Redundant Tunneling through 2 Connection Ways with automatich switching

Unanswered Question
Jan 8th, 2008
User Badges:

Hello!


I got a 7506 and a 2600 whereas one connection way i throu a leased line the other through a Sat Connection.


I want to make the tunnels which have the same physical target machine to swith automatically when the leased line goes down. the interface of the leased lne does *not* go down.


any idea how to do this excpet manual reconfiguring? i want to do this automatically ... :-/

See the Image below...

Tunnel600 is the Leased Line

Tunnel700 the Sat Connection which should NOT be used in any way by default! (no load balancing!)


http://img112.imageshack.us/img112/6287/tunnelneutralgx5.jpg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 01/08/2008 - 10:22
User Badges:
  • Purple, 4500 points or more

What kind of tunnels are these (ie GRE/IPSEC). Is there a routing protocol running here? What about HSRP? Do you have administrative control over both routers?

Richard Burts Tue, 01/08/2008 - 11:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I would think that a very good solution would be to configure them as GRE tunnels if they are not already GRE and then to configure keepalives on the tunnels. The default with GRE tunnels is that IOS will treat them as up/up as long as the router has a valid route to the tunnel destination. But the fairly new feature of GRE keepalives will actually verify that traffic is passing through the tunnels. If the keepalives do not pass through the tunnel then IOS will mark that tunnel as protocol down. The protocol down could be used as the trigger for failover.


Another option would be just to run some dynamic routing protocol over the tunnels and to make one tunnel function as primary. As long as the protocol hellos and updates pass over the primary tunnel it will carry traffic. And if hellos stop being carried over the tunnel then the routing protocol will mark it down and fail over to the other tunnel automatically.


HTH


Rick



kmmehlkmmehl Tue, 01/08/2008 - 20:17
User Badges:

hello!


its just GRE. Not Routing Protocols yet but possible. Yes of course full control!


:)

Rick Morris Tue, 01/08/2008 - 11:19
User Badges:
  • Silver, 250 points or more

I agree with the last reply.


However, one of the things to keep in mind is that you can build a redundant tunnel, but it is really an additional tunnel.


For instance where I came from we had 2 T-1's going to one location. In order to maintain connectivity we had 2 tunnels built. We needed to make sure that the interface we used is the same for both tunnels and not 2 separate interfaces on the firewall. Otherwise you may have to set something up like a floating static route.

Richard Burts Wed, 01/09/2008 - 05:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If the tunnels are GRE and you are not currently running a dynamic routing protocol then I believe that the keepalive option would be the most simple to implement and should solve your issue. With keepalive configured on the GRE tunnel running over the serial interface, if data stops flowing through the serial link then the GRE tunnel will go protocol down, whether or not the serial interface goes down.


Or implementing a dynamic routing protocol would be a solution that should work. I see some advantages in dynamic routing protocols in many situations. We do not know enough about your particular situation to know whether it is better to switch to a dynamic routing protocol or to stay with static routes.


HTH


Rick

Actions

This Discussion