Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

question on "Backup Interface"

Hi

Got question on "Backup Interface"
Can Backup Interface be a  good option to pass the traffic when primary GRE Tunnel goes down at Branch

**Scenario:**

Dual VPN Hub at HQ pointing to different ISP
Branch would have one GRE tunnel each pointing to Hub1 and Hub2.

For Branch VPN-Hub 1  is always primary and if VPN-Hub 1 is not reachable then all traffic goes via VPN-Hub2

**Branch **
inter tun 1   //# Connected to Hub1
ip address 1.1.1.1 255.255.255.252
tunnel source fa 0/1
tunnel destination 9.9.9.9
backup interface tunnel 2
backup load 80 10

inter tun 2   //# Connected to Hub2
ip address 2.2.2.2 255.255.255.252
tunnel source fa 0/1
tunnel destination 9.9.9.9

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: question on "Backup Interface"

Hello Saquib,

GRE tunnels allows to use dynamic routing protocols over them

rather then attempting to use backup interface I would run EIGRP or OSPF over the tunnels

by tuning costs you can easily have tunnel 1 primary and tunnel 2 backup (higher OSPF cost or for EIGRP higher delay set on tunnel2)

to have tunnel 1 to fail like a physical interface you would need to use GRE keepalive:

without it a point to point GRE is considered up if local node has a route to tunnel destination.

with GRE keepalive enabled if local node stops to receive GRE keepalives it will put the tunnel in up/down state like a serial interface not receiving serial keepalives.

to enable keepalive you need to use the keepalive <#missedkeepalive>

in tunnel interface configuration mode on both routers (also on GRE tunnel configured on remote node I mean)

Hope to help

Giuseppe

3 REPLIES
Hall of Fame Super Silver

Re: question on "Backup Interface"

Hello Saquib,

GRE tunnels allows to use dynamic routing protocols over them

rather then attempting to use backup interface I would run EIGRP or OSPF over the tunnels

by tuning costs you can easily have tunnel 1 primary and tunnel 2 backup (higher OSPF cost or for EIGRP higher delay set on tunnel2)

to have tunnel 1 to fail like a physical interface you would need to use GRE keepalive:

without it a point to point GRE is considered up if local node has a route to tunnel destination.

with GRE keepalive enabled if local node stops to receive GRE keepalives it will put the tunnel in up/down state like a serial interface not receiving serial keepalives.

to enable keepalive you need to use the keepalive <#missedkeepalive>

in tunnel interface configuration mode on both routers (also on GRE tunnel configured on remote node I mean)

Hope to help

Giuseppe

Hall of Fame Super Gold

Re: question on "Backup Interface"

ST

I agree with Giuseppe that an alternative like running a dynamic routing protocol is better to have a second tunnel that backs up the primary.

I have not tested it but I am not sure that backup interface would even work on a virtual interface like a tunnel.

HTH

Rick

Community Member

Re: question on "Backup Interface"

Thank you both for replying.

I will test with ospf cost and do a lab with eigrp.

237
Views
0
Helpful
3
Replies
CreatePlease to create content