question on "Backup Interface"

Answered Question
Aug 3rd, 2010
User Badges:

Hi

Got question on "Backup Interface"
Can Backup Interface be a  good option to pass the traffic when primary GRE Tunnel goes down at Branch


**Scenario:**

Dual VPN Hub at HQ pointing to different ISP
Branch would have one GRE tunnel each pointing to Hub1 and Hub2.

For Branch VPN-Hub 1  is always primary and if VPN-Hub 1 is not reachable then all traffic goes via VPN-Hub2

**Branch **
inter tun 1   //# Connected to Hub1
ip address 1.1.1.1 255.255.255.252
tunnel source fa 0/1
tunnel destination 9.9.9.9
backup interface tunnel 2
backup load 80 10

inter tun 2   //# Connected to Hub2
ip address 2.2.2.2 255.255.255.252
tunnel source fa 0/1
tunnel destination 9.9.9.9

Correct Answer by Giuseppe Larosa about 6 years 11 months ago

Hello Saquib,

GRE tunnels allows to use dynamic routing protocols over them


rather then attempting to use backup interface I would run EIGRP or OSPF over the tunnels


by tuning costs you can easily have tunnel 1 primary and tunnel 2 backup (higher OSPF cost or for EIGRP higher delay set on tunnel2)


to have tunnel 1 to fail like a physical interface you would need to use GRE keepalive:

without it a point to point GRE is considered up if local node has a route to tunnel destination.


with GRE keepalive enabled if local node stops to receive GRE keepalives it will put the tunnel in up/down state like a serial interface not receiving serial keepalives.


to enable keepalive you need to use the keepalive <#missedkeepalive>

in tunnel interface configuration mode on both routers (also on GRE tunnel configured on remote node I mean)


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 08/03/2010 - 13:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Saquib,

GRE tunnels allows to use dynamic routing protocols over them


rather then attempting to use backup interface I would run EIGRP or OSPF over the tunnels


by tuning costs you can easily have tunnel 1 primary and tunnel 2 backup (higher OSPF cost or for EIGRP higher delay set on tunnel2)


to have tunnel 1 to fail like a physical interface you would need to use GRE keepalive:

without it a point to point GRE is considered up if local node has a route to tunnel destination.


with GRE keepalive enabled if local node stops to receive GRE keepalives it will put the tunnel in up/down state like a serial interface not receiving serial keepalives.


to enable keepalive you need to use the keepalive <#missedkeepalive>

in tunnel interface configuration mode on both routers (also on GRE tunnel configured on remote node I mean)


Hope to help

Giuseppe

Richard Burts Tue, 08/03/2010 - 15:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

ST


I agree with Giuseppe that an alternative like running a dynamic routing protocol is better to have a second tunnel that backs up the primary.


I have not tested it but I am not sure that backup interface would even work on a virtual interface like a tunnel.


HTH


Rick

saquib.tandel Wed, 08/04/2010 - 01:33
User Badges:

Thank you both for replying.

I will test with ospf cost and do a lab with eigrp.

Actions

This Discussion