[c-nsp] L3 MPLS VPN Question - Redundant Internet Access
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Mar 10 03:01:28 EDT 2009
Andy Saykao <> wrote on Tuesday, March 10, 2009 02:19:
[...]
> In the event that the VPN link to the Central Site goes down and
> branch sites can no longer gain Internet access via the Central Site,
> I've set
> up a NAT-PE for Internet traffic as a form of redundancy.
>
> [WWW] <-- [NAT-PE] <-- [Branch Site] --> [Central Site] --> [WWW]
>
> To accomplish this, I configured a default route on the NAT-PE and can
> "manuallly" trigger the default route to be redistributed to the PE's
> when the Central Site is down - just wondering if there a way to do
> this automatically so that when the Central Site is down, Internet
> traffic goes via the NAT-PE and when the Central Site is back up,
Internet
> traffic once again goes via the Central Site??? The NAT-PE is a
> dedicated router and has no CE's attached to it.
sure:
on the NAT-PE, you can have the default-route up all the time (as there
is no CE attached to it), so just advertise it with a lower local-pref:
address-family ipv4 vrf ..
default-information originate
redistribute static route-map foo
!
ip route vrf <foo> 0.0.0.0 0.0.0.0 oif next-hop
!
route-map foo
set local-preference 80
if you don't want the NAT-PE to always have the static default up, you
need to use a floating static and manipulate the weight so the central
site's default route will overwrite it:
ip route vrf <foo> 0.0.0.0 0.0.0.0 oif next-hop 210
route-map foo
set local-preference 80
set weight 0
HTH,
oli
More information about the cisco-nsp
mailing list