Private MPLS to Site-to-Site VPN Failover

campbell.thompson · ‎04-25-2007

We have a vendor provided VPN between our London and Santa Barbara offices which has worked well since installation, but I would like to create an automatic failover to a site-to-site VPN between 2 Cisco PIX 515E's.

I've managed to create the s2s vpn and have enabled ospf and setup redistribution of connected subnets and can see those ospf broadcast routes at the far end on my 3750 with ospf enable, but only where a static route doesn't exist.

Basically, I want to know if there is some way that I can configure the static route to the MPLS PE route (at both offices) in such a way that if the MPLS goes down, the ospf route will be activated. I was looking at the possibility of floating static routes, but I don't think the 3750 supports this.

Any help or direction would be appreciated.

Thanks in advance.

Campbell

campbell.thompson · ‎04-25-2007

Apologies, I meant to say a vendor provided MPLS...

mounir.mohamed · ‎04-25-2007

Dear,

the case not clear, would you please provide us with more clarifications including a breif about the design and config.

waiting you.

best Regards,

Mounir mohamed

campbell.thompson · ‎04-25-2007

Well Mounir, what more would you like? I'm basically after a method to integrate static routes with OSPF routes so that if a static route isn't available, then the ospf route will take over...

Let me know the specifics of what you are after and I'll provide the detail.

mounir.mohamed · ‎04-25-2007

Dear campbell.thompson,

This should be done dynamiclly because the static route has AD 1 and the OSPF routes has AD 110, so if the route learned 2 route (with the same prefix)to sepcific destination the router will select the loswer AD one which is the default route, then once the static route failed the next lower AD path will be selected.

Best Regards,

Mounir Mohamed

campbell.thompson · ‎04-25-2007

So if I've configured a static route, it will just drop out and give way to the ospf route? I tried this and it didn't failover. I thought I would have to do something like route tracking to make sure that this would work?

mounir.mohamed · ‎04-25-2007

Dear,

Could you provide me with a snapshot of your running config.

Best Regards,

Mounir Mohamed

campbell.thompson · ‎04-25-2007

There you go Mounir... I've taken out network specific, but you have the base detail....

mounir.mohamed · ‎04-25-2007

Dear,

As per the attached config i got that VLAN1 and VLAN10 are OSPF enabled and belong to area 1. but the static routes will be installed in the routing table forever because the routes pointing to next hop IP address also the outgoing interface (Which is SVI interface) will never come down, so in such case try to establish 2 different GRE tunnels one over the main link by using source/destination interface address of the main link, the second GRE tunnel shall be established by using source & destination interface address of backup or failover link, then you can using static routes or run OSPF over both tunnels to load-balance over both or even increase the bandwidth command under one of the tunnles to make it the main the let the second one to be the backup.

If you have any problem with the configurations let me now :)

Please Rate Helpful posts.

Best Regards,

Mounir Mohamed

campbell.thompson · ‎04-25-2007

That sounds like what I'm after, although I'm going to have to dig to the bottom of my abilities to be able to configure it...

Thanks for the help Mounir. I may be back to you at some point for some help...

mounir.mohamed · ‎04-25-2007

Dear,

You Welcome anytime, good luck.

Best Regards,

Mounir Mohamed