How to achieve active/active using both L3VPN and L2VPN..

Answered Question
Sep 9th, 2010

I would like to use both IP VPN and Ethernet VPN in active/active scenario and i am trying to figure out the best method of utilizing both circuits while providing resilience, i.e. both provide backup to one another.

I realize that there are probably many ways to achieve this type of setup.

So the setup would be:

Customer has multiple sites connected to each other via both IP VPN and EtherVPN. Both IP VPN and EtherVPN are all in OSPF AREA 0.... SHAM links are enabled across SP so routes from both IP And EtherVPN are seen as O or O IA type routes.

Based on this what would be the best method of achieving active/active scenario and what are benefits or issues with each option?

- PBR routing?

- Adjusting distance for certain learned routes so they are less or more preferred?

- Adjusting COST on OSPF interfaces?

- running another routing protocol for so that lower AD protocol uses one VPN and the higher AD protocol uses the other...

I realize a lot depends on what the customer's requirements are. For example, he may need L2 connectivity for some application/DR functions, which would mean using EtherVPN...

Any other options??

It would be great to hear from anyone who has experience of this type of setup.

rays

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 6 years 2 months ago

Hello Rays,

I've answered in your previous thread

for easy reference I report here the text

Hello Rays,

>> Based on this what would be the best method of achieving active/active scenario and what are benefits or issues with each option?

- PBR routing?

- Adjusting distance for certain learned routes so they are less or more preferred?

- Adjusting COST on OSPF interfaces?

- running another routing protocol for so that lower AD protocol uses one VPN and the higher AD protocol uses the other..

I would use PBR in order to decide what IP flows go on the L2VPN link.

I would also use higher OSPF cost on the L2VPN link

in this way the L2VPN link will be used by:

L2 replication traffic and selected IP flows that you can control.

>> - Adjusting distance for certain learned routes so they are less or more preferred?

I would stay away from this as it is not easy to manage and troubleshoot, playing with AD should be considered last hope

making the two links equally preferred may not work as well.

And even if it works you miss control on what goes over L2VPN and what over L3VPN I would not recommend this.

Using two different routing protocols is safer as it gives you an additional level of control.

because most specific route is used first you could be able to have selected traffic over the L2VPN by allowing some component routes and using aggregate routes (less specific then OSPF routes) for all others.

EIGRP per interface summarization could be handy for this.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Thu, 09/09/2010 - 07:34

Hello Rays,

I've answered in your previous thread

for easy reference I report here the text

Hello Rays,

>> Based on this what would be the best method of achieving active/active scenario and what are benefits or issues with each option?

- PBR routing?

- Adjusting distance for certain learned routes so they are less or more preferred?

- Adjusting COST on OSPF interfaces?

- running another routing protocol for so that lower AD protocol uses one VPN and the higher AD protocol uses the other..

I would use PBR in order to decide what IP flows go on the L2VPN link.

I would also use higher OSPF cost on the L2VPN link

in this way the L2VPN link will be used by:

L2 replication traffic and selected IP flows that you can control.

>> - Adjusting distance for certain learned routes so they are less or more preferred?

I would stay away from this as it is not easy to manage and troubleshoot, playing with AD should be considered last hope

making the two links equally preferred may not work as well.

And even if it works you miss control on what goes over L2VPN and what over L3VPN I would not recommend this.

Using two different routing protocols is safer as it gives you an additional level of control.

because most specific route is used first you could be able to have selected traffic over the L2VPN by allowing some component routes and using aggregate routes (less specific then OSPF routes) for all others.

EIGRP per interface summarization could be handy for this.

Hope to help

Giuseppe

rays Thu, 09/09/2010 - 07:42

Thanks Giuseppe, i wasn't sure that you were

around that why double posted..!

Many thanks for you're answer.

rays

Actions

This Discussion