topic Re: VPN Backup to MPLS in General Topics

VPN Backup to MPLS

Serban_Biliuti — Fri, 01 Feb 2019 11:21:37 GMT

I'm trying to come up with a working solution to have a redundant VPN link to a remote site as a backup to the MPLS link already deployed there.

Since we break out from the DC and MPLS out the Firewall we terminate our VPNs on, I'm struggling to find a way to have the return traffic from the MPLS go back on the MPLS instead out the VPN which is connected and route static.

The Breakout CP has OSPF that redistributes in MPLS BGP.

I know how to route traffic over the MPLS from the site and within the DC. My worry is with the internet traffic that's coming back to the Site. I'm worried about ending up with asymmetric routing and out of state packets.

Any ideas? VPN_Trust is true, Looked at RBP but that is not dynamic based on if the MPLS is available.

Re: VPN Backup to MPLS

Mark_Mitchell — Fri, 01 Feb 2019 19:52:48 GMT

Hi Serban,

Do you have a topology or proposed topology you are working with? I.e what does the MPLS look like and what are the capabilities of your switching hardware at the remote site you want to make resilient?

Regards

Mark

Re: VPN Backup to MPLS

Maarten_Sjouw — Sat, 02 Feb 2019 07:44:32 GMT

The main problem with this issue is that you have to use dynamic routing between router an gateway and also between the VPN gateways, the latter can only be achieved when you use VTI's as you can only run a dynamic protocol over a interface.

Think of this one, use the router to setup the VPN to the other location's MPLS router, using NAT on gateways. In fact you're taking the gateway out of the backup equation. The MPLS router will then be able to use priorities for the VPN and MPLS and also does not care to much about asymmetric routing.