[c-nsp] VPN failover / load sharing using IOS?

Brian Feeny signal at shreve.net
Wed Feb 9 00:32:44 EST 2005 

Rodney,

I will definitely look into OER.  But if I had 2 GRE tunnels, why can't  
I just point statics like in my example, for each remote subnet down  
the tunnels?  Wouldn't that load balance AND work for failover?

Thanks,

Brian

On Feb 8, 2005, at 11:20 PM, Rodney Dunn wrote:

> There are really on two ways to do this:
>
> a) you announce some subset of routes down
>    one gre tunnel from the headend and prefer
>    them and the other subset over the backup tunnel
>
> that way if one tunnel goes away you will have failover.
> The drawback there is the load sharing isn't dynamic.
>
> The only way you can get dynamic loadsharing in
> this type of setup is OER.
>
> b) Do OER at the spoke side and let it load balance
>    the traffic back towards the headend.
>
> They were going to put a sample of that in the OER
> deployment guide but I'm not sure they have gotten
> to it yet.
>
> http://www.cisco.com/go/oer
>
> Rodney
>
>
>
> On Tue, Feb 08, 2005 at 10:31:43PM -0600, Brian Feeny wrote:
>>
>> thanks, although that looks to be for sites with multiple routers and
>> multiple links.  Each of these sites is only going to have one router,
>> that takes in 2 T1's.  I don't think that will work in that scenrio.
>>
>> Brian
>>
>> On Feb 8, 2005, at 10:07 PM, Cameron.Dry at didata.com.au wrote:
>>
>>> Check out:
>>>
>>> http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/
>>> products_feature_
>>> guide09186a00800ed370.html
>>>
>>> Cameron
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: cisco-nsp-bounces at puck.nether.net
>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
>>> signal at shreve.net
>>> Sent: Wednesday, 9 February 2005 11:50 AM
>>> To: 'cisco-nsp'
>>> Subject: [c-nsp] VPN failover / load sharing using IOS?
>>>
>>>
>>> Has anyone done any type of VPN failover and/or load balancing using
>>> IOS?
>>>
>>> For example something like a 2 1700 routers, each with 2 T1 cards in
>>> them,
>>> Each T1 card would be connected to a different ISP, each with its own
>>> IP space
>>> (no BGP).  Either T1 would be able to go down, and the VPN could
>>> re-establish
>>> itself over the remaining T1.  Both T1's would be load balanced over
>>> for VPN
>>> connectivity.
>>>
>>> Is it possible to establish 2 VPN's, 1 over each link, with the same
>>> source/destination private networks defined, and have the router load
>>> balance these and also work in failover?
>>>
>>> Another thought, which is kind of ugly (but maybe not), is 2 GRE
>>> tunnels, and then dual static routes over the tunnels:
>>>
>>> Router 1 T1 #1  <----------------------- GRE Tunnel #1
>>> -------------------> Router 2 T1 #1
>>> Router 2 T1 #2 <------------------------ GRE Tunnel #2
>>> -------------------> Router 2 T1 #2
>>>
>>> ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel1
>>> ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel2
>>>
>>> Then establish the VPN on top of the above.  I don't particular like
>>> the idea of building a tunnel on top of 2 other tunnels, so if anyone
>>> has experience in doing this type of setup, please share what you  
>>> used
>>> to do it.
>>>
>>> Brian
>>>
>>>
>>>
>>> Brian Feeny, CCIE #8036, CISSP
>>> Network Engineer
>>> ShreveNet Inc.
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>
>>> ********************************************************************* 
>>> **
>>> *******
>>>  - NOTICE FROM DIMENSION DATA AUSTRALIA
>>> This message is confidential, and may contain proprietary or legally
>>> privileged information.  If you have received this email in error,
>>> please notify the sender and delete it immediately.
>>>
>>> Internet communications are not secure. You should scan this message
>>> and any attachments for viruses.  Under no circumstances do we accept
>>> liability for any loss or damage which may result from your receipt  
>>> of
>>> this message or any attachments.
>>> ********************************************************************* 
>>> **
>>> *******
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>> Brian Feeny, CCIE #8036, CISSP
>> Network Engineer
>> ShreveNet Inc.
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list