Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5307
Views
0
Helpful
23
Replies

VPN backup to MPLS

dmurray14
Level 1
Level 1

‎04-03-2010 09:31 AM - edited ‎03-06-2019 10:27 AM

Hey guys,

I need to implement a VPN backup for an MPLS network (running ibgp). I would like to concurrently run a VPN tunnel from a branch office to HQ alongside a MPLS. When the MPLS goes down I'd like traffic to go over the VPN, but only then. I was thinking of setting up the VPN tunnel and doing something like an IP SLA to monitor the MPLS, and maybe add a static for the VPN if it's detected down-- though truthfully, I get it in concept but I'm not sure how I'd implement it. Any ideas? Much appreciated.

Thanks,

Dan   

Labels:
0 Helpful
23 Replies 23

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dmurray14

‎04-03-2010 11:29 AM

No, here's an example for your reference:

ip sla 53
icmp-echo x.x.x.x
timeout 500
frequency 3
ip sla schedule 53 life forever start-time now

ip sla 54
icmp-echo y.y.y.y
timeout 500
frequency 3
ip sla schedule 54 life forever start-time now

track 1 rtr 53 reachability
track 2 rtr 54 reachability

ip route 0.0.0.0 0.0.0.0 MPLS 1 track 1
ip route 0.0.0.0 0.0.0.0 VPN 100 track 2

x.x.x.x and y.y.y.y will be a reachable IP via the MPLS and VPN links respectively.

This is if the VPN and MPLS reside on the same router as Jon said.

Federico.

0 Helpful

dmurray14
Level 1
Level 1
In response to Federico Coto Fajardo

‎04-03-2010 11:33 AM

Wouldn't that be 2 statics though? My MPLS routes are advertised via BGP.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to dmurray14

‎04-03-2010 11:35 AM 

dmurray14 wrote:
Wouldn't that be 2 statics though? My MPLS routes are advertised via BGP.

That's the reason you don't need IP SLA ie. because you are not using 2 statics.

If you want to reduce the BGP convergence you could reduce the BGP timers. What would be an acceptable failover time for you ?

Jon

0 Helpful

dmurray14
Level 1
Level 1
In response to Jon Marshall

‎04-03-2010 12:05 PM

Jon,

I'd like to shoot for a couple minutes - any more than that and I'll still get called at 3am!

Quick edit: looks like the cisco default is 60 seconds, or am I reading this wrong? That would be great.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to dmurray14

‎04-03-2010 12:25 PM

With default BGP timers of 60seconds and 180seconds it could be longer but you can reduce the timers. We used 10 and 30 on our MPLS network and it worked fine.

Jon

0 Helpful

dmurray14
Level 1
Level 1
In response to Jon Marshall

‎04-03-2010 12:27 PM

Thanks Jon. I just discovered GNS3, so it looks like I have some messing around to do...

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dmurray14

‎04-03-2010 11:36 AM

You're right sorry.

In that case, changing the AD of the STATIC route, the iBGP routes will always be preferred over the static floating route.

Just use the example I gave you for the VPN connection.

Federico.

0 Helpful

dmurray14
Level 1
Level 1
In response to Federico Coto Fajardo

‎04-03-2010 12:04 PM

Thanks Federico!

0 Helpful

dmurray14
Level 1
Level 1

‎04-29-2010 02:39 PM

I'm almost ready to deploy this, but I came up with one last question -- how do I handle the internet? I already have a default static route pointing to the MPLS gateway. How do I switch this over to the backup internet connection when it goes down? Is it enough just to put in another default static with the backup link gateway, with a higher admin distance? I'm just not sure when the original static will be taken out.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card