Solved

How to setup a failover VPN line in case the leased line failx

Posted on 2010-09-16
5
980 Views
Last Modified: 2012-05-10
Hi all

We're managing a network consisting of 1 HQ and 4 remote sites.  The remote sites are connected via a leased line of 2 Mbps.  The remote sites have got 1 small Cisco router provided by the telco provider which provides the connectivity to the HQ.  The HQ itself has got 2 (or maybe 3) Cisco routers which provide the connectivity to the remote sites.

What we want is an economic failover for the connectivity in case a leased line goes down (which happens too often, although we've got a SLA with the provider).  Anyway, we were thinking of purchasing a separate Internet Line in each site (incl HQ) and a small appliance doing VPN (Astaro, Juniper or that kind of stuff).

The problem would be to tell the network/client that the leased line is down and to route the traffic through the VPN line.

What's the best way to do that?
0
Comment
Question by:NEXPERT-AG
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:StefanKamp
ID: 33694049
In any case, you shouldn't think about clients making aware that the leased line is down and that the route to the same destination has been changed. Otherwise you have to change the client's default gateway in Site A to the VPN router, but you also have to make Site HQ aware that Site A is not available through leasedline, but now through the VPN router. This is of course also a technically working solution, but I believe that the SLA with your provider is much quicker than the manual change of your network architecture to get it running that way.

Acquire a bunch of routers and implement for example OSPF. A description can be found here:
http://www.cisco.com/en/US/docs/ios/11_3/np1/configuration/guide/1cospf.html

OSPF is not really easy implement, a trial on error may work out however. In any way: Keep in mind that you probably need access to your 3th party managed cisco devices to set it up for OSPF.

Cheers,
Stefan
0
 

Author Comment

by:NEXPERT-AG
ID: 33695923
Hi Stefan

Thank you for your reply.

I was thinking more of a redundant gateway with two physical devices (each connected to the existing Cisco router and the new SDSL VPN line) which automatically detect if the leased line is down, if so tthen re-route the traffic through the SDSL VPN line.  Once the leased line is up again, re-route the traffic back from the VPN line to the leased line.

The problem with buying a bunch of routers is the money, of course (just too expensive).

What we want is a connection from the remote sites to the headquarter (HQ) even if the expensive leased line should go down.  That's why our approach was to have a separate SDSL line from a different ISP and a cheap VPN appliance on both sites.

We don't want to make any manual changes to the system (e.g. change the default gateway of all PC's, server etc) should the leased line go down.  

Did anyone implement such a scenario?
0
 
LVL 4

Expert Comment

by:bjove
ID: 33696904
You can use DMVPN as a solution to your problem. It can work together with dynamic routing protocols. Basically, it is hub and spoke topology. You have central router (HUB) at your HQ and small routers (SPOKES) at your remote sites, all connected to internet. Only requirement is to have static public IP at your HUB router. I have this topology running using Cisco 1800 at HQ and Cisco 876 at 40 remote sites. There is a lot of documentation about DMVPN on www.cisco.com . I think that you don't need to buy additional hardware for your remote sites, as even 870 series can run DMVPN, so you can use existing routers on remote sites.
0
 

Author Comment

by:NEXPERT-AG
ID: 33700010
Thank you bjove for your input.

But what happens if a Cisco Router in the SPOKES site goes down?  I mean we also would need to have a redundant, physical Cisco Router in every SPOKES site.  I assume that Cisco has got some kind of redundancy feature with a heartbeat connection or so where they check each other if they are up or not?

Do you use DMVPN also just for redundancy?
0
 
LVL 4

Accepted Solution

by:
bjove earned 500 total points
ID: 33702238
In every remote site I have 2 Cisco 876, and 2 Cisco 1840 in HQ. One Cisco 876 from remote site is connected with serial (leased line) line to one of the 1840s in HQ. Second Cisco 876 from remote site is connected through ADSL internet line to second 1840 in HQ, used as backup link to HQ. I have EIGRP as routing protocol. EIGRP takes care about redundancy. Also for hardware failover on remote site, HSRP is configured on both Cisco 876 routers.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now