cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1438
Views
40
Helpful
15
Replies

GRE VPN as Backup Link Issue

Patrick McHenry
Level 3
Level 3

Hi,

been labing a backup solution using a GRE VPN link. The primary connection is a  BGP Link. See attached.

I was hoping someon could explain the behavior I'm seeing.

I have a constant ping going from the HQ Site to the Remote sites loopback amd the Remote site to the HQs loopback..

The HQ router and the Remote Site router are using the BGP routes initially. When I shut the interface facing the Remote Site on the BGP WAN Provider router, the Remote site only drops one ping but, the HQ site ping fails for about 30 seconds and then picks up after it gets the EIGRP route to the Remote Site over the GRE tunnel. Is this normal behavior as it has to wait for the BGP route to time out?

Also, when I bring the interface back up on the BGP WAN Provider, the BGP routes don't come back. I have to manually do a clear ip eigrp neighbor on the Remote Site Router or the HQ router.

Thank you, Pat.

15 Replies 15

guibarati
Level 4
Level 4

The 30 seconds delay is normal. When you shut the interface the local router immediatly shuts the bgp peer based on the default command "bgp fast-external-fallover". The other end will wait for the hold time to expire before considering the other end down (you can change it with "timers bgp "

The bgp route not comming back depends on your config. Is it iBGP or eBGP peer?

How is the GRE been considered as backup?

Guibarati,

I'm using eBGP. Yes, the GRE is the backup. I would like instant failover but, maybe that isn't safe? I have my timers set now for 15 45. How quick can I go? Also, after the primary WAN circuit has come back, I would like to wait a certain amount of time before going back to the primary WAN circuit. Do you think an SLA and tracking and an EEM script would be the best way to accomplish this?

Thank you, Pat.

For waiting when the link is back you need to use "dampening" on BGP neigboor. That's the best and correct way.

For instant (almost) failover we need other information, what is your "update-source" on the BGP peers, and how the routers know the destination neighbor address?

Guibarati,

Update Source? Can't remember if I configured one as I'm at work and not at my home desktop.I'll look tonight.

I'm not sure I follow your question.

Thank you.

you can use the following:

neighbor fall-over

IF IGP looses route for the BGP peer, bgp immediatly bring the peer down. In this case you would need an IGP to reach eachother BGP peer IP address.

Thanks Guibarati,

Did you mean "neighbor fall-over" or "neighbor fail-over?

"IF IGP looses route for the BGP peer, bgp immediatly bring the peer down. In this case you would need an IGP to reach eachother BGP peer IP address."

I don't follow this sentence. Could you please clarify?

Thank you

Thanks Muca.

How would I configure this on the ebgp routers HQ and Remote Site that aren't directly connected - from the network in the diagram?

Thank you

Hi Patrick,

I am not the most experienced guy with bgp but have a look at the following documents. I think it will help.

It seems that  :

Using the "neighbor fall-over” command neighbors don't need to be directly connected

Using the “Bgp Fast-external-failover” relies only on directly connected neighbor

https://supportforums.cisco.com/docs/DOC-34525

https://supportforums.cisco.com/docs/DOC-32611

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

You might also consider enabling keepalives across the GRE tunnel.  (I often use keepalive 1.)

Joseph,

I'm using 3 2 at the moment. Using 1 won't buy me much will it?

Thank you

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

No, not a whole lot.  It should take link down in 3 seconds rather than your 6.

rais
Level 7
Level 7

EIGRP is a preferred protocol on Cisco routers and its learned routes will be preferred over BGP.

Thanks.

Rais,

correct me if I'm wrong but, I believe eBGP would be preferred over EIGRP. eBGP cost is 20.

Thank you, Pat.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco