[c-nsp] VPN failover / load sharing using IOS?
Luan Nguyen
luan.nguyen at mci.com
Wed Feb 9 00:59:54 EST 2005
It would work just like that I think. The router would just do
per-destination load share wouldn't it - unless you only have one host
talking to one host? In our environment we have one spoke with dual GRE
tunnels to 2 hubs with equal cost. Yours is a little different but it
should work for load balancing just like that.
Luan
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brian Feeny
Sent: Wednesday, February 09, 2005 12:33 AM
To: Rodney Dunn
Cc: Cameron.Dry at didata.com.au; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] VPN failover / load sharing using IOS?
Rodney,
I will definitely look into OER. But if I had 2 GRE tunnels, why can't
I just point statics like in my example, for each remote subnet down
the tunnels? Wouldn't that load balance AND work for failover?
Thanks,
Brian
On Feb 8, 2005, at 11:20 PM, Rodney Dunn wrote:
> There are really on two ways to do this:
>
> a) you announce some subset of routes down
> one gre tunnel from the headend and prefer
> them and the other subset over the backup tunnel
>
> that way if one tunnel goes away you will have failover.
> The drawback there is the load sharing isn't dynamic.
>
> The only way you can get dynamic loadsharing in
> this type of setup is OER.
>
> b) Do OER at the spoke side and let it load balance
> the traffic back towards the headend.
>
> They were going to put a sample of that in the OER
> deployment guide but I'm not sure they have gotten
> to it yet.
>
> http://www.cisco.com/go/oer
>
> Rodney
>
>
>
> On Tue, Feb 08, 2005 at 10:31:43PM -0600, Brian Feeny wrote:
>>
>> thanks, although that looks to be for sites with multiple routers and
>> multiple links. Each of these sites is only going to have one router,
>> that takes in 2 T1's. I don't think that will work in that scenrio.
>>
>> Brian
>>
>> On Feb 8, 2005, at 10:07 PM, Cameron.Dry at didata.com.au wrote:
>>
>>> Check out:
>>>
>>> http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/
>>> products_feature_
>>> guide09186a00800ed370.html
>>>
>>> Cameron
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: cisco-nsp-bounces at puck.nether.net
>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
>>> signal at shreve.net
>>> Sent: Wednesday, 9 February 2005 11:50 AM
>>> To: 'cisco-nsp'
>>> Subject: [c-nsp] VPN failover / load sharing using IOS?
>>>
>>>
>>> Has anyone done any type of VPN failover and/or load balancing using
>>> IOS?
>>>
>>> For example something like a 2 1700 routers, each with 2 T1 cards in
>>> them,
>>> Each T1 card would be connected to a different ISP, each with its own
>>> IP space
>>> (no BGP). Either T1 would be able to go down, and the VPN could
>>> re-establish
>>> itself over the remaining T1. Both T1's would be load balanced over
>>> for VPN
>>> connectivity.
>>>
>>> Is it possible to establish 2 VPN's, 1 over each link, with the same
>>> source/destination private networks defined, and have the router load
>>> balance these and also work in failover?
>>>
>>> Another thought, which is kind of ugly (but maybe not), is 2 GRE
>>> tunnels, and then dual static routes over the tunnels:
>>>
>>> Router 1 T1 #1 <----------------------- GRE Tunnel #1
>>> -------------------> Router 2 T1 #1
>>> Router 2 T1 #2 <------------------------ GRE Tunnel #2
>>> -------------------> Router 2 T1 #2
>>>
>>> ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel1
>>> ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel2
>>>
>>> Then establish the VPN on top of the above. I don't particular like
>>> the idea of building a tunnel on top of 2 other tunnels, so if anyone
>>> has experience in doing this type of setup, please share what you
>>> used
>>> to do it.
>>>
>>> Brian
>>>
>>>
>>>
>>> Brian Feeny, CCIE #8036, CISSP
>>> Network Engineer
>>> ShreveNet Inc.
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>
>>> *********************************************************************
>>> **
>>> *******
>>> - NOTICE FROM DIMENSION DATA AUSTRALIA
>>> This message is confidential, and may contain proprietary or legally
>>> privileged information. If you have received this email in error,
>>> please notify the sender and delete it immediately.
>>>
>>> Internet communications are not secure. You should scan this message
>>> and any attachments for viruses. Under no circumstances do we accept
>>> liability for any loss or damage which may result from your receipt
>>> of
>>> this message or any attachments.
>>> *********************************************************************
>>> **
>>> *******
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>> Brian Feeny, CCIE #8036, CISSP
>> Network Engineer
>> ShreveNet Inc.
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list