Redundant Internet connection through MPLS

Posted on 2010-11-15
Last Modified: 2012-05-10
See diagram

If SITE A's ISP is down, we would like to use the internet through the MPLS in Site B

I thought of using route ip sla method, but router A does not have the license to do so. Router B and the ASA can track routes in this manner.

RIP is advertised from site B through the MPLS and Router B gets its routes from RIP. Router A is not currently using RIP.

Can RIP be used in this situation? For example, under normal conditions, the default GW in site A is the firewall. If the ISP's gateway becomes unreachable, then IP SLA detects this, then the firewall changes its default gateway towards Site B. Then RIP changes the default GW for router A and B.

Is this a possible solution? Else, can another method be used in this scenario to accomplish what I am trying to do?

Thank you.  Network Diagram
Question by:inf2300
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 18

Accepted Solution

jmeggers earned 500 total points
ID: 34138998
You will want a dynamic protocol on A, otherwise nothing will change in the routing table regardless of what happens with the ISPs.  You will also want each ASA to advertise a default into the internal network.

The ASAs do route tracking (see but you probably only want to track reachability to the next hop from each of the ASAs.  The MPLS cloud would have to pass a default route, which will mean either BGP or a GRE tunnel, neither of which the ASA does, so you would need to add a real router at site B.  If that's working properly, inside routers will receive default routes from each of the ASAs and if one ISP becomes unreachable, that ASA will stop advertising that default route and traffic will take the other path.

One place where you may run into problems is if hosts are using the ASA as their default gateway, I'm pretty sure the ASA will not redirect traffic off that inside interface to get to the firewall.  If that's the case, you may need to point the hosts to a router in the middle that can direct traffic either way based on what's in the routing table.

Author Comment

ID: 34139339

The MPLS is managed by the ISP. I think they are running BGP  and redistributes our RIP.

There is a router in site B but I did not include it in the design. The client's default GW in both networks is the router (not the ASAs).

So, given this information, if both ASA advertises the default route and does route tracking, that would be a possible solution?

Also, if this works, how do you tell the network to "stop broadcasting" the default route since my guess is that the mpls should not advertise it?
LVL 18

Expert Comment

ID: 34139909
The "stop broadcasting" should happen with the ASA withdraws the default route it was advertising.
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.


Author Comment

ID: 34140821
Yes but how do you manage one default route at each site (so 2) and only one default route for both sites when the isp goes down?

If both sites advertises a default route, where does the "cutoff" happen so that the other site doesnt get that route? (but does when the failure occurs)

Sorry if I am being vague, do not hesitate do ask me questions if things are unclear

LVL 18

Assisted Solution

jmeggers earned 500 total points
ID: 34155974
If I'm understanding your question correctly, the "cutoff" will be based on the costs associated with a particular path; when the cost becomes less (or the only option) for sending traffic the other direction, the router will send it that direction.  Metrics will be based, at least in part, on the number of hops, the speed of links, how "loaded" the link is, etc., but you can assign those parameters to influence the decision.  Assuming no other parameters such as policy-based routing, traffic engineering, etc., routers will always choose the lowest-cost path.

So in your case, my recommendation would be to ensure the MPLS cloud is a higher-cost path.  In that case, router A will receive a DR from its local ASA but will also receive a DR from the other side, but that other DR will have a higher cost, so it will be viewed as less preferable.  But if the local ASA withdraws its DR (stops advertising it) because its route tracking is telling it the connection to the ISP is down, then the only DR Router A will receive will be from the other side of the network, and it will take that path regardless of cost because at that point it's the only game in town.  How you do this depends on what routing protocol you're using.  RIP is going to be less effective than OSPF or EIGRP for this because RIP's metric is based solely on hop count, whereas with OSPF and EIGRP you can assign costs to interfaces.  Not really knowing anything else about your network, I would probably use EIGRP because I think it's the easiest to configure.  But OSPF would work as well and if you have non-Cisco devices, or if you're running 7.x code on your ASAs you will need to use OSPF.

Author Comment

ID: 34503867
LVL 70

Expert Comment

ID: 34859906
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question