question on "Backup Interface"

Answered Question
Aug 3rd, 2010

Hi

Got question on "Backup Interface"
Can Backup Interface be a  good option to pass the traffic when primary GRE Tunnel goes down at Branch

**Scenario:**

Dual VPN Hub at HQ pointing to different ISP
Branch would have one GRE tunnel each pointing to Hub1 and Hub2.

For Branch VPN-Hub 1  is always primary and if VPN-Hub 1 is not reachable then all traffic goes via VPN-Hub2

**Branch **
inter tun 1   //# Connected to Hub1
ip address 1.1.1.1 255.255.255.252
tunnel source fa 0/1
tunnel destination 9.9.9.9
backup interface tunnel 2
backup load 80 10

inter tun 2   //# Connected to Hub2
ip address 2.2.2.2 255.255.255.252
tunnel source fa 0/1
tunnel destination 9.9.9.9

Correct Answer by Giuseppe Larosa about 6 years 6 months ago

Hello Saquib,

GRE tunnels allows to use dynamic routing protocols over them

rather then attempting to use backup interface I would run EIGRP or OSPF over the tunnels

by tuning costs you can easily have tunnel 1 primary and tunnel 2 backup (higher OSPF cost or for EIGRP higher delay set on tunnel2)

to have tunnel 1 to fail like a physical interface you would need to use GRE keepalive:

without it a point to point GRE is considered up if local node has a route to tunnel destination.

with GRE keepalive enabled if local node stops to receive GRE keepalives it will put the tunnel in up/down state like a serial interface not receiving serial keepalives.

to enable keepalive you need to use the keepalive <#missedkeepalive>

in tunnel interface configuration mode on both routers (also on GRE tunnel configured on remote node I mean)

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 08/03/2010 - 13:44

Hello Saquib,

GRE tunnels allows to use dynamic routing protocols over them

rather then attempting to use backup interface I would run EIGRP or OSPF over the tunnels

by tuning costs you can easily have tunnel 1 primary and tunnel 2 backup (higher OSPF cost or for EIGRP higher delay set on tunnel2)

to have tunnel 1 to fail like a physical interface you would need to use GRE keepalive:

without it a point to point GRE is considered up if local node has a route to tunnel destination.

with GRE keepalive enabled if local node stops to receive GRE keepalives it will put the tunnel in up/down state like a serial interface not receiving serial keepalives.

to enable keepalive you need to use the keepalive <#missedkeepalive>

in tunnel interface configuration mode on both routers (also on GRE tunnel configured on remote node I mean)

Hope to help

Giuseppe

Richard Burts Tue, 08/03/2010 - 15:08

ST

I agree with Giuseppe that an alternative like running a dynamic routing protocol is better to have a second tunnel that backs up the primary.

I have not tested it but I am not sure that backup interface would even work on a virtual interface like a tunnel.

HTH

Rick

saquib.tandel Wed, 08/04/2010 - 01:33

Thank you both for replying.

I will test with ospf cost and do a lab with eigrp.

Actions

This Discussion