Redundant Internet connection through MPLS

Posted on 2010-11-15
Last Modified: 2012-05-10
See diagram

If SITE A's ISP is down, we would like to use the internet through the MPLS in Site B

I thought of using route ip sla method, but router A does not have the license to do so. Router B and the ASA can track routes in this manner.

RIP is advertised from site B through the MPLS and Router B gets its routes from RIP. Router A is not currently using RIP.

Can RIP be used in this situation? For example, under normal conditions, the default GW in site A is the firewall. If the ISP's gateway becomes unreachable, then IP SLA detects this, then the firewall changes its default gateway towards Site B. Then RIP changes the default GW for router A and B.

Is this a possible solution? Else, can another method be used in this scenario to accomplish what I am trying to do?

Thank you.  Network Diagram
Question by:inf2300
  • 3
  • 3
LVL 18

Accepted Solution

jmeggers earned 500 total points
ID: 34138998
You will want a dynamic protocol on A, otherwise nothing will change in the routing table regardless of what happens with the ISPs.  You will also want each ASA to advertise a default into the internal network.

The ASAs do route tracking (see but you probably only want to track reachability to the next hop from each of the ASAs.  The MPLS cloud would have to pass a default route, which will mean either BGP or a GRE tunnel, neither of which the ASA does, so you would need to add a real router at site B.  If that's working properly, inside routers will receive default routes from each of the ASAs and if one ISP becomes unreachable, that ASA will stop advertising that default route and traffic will take the other path.

One place where you may run into problems is if hosts are using the ASA as their default gateway, I'm pretty sure the ASA will not redirect traffic off that inside interface to get to the firewall.  If that's the case, you may need to point the hosts to a router in the middle that can direct traffic either way based on what's in the routing table.

Author Comment

ID: 34139339

The MPLS is managed by the ISP. I think they are running BGP  and redistributes our RIP.

There is a router in site B but I did not include it in the design. The client's default GW in both networks is the router (not the ASAs).

So, given this information, if both ASA advertises the default route and does route tracking, that would be a possible solution?

Also, if this works, how do you tell the network to "stop broadcasting" the default route since my guess is that the mpls should not advertise it?
LVL 18

Expert Comment

ID: 34139909
The "stop broadcasting" should happen with the ASA withdraws the default route it was advertising.
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline


Author Comment

ID: 34140821
Yes but how do you manage one default route at each site (so 2) and only one default route for both sites when the isp goes down?

If both sites advertises a default route, where does the "cutoff" happen so that the other site doesnt get that route? (but does when the failure occurs)

Sorry if I am being vague, do not hesitate do ask me questions if things are unclear

LVL 18

Assisted Solution

jmeggers earned 500 total points
ID: 34155974
If I'm understanding your question correctly, the "cutoff" will be based on the costs associated with a particular path; when the cost becomes less (or the only option) for sending traffic the other direction, the router will send it that direction.  Metrics will be based, at least in part, on the number of hops, the speed of links, how "loaded" the link is, etc., but you can assign those parameters to influence the decision.  Assuming no other parameters such as policy-based routing, traffic engineering, etc., routers will always choose the lowest-cost path.

So in your case, my recommendation would be to ensure the MPLS cloud is a higher-cost path.  In that case, router A will receive a DR from its local ASA but will also receive a DR from the other side, but that other DR will have a higher cost, so it will be viewed as less preferable.  But if the local ASA withdraws its DR (stops advertising it) because its route tracking is telling it the connection to the ISP is down, then the only DR Router A will receive will be from the other side of the network, and it will take that path regardless of cost because at that point it's the only game in town.  How you do this depends on what routing protocol you're using.  RIP is going to be less effective than OSPF or EIGRP for this because RIP's metric is based solely on hop count, whereas with OSPF and EIGRP you can assign costs to interfaces.  Not really knowing anything else about your network, I would probably use EIGRP because I think it's the easiest to configure.  But OSPF would work as well and if you have non-Cisco devices, or if you're running 7.x code on your ASAs you will need to use OSPF.

Author Comment

ID: 34503867
LVL 68

Expert Comment

ID: 34859906
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Communication with an active RFID 7 39
Cisco NBAR 6 21
Gateway Resilience 4 21
Read-only SNMP string example ? 7 33
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now