Assistance configuring failover with GRE tunnels from remote router to dual routers

Unanswered Question
Feb 4th, 2010

Hello,

I have a 2800 branch router with two GRE/IPSEC tunnels back to daul headend routers for redundancy, EIGRP is the routing protocol.

I need to setup failover in the event one of the routers fail. I have two default routes back to the tunnels but secondary tunnel with a higher administrative distance.

When the primary tunnel went down, internet traffic was disrupted due to the default route pointing to this tunnel, the floaitng static didn't work as planned. And when the primary tunnel came back, we also experineced some asymmetrical routing which of course impacted VOIP. The remote site s connected via satllite link.

Config on Branch:

interface Tunnel25  -----PRIMARY
description BOG-MARGE
bandwidth 6000
ip address 172.16.254.29 255.255.255.252
no ip unreachables
ip mtu 1476
ip route-cache flow
ip tcp adjust-mss 1388
tunnel source FastEthernet0/1
tunnel destination 172.16.253.2
!
interface Tunnel225   --------SECONDARY
description BOG-AGNES
bandwidth 6000
ip address 172.16.255.15 255.255.255.254
no ip unreachables
ip mtu 1476
ip route-cache flow
ip tcp adjust-mss 1388
delay 600000
tunnel source FastEthernet0/1
tunnel destination 172.16.252.2

ip route 0.0.0.0 0.0.0.0 Tunnel25

ip route 0.0.0.0 0.0.0.0 Tunnel 225 200
!

Feedback is greatly appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jenny.russo Thu, 02/04/2010 - 10:35

Jerry,

I'm a newbie so please clairfy:

The WAN interface is connected to a Satellite modem, we send all traffic into the GRE tunnel where it exits at main router and then is directed out to internet. So I am not sure if this will work for me.

Jerry Ye Thu, 02/04/2010 - 11:07

Hi Jenny,

Since both of your Tunnel interfaces are L3 with their own IP address, I am suggesting you to point the static route to the next hop's IP address. It is just a suggestion.

The 1st comments is how to prevent the Tunnel interface from blackholing traffic. If you are using keepalive, and the Tunnel doesn't receive keepalive message from the remote end, it will bring the Tunnel to down/down, instead of blackholing the like you are describing.

Regards,

jerry

Actions

This Discussion