[c-nsp] MPLS/BGP - want to add backup IPSEC VPN
ChrisSerafin
chris at chrisserafin.com
Wed Jul 1 12:30:53 EDT 2009
Peter Rathlev wrote:
> On Tue, 2009-06-30 at 14:11 -0500, ChrisSerafin wrote:
>
>> I have a few MPLS routers running BGP as the routing protocol.
>>
>> I added a public IP'ed interface on a free ports on the same router, and
>> I'm able to get to it and use it for Internet bound traffic if I wish. I
>> would like to configure an IPSEC VPN to provide backup if the MPLS
>> provider fails. I'm having a hard time with Cisco TAC on this, mainly
>> them getting back to me.
>>
>> dumb'ed down diagram is at: http://chrisserafin.com/design.jpg
>>
>> I just want a basic split tunnel VPN in the event the primary MPLS/BGP
>> link goes down. I'm assuming let BGP take care of the MPLS side and add
>> static routes with a very high weight for the VPN failover?
>>
>
> And the VPN-link needs to carry MPLS traffic too? MPLSoGRE could be an
> option, but support is very limited AFAIK.
>
> Otherwise some extra equipment doing L2TPv3 might work. Performance
> limitations might very well rule this out.
>
> If MPLS isn't needed a simple GRE tunnel would of course do. You could
> even create a new tunnel per VRF if you need reachability in several of
> these. It scales bad concerning administration though.
>
The VPN will only need to carry the traffic behind router (the remote
subnet) and no MPLS 'traffic', so I'm going to look into GRE.....
Found this:
http://supportwiki.cisco.com/ViewWiki/index.php/Tech_Insights:Preferring_MPLS_VPN_BGP_Path_with_IGP_Backup
<http://supportwiki.cisco.com/ViewWiki/index.php/Tech_Insights:Preferring_MPLS_VPN_BGP_Path_with_IGP_Backup>
But I have no idea how to implement it yet.
More information about the cisco-nsp
mailing list