[c-nsp] MPLS/BGP - want to add backup IPSEC VPN
Peter Rathlev
peter at rathlev.dk
Tue Jun 30 17:50:42 EDT 2009
On Tue, 2009-06-30 at 14:11 -0500, ChrisSerafin wrote:
> I have a few MPLS routers running BGP as the routing protocol.
>
> I added a public IP'ed interface on a free ports on the same router, and
> I'm able to get to it and use it for Internet bound traffic if I wish. I
> would like to configure an IPSEC VPN to provide backup if the MPLS
> provider fails. I'm having a hard time with Cisco TAC on this, mainly
> them getting back to me.
>
> dumb'ed down diagram is at: http://chrisserafin.com/design.jpg
>
> I just want a basic split tunnel VPN in the event the primary MPLS/BGP
> link goes down. I'm assuming let BGP take care of the MPLS side and add
> static routes with a very high weight for the VPN failover?
And the VPN-link needs to carry MPLS traffic too? MPLSoGRE could be an
option, but support is very limited AFAIK.
Otherwise some extra equipment doing L2TPv3 might work. Performance
limitations might very well rule this out.
If MPLS isn't needed a simple GRE tunnel would of course do. You could
even create a new tunnel per VRF if you need reachability in several of
these. It scales bad concerning administration though.
Regards,
Peter
More information about the cisco-nsp
mailing list