[c-nsp] VPN failover / load sharing using IOS?
Brian Feeny
signal at shreve.net
Tue Feb 8 22:49:36 EST 2005
Has anyone done any type of VPN failover and/or load balancing using
IOS?
For example something like a 2 1700 routers, each with 2 T1 cards in
them,
Each T1 card would be connected to a different ISP, each with its own
IP space
(no BGP). Either T1 would be able to go down, and the VPN could
re-establish
itself over the remaining T1. Both T1's would be load balanced over
for VPN
connectivity.
Is it possible to establish 2 VPN's, 1 over each link, with the same
source/destination private networks defined, and have the router load
balance these and also work in failover?
Another thought, which is kind of ugly (but maybe not), is 2 GRE
tunnels, and then dual static routes over the tunnels:
Router 1 T1 #1 <----------------------- GRE Tunnel #1
-------------------> Router 2 T1 #1
Router 2 T1 #2 <------------------------ GRE Tunnel #2
-------------------> Router 2 T1 #2
ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel1
ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel2
Then establish the VPN on top of the above. I don't particular like
the idea of building a tunnel on top of 2 other tunnels, so if anyone
has experience in doing this type of setup, please share what you used
to do it.
Brian
Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.
More information about the cisco-nsp
mailing list