we are trying to setup a failover connection to a dmvpn, our primary connection is mpls we have over 20 sites all connected on the mpls network, each site has their own subnet, what we want is to send all the traffic thru the mpls and whenever the mpls is down send it thru the dmvpn, we currently have 2 hubs and spokes on allthe sites, we also are thinking onuse ip sla to monitor the mpls so whenever is down switch it to the dmvpn.
the hubs are a 2921, and the sites have a 1941 and 881, our dmvpn allows spoke-to-spoke communication.
Thanks for all your help!
That hopefully should not be too difficult all you will have to do is use a dynamic routing protocol and ensure that you set the metric/cost appropriately to enable the traffic to flow over the MPLS primary and fail to the DMVPN (I'm assuming over the Internet).
But once you configure the routing it should work how you want automatically because tunnel interfaces tend to have a higher cost or delay than normal interfaces which will cause them to be less preferred by a routing protocol hence they will be seen as a backup and all traffic will flow over the MPLS.
No you don't need to use IP SLAs the routing protocol will be able to detect whether or not a neigbour has gone down and will reroute traffic accordingly.
The routing protocol is a matter of choice I suppose but I would recommend either OSPF or EIGRP and ensure that the cost/delay is set appropriately on the interfaces involved if needed.
we currently have a DMVPN spoke-to-spoke with 2 hubs, and we are using EIGRP, the DMVPN will be a backup connection to our network, but the primary is the mpls, all the sites are connected thru MPLS and all site had an spoke, we dont manage the mpls, so we are limited on the part, I was thinking on ip sla to monitor the other end of the mpls, and whenever the other end is down all the routes will re-route to the dmvpn, so in order to user a dynamic route I can add the internal subnets ( each site its on her own subnet) on the EIGRP database and the EIGRP will decide which route to take? or how can I accomplish this?
I am having difficulty picturing your topology especially since you made mention that you don't manage the MPLS. Is the MPLS link and the link for the DMVPN terminated on the same router?
If they are on the same router then all you need to do is add the MPLS interface to the EIGRP process.
Our topoly its not too complicated, I have added a diagram of our network on our lab.
The DMVNP goes thru the 192.168.16 network, each site is running a dhcp from the router Site A - 192.168.20/24 while the router on the site is .10 and the mpls router is .11, on Site B the dhcp pool is 192.168.21/24 the router is .10 and the mpls is .11.
we have switch after the router because we want to fail over our connections to a 3rd device ( firewall, not cisco) so basically what I am looking for is to always use the mpls route to communicate to the other site and use the DMVPN as a failover, but I am having problems doing this I added the network ( 192.168.20 and .21) to my EIGRP but the package still going thru the tunnel, I dont know what I am missing, can you help me out? or EIGRP is not the dynamic protocol that I need?
Based on your topology it would seem that your switch will have to make the decision as to which route to take. Is the switch currently configured with EIGRP? If not you will need to add it to routing and ensure that the MPLS router is prefered, whether by adjusting the delay on the interfaces on the routers that connect them to the switch or by modifying the metric the switch learns from each router to make the MPLS the primary.
You can check out the link below, it may help.
Thanks for the info.
I am looking at the doc right now.
Having a L3 swtich can make everything easier, but you know how this work...money..... so, I am going to try make it work at my lab with a L3 that I have around, but what if I cant have a L3 switches on all my sites? (20) ? there is any other way to do it? the Cisco 881 has a 4 port for the lan, so can I use one of those ports to directly connect to the mpls and forward all the traffic to the interface?
Well if you can't have L3 switches every where I would suggest using a FHRP such as HSRP with tracking options. This will enable you to make your MPLS router the primary router and you will point your clients to the VIP so they will not care about which router is up so long as HSRP switches over as needed.
In order to accomplish this you will need to ensure that HSRP does "ip routing" tracking (which also adds the advantage of interface tracking) on the primary router so that when it no longer receives routes it will failover to the DMVPN router and the users wont know the difference.
I guess it all depends on how your gateways are setup. Hope that helps.