Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Assistance configuring failover with GRE tunnels from remote router to dual routers

Hello,

I have a 2800 branch router with two GRE/IPSEC tunnels back to daul headend routers for redundancy, EIGRP is the routing protocol.

I need to setup failover in the event one of the routers fail. I have two default routes back to the tunnels but secondary tunnel with a higher administrative distance.

When the primary tunnel went down, internet traffic was disrupted due to the default route pointing to this tunnel, the floaitng static didn't work as planned. And when the primary tunnel came back, we also experineced some asymmetrical routing which of course impacted VOIP. The remote site s connected via satllite link.

Config on Branch:

interface Tunnel25  -----PRIMARY
description BOG-MARGE
bandwidth 6000
ip address 172.16.254.29 255.255.255.252
no ip unreachables
ip mtu 1476
ip route-cache flow
ip tcp adjust-mss 1388
tunnel source FastEthernet0/1
tunnel destination 172.16.253.2
!
interface Tunnel225   --------SECONDARY
description BOG-AGNES
bandwidth 6000
ip address 172.16.255.15 255.255.255.254
no ip unreachables
ip mtu 1476
ip route-cache flow
ip tcp adjust-mss 1388
delay 600000
tunnel source FastEthernet0/1
tunnel destination 172.16.252.2

ip route 0.0.0.0 0.0.0.0 Tunnel25

ip route 0.0.0.0 0.0.0.0 Tunnel 225 200
!

Feedback is greatly appreciated!

4 REPLIES
Cisco Employee

Re: Assistance configuring failover with GRE tunnels from remote

Two things I can see here,

1) use tunnel keepalive to bring down the tunnel when the tunnel destination is not reachable.

http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sb_gretk.html

2) use the next hop IP address instead of the tunnel interface.

Regards,

jerry

New Member

Re: Assistance configuring failover with GRE tunnels from remote

Jerry,

I'm a newbie so please clairfy:

The WAN interface is connected to a Satellite modem, we send all traffic into the GRE tunnel where it exits at main router and then is directed out to internet. So I am not sure if this will work for me.

Cisco Employee

Re: Assistance configuring failover with GRE tunnels from remote

Hi Jenny,

Since both of your Tunnel interfaces are L3 with their own IP address, I am suggesting you to point the static route to the next hop's IP address. It is just a suggestion.

The 1st comments is how to prevent the Tunnel interface from blackholing traffic. If you are using keepalive, and the Tunnel doesn't receive keepalive message from the remote end, it will bring the Tunnel to down/down, instead of blackholing the like you are describing.

Regards,

jerry

New Member

Re: Assistance configuring failover with GRE tunnels from remote

Thanks again Jerry!

729
Views
0
Helpful
4
Replies