Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1692
Views
0
Helpful
6
Replies

Best way to backup Mpls Over Internet

Go to solution
carl_townshend
Spotlight
Spotlight

‎09-10-2013 09:44 AM - edited ‎03-04-2019 08:59 PM

Hi all

We currently have remote sites with an Mpls wan to the hq, each site also has an Internet connection , I need to have automated backup to the Mpls over the Internet. Each site will have 2 routers, for Mpls and for Internet.

What's the best way of achieving this ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mfurnival
Level 4
Level 4
In response to carl_townshend

‎09-11-2013 05:41 AM

On your spoke sites run HSRP between your two routers (with the MPLS router given a higher priortity) and track received routes / interface state on the MPLS router so if the MPLS goes down the priority is decremented making the other router the master.

On the other (internet) router configure an IPSEC tunnel back to your head office and advertise the spoke subnets into the head office with a worse metric / AD than those advertised from the MPLS router. Your biggest challenge with this kind of deployment is making sure it fails over and fails back automatically and you don't end up with asynchronous routing. Good luck!

View solution in original post

0 Helpful
6 Replies 6

Go to solution
n_schloemer
Level 1
Level 1

‎09-10-2013 11:43 AM

Hi Carl,

So just to be clear you are going to have an MPLS infrastructure that will centrally connect to your HQ.  In parallel each site will also have internet connectivity.  I guess my first question would be, what does your perceived traffic pattern look like.  I assume you will be implementing an IGP (EIGRP/OSPF) and configuring it to advertise routes among the MPLS sites.  Will there be any need to back haul internet traffic through the HQ site?

I have had similar infrastructures like this in the past.  Its much easier when all INET traffic demarcs the same central location, usualy a colo.  In my case I configured the EIGRP advertisements with a default route from the HQ.  At each location I had a backup RTR with INET connectivity also peering EIGRP, however, I redistributed a static default route, allowing the injection locally to implement with an AD of 170.  This allowed the MPLS Default Route to natively be implemented at each site.  In the event of failure, the EIGRP traffic would converge to then use the local sites INET conneciton and I had IPsec tunnels configured in a hub-spoke off HQ.  Each tunnel used Reverse-Route Injection (RRI) to allow all downstream routing to also converge and continue using best path. 

When the primary MPLS link came back online, EIGRP would again converge and automatically add the correct default route back in. 

One snag was the SA Lifetimes would leave the injected static route from the established tunnel in the Colo, so you may want to tweak lifetime settings very aggressive, or modify keepalives and understand you may manually have to wash the SA.

This is a thought and example of how I have configured this type of toplogy in the past.  Your description above is a little vague.  I hope this helps some.

Thanks.

0 Helpful

Go to solution
carl_townshend
Spotlight
Spotlight
In response to n_schloemer

‎09-11-2013 05:31 AM

basically we have a MPLS wan

on each remote site we have ipsec tunnels configured to the HQ, so yes hub and spoke effectivley these are running OSPF.

Each site then has also an internet connection,

I want to have 2 routers at each remote site, one with mpls and one with the internet connection.

what is the best way ?

0 Helpful

Go to solution
mfurnival
Level 4
Level 4
In response to carl_townshend

‎09-11-2013 05:41 AM

On your spoke sites run HSRP between your two routers (with the MPLS router given a higher priortity) and track received routes / interface state on the MPLS router so if the MPLS goes down the priority is decremented making the other router the master.

On the other (internet) router configure an IPSEC tunnel back to your head office and advertise the spoke subnets into the head office with a worse metric / AD than those advertised from the MPLS router. Your biggest challenge with this kind of deployment is making sure it fails over and fails back automatically and you don't end up with asynchronous routing. Good luck!

0 Helpful

Go to solution
carl_townshend
Spotlight
Spotlight
In response to mfurnival

‎09-11-2013 08:12 AM

so dmvpn wouldnt need to be used here ?

0 Helpful

Go to solution
carl_townshend
Spotlight
Spotlight
In response to mfurnival

‎09-12-2013 05:00 AM

do I need to advertise the worse metric at the HQ internet router and also the remote internet router ?

cheers

0 Helpful

Go to solution
mfurnival
Level 4
Level 4
In response to carl_townshend

‎09-12-2013 05:06 AM

No, at the spoke site outbound path selection is controlled by HSRP. You just need the head office to favour the MPLS link for traffic routed towards the spoke site.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card