[c-nsp] VPN failover / load sharing using IOS?

Brian Feeny signal at shreve.net
Tue Feb 8 22:49:36 EST 2005


Has anyone done any type of VPN failover and/or load balancing using 
IOS?

For example something like a 2 1700 routers, each with 2 T1 cards in 
them,
Each T1 card would be connected to a different ISP, each with its own 
IP space
(no BGP).  Either T1 would be able to go down, and the VPN could 
re-establish
itself over the remaining T1.  Both T1's would be load balanced over 
for VPN
connectivity.

Is it possible to establish 2 VPN's, 1 over each link, with the same 
source/destination private networks defined, and have the router load 
balance these and also work in failover?

Another thought, which is kind of ugly (but maybe not), is 2 GRE 
tunnels, and then dual static routes over the tunnels:

Router 1 T1 #1  <----------------------- GRE Tunnel #1 
-------------------> Router 2 T1 #1
Router 2 T1 #2 <------------------------ GRE Tunnel #2 
-------------------> Router 2 T1 #2

ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel1
ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel2

Then establish the VPN on top of the above.  I don't particular like 
the idea of building a tunnel on top of 2 other tunnels, so if anyone 
has experience in doing this type of setup, please share what you used 
to do it.

Brian



Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.



More information about the cisco-nsp mailing list