Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1735
Views
0
Helpful
4
Replies

Assistance configuring failover with GRE tunnels from remote router to dual routers

jenny.russo
Level 1
Level 1

‎02-04-2010 09:48 AM - edited ‎03-04-2019 07:24 AM

Hello,

I have a 2800 branch router with two GRE/IPSEC tunnels back to daul headend routers for redundancy, EIGRP is the routing protocol.

I need to setup failover in the event one of the routers fail. I have two default routes back to the tunnels but secondary tunnel with a higher administrative distance.

When the primary tunnel went down, internet traffic was disrupted due to the default route pointing to this tunnel, the floaitng static didn't work as planned. And when the primary tunnel came back, we also experineced some asymmetrical routing which of course impacted VOIP. The remote site s connected via satllite link.

Config on Branch:

interface Tunnel25  -----PRIMARY
description BOG-MARGE
bandwidth 6000
ip address 172.16.254.29 255.255.255.252
no ip unreachables
ip mtu 1476
ip route-cache flow
ip tcp adjust-mss 1388
tunnel source FastEthernet0/1
tunnel destination 172.16.253.2
!
interface Tunnel225   --------SECONDARY
description BOG-AGNES
bandwidth 6000
ip address 172.16.255.15 255.255.255.254
no ip unreachables
ip mtu 1476
ip route-cache flow
ip tcp adjust-mss 1388
delay 600000
tunnel source FastEthernet0/1
tunnel destination 172.16.252.2

ip route 0.0.0.0 0.0.0.0 Tunnel25

ip route 0.0.0.0 0.0.0.0 Tunnel 225 200
!

Feedback is greatly appreciated!

Labels:
0 Helpful
4 Replies 4

Jerry Ye
Cisco Employee
Cisco Employee

‎02-04-2010 10:02 AM

Two things I can see here,

1) use tunnel keepalive to bring down the tunnel when the tunnel destination is not reachable.

http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sb_gretk.html

2) use the next hop IP address instead of the tunnel interface.

Regards,

jerry

0 Helpful

jenny.russo
Level 1
Level 1
In response to Jerry Ye

‎02-04-2010 10:35 AM

Jerry,

I'm a newbie so please clairfy:

The WAN interface is connected to a Satellite modem, we send all traffic into the GRE tunnel where it exits at main router and then is directed out to internet. So I am not sure if this will work for me.

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to jenny.russo

‎02-04-2010 11:07 AM

Hi Jenny,

Since both of your Tunnel interfaces are L3 with their own IP address, I am suggesting you to point the static route to the next hop's IP address. It is just a suggestion.

The 1st comments is how to prevent the Tunnel interface from blackholing traffic. If you are using keepalive, and the Tunnel doesn't receive keepalive message from the remote end, it will bring the Tunnel to down/down, instead of blackholing the like you are describing.

Regards,

jerry

0 Helpful

jenny.russo
Level 1
Level 1
In response to Jerry Ye

‎02-04-2010 11:08 AM

Thanks again Jerry!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card