[c-nsp] VPN failover / load sharing using IOS?

Rodney Dunn rodunn at cisco.com
Wed Feb 9 08:59:22 EST 2005


On Wed, Feb 09, 2005 at 08:23:48AM -0500, Joe Maimon wrote:
> 
> 
> Rodney Dunn wrote:
> 
> >I need to see a topology diagram to answer
> >most of this because there are different
> >scenarios that require different things.
> >
> >If you have one spoke router with dual
> >GRE tunnels to two different hub routers
> >you have a single point of failure at
> >the spoke.
> >
> >Therefore what I would do is on the spoke
> >have a static route that points at hub1 out
> >WAN connection 1 and a static route towards
> >hub2 out WAN connection 2.
> >Then also have a default route pointing at
> >both ISP1 and ISP2 of equal cost.
> >
> >  
> >
> How about local policy routing? You would want that anyways if you need 
> to to object tracking to check availability of each ISP.

I forgot to mention I would run EIGRP stubs over the tunnels
from the headends to get the equal cost paths.  That
handles end to end failure detection for failover.

I was assuming the WAN's were leased line and the L2 keeps
would bring those down.  If they are not you are right
and you have to hook the defaults in to object tracking
to detect the default failover for the internet traffic.

Don't really need to worry about the route to the IPSEC
endpoint unless you are looking more then 2x redundancy.

Rodney




More information about the cisco-nsp mailing list