IPSEC for mpls failover.

gzarini · ‎11-10-2015

Hi, i have a little issue on setting up my network. I have a MPLS network provided by an isp. This network has a HQ and 3 branches. On the short time we're going to move our app servers to a dc, but keep in HQ AD/DNS/Fileserver. I need to create an ipsec between branches and HQ to fordward traffic in case the mpls fails. I need to route 3 networks between each branch and HQ, here is where i have my doubts. Since i can only use static routes, i have a problem on how to handle traffic when the mpls is down. I thought about setting up a dgd on branches to check connectivity through MPLS and send traffic over vpn in case MPLS fails. I understand that what FG does when a dgd is detected is stop sending traffic through that interface. On the HQ, how can i set up a dgd on any kind of detection to check that the other side is unreachable?. I don't think i can use a dgd on HQ because i need to check that three branches are down, but only one can be unaccesible. I could really use some help. Regards.

ede_pfau · ‎11-15-2015

The remote side will always "see" the VPN being up, whether you send traffic over it (MPLS down) or not (MPLS up). So the only way I see to change routes in HQ based on events in a branch is to use a routing protocol. RIPv2, OSPF...whatever you know best or can learn quicker. Once set up it shouldn't be difficult to maintain.

There's a limit to usefulness for static routing or else there wouldn't be any routing protocols.

Ede Kernel panic: Aiee, killing interrupt handler!

gzarini · ‎11-16-2015

Thanks for your help.

I thought abount using a routing protocol, in fact, i asked to my isp for implementation.

They answer it was imposibble due to company security policies.

i guess the change has to be manual.

Regards.

ede_pfau · ‎11-16-2015

So this is now not a technical problem anymore...good luck.

Ede Kernel panic: Aiee, killing interrupt handler!

IPSEC for mpls failover.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website