[c-nsp] VPN failover / load sharing using IOS?
Kevin Graham
mahargk at gmail.com
Wed Feb 9 01:56:45 EST 2005
On Wed, 9 Feb 2005 00:18:40 -0600, Brian Feeny <signal at shreve.net> wrote:
>
> Too bad cisco doesn't allow you to just define two vpn's and treat the
> result as two equal paths, that would be a bit better.
Assuming all you have to do is carry the VPN traffic, consider putting
each provider into their own VRF, then use GRE tunnel VRF membership
(12.3T feature) on each of the tunnels (very similar to vpn config I
described a few weeks ago and am very fond of). The interior of the
tunnel (the VPN) will be the same, so you'll be able to route
normally.
Since GRE keepalive won't work, you'll need to run a routing protocol
or using the 'reliable static routes' feature, but the load
distribution would be no more difficult than it would than w/
traditional interfaces at that point..
More information about the cisco-nsp
mailing list