Link Health + IPSec for MPLS redundancy?

Hi,

I have the same topology to my customer, and I've configured OSPF with BFD.

The convergence is very fast and the solution is very stable

Best regards

Lucas

Lucas, if there were any way you could share the pertinent pieces of the HQ and satellite configs, I'd be very grateful.

Regards.

There is a documentation about that : http://docs.fortinet.com/uploaded/files/1693/using-redundant-OSPF-routing-over-IPsec-VPN.pdf

I configured the same aera on all remote sites.

edit : 

for BFD : http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/routing_dynamic.023.32.html

Adjust the BFD according your internet line (latency for exemple)

Yeah that's a little different than my setup, where one of the links is not IPsec but routed over MPLS. I'll see how much I can mold to that.

Thanks

You need to check with your MPLS provider if you wan to configure ospf with BFD. 

but I always configure IPSEC, even the traffic is on MPLS because the traffic isn't encrypted in MPLS line.. 

Very good suggestions.

Keep in mind you need understand both  the limits/objectives w/dynamic routing protocols and bfd  & the what/where they fit in.

Keep in mind BFD to  MPLS-PE might not gain you anything, due to the provider routing protocols, you can check if your MPLS provide provide lsp-pings and how they release routing information within their labels domains.