For simplicity's sake let's say that i have 2 7206VXRs running advip-12.4(9)T2. They're in separate cities, each has a direct Internet feed plus a L2 feed between them. Each one is a PE, and running L3VPNs for customers. I use OSPF as an IGP. Everything's working great, but I want to build VPN failover in case the L2 feed between them goes down. I assume the best plan to build a GRE tunnel between them over the Internet and include it in OSPF. That way if the L2 feed fails, OSPF swings the route to the MP-BGP peer (and therefore the LSP?) over to the tunnel and it stays up? Or is it better to maintain a peer with a loopback address in the tunnel and let BGP handle the failover? Do I need to wade into MPLS-TE? Any advice or examples would be very helpful. I realize that the direct internet feed has an MTU of only 1500 so they'll be some pretty serious customer experience issues, but it's better than nothing...
The failover configuration requires two identical FWSMs connected to each other through a dedicated failover link and, optionally, a state link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs.
Thanks for the reply, but your solutions indicate the need for FWSM which I'm not using. I have a 7206-VXR at both ends. I'm getting closer to the GRE/OSPF/MP-BGP solution but the mtu is going to be painfully low....
It seems to work tolerably well in the LAB using OSPF over GRE tunnels. When the backbone feed goes down, OSPF moves the BGP peer address over to the tunnel. The only tricky part is making a static route for the opposite end of each tunnel, so you don't end up with the tunnel flapping (See %TUN-5-RECURDOWN). Also, the MTU issue seems to be nicely overcome using:
int Tunnel 0
ip address x.x.x.x
ip mtu 1508
mpls mtu 1508
This forces GRE to fragment every packet and reassemble at the other end of the tunnel. While it's hard to tell how much extra load that might be in the real world, it works pretty well in the lab. Yay for GNS3...
Is anyone using the Tunnel mtu parameters? Any issues?
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...