this case, vEdge1 should send traffic over TLOC Extension link to vEdge2 somehow.

Or as another option, somehow vEdge2 should become VRRP primary router when vEdge1 has outage with GREs or Internet link.

How can we make this work?

Hopefully, this helps you understand.

tracker.PNG

Well, might be others and maybe better solution but you can add a Tracker on the router 1 monitoring the Link. In case the link fail you can take some action.

 For example, you could have a default  route send averything to router 2 but with higher Administrative distance. And the action of the tracker could lower this route AD in case of link failure.

another option  could be change the VRRP priority as the action and then the traffic would be sent to Rotuer 2 as well.

Hi,

 

I think no need to route via TLOC extension, better way is to track interface(s) and to track interface or even SIG and decrease VRRP priority automatically (use 120 on primary, 100 on secondary and decrement 30).

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/vedge-20-x/systems-interfaces-book/m-vrrp-tracking.html

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Review Cisco Networking for a $25 gift card