Redundant Internet connection through MPLS

Posted on 2010-11-15
Last Modified: 2012-05-10
See diagram

If SITE A's ISP is down, we would like to use the internet through the MPLS in Site B

I thought of using route ip sla method, but router A does not have the license to do so. Router B and the ASA can track routes in this manner.

RIP is advertised from site B through the MPLS and Router B gets its routes from RIP. Router A is not currently using RIP.

Can RIP be used in this situation? For example, under normal conditions, the default GW in site A is the firewall. If the ISP's gateway becomes unreachable, then IP SLA detects this, then the firewall changes its default gateway towards Site B. Then RIP changes the default GW for router A and B.

Is this a possible solution? Else, can another method be used in this scenario to accomplish what I am trying to do?

Thank you.  Network Diagram
Question by:inf2300
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 18

Accepted Solution

jmeggers earned 500 total points
ID: 34138998
You will want a dynamic protocol on A, otherwise nothing will change in the routing table regardless of what happens with the ISPs.  You will also want each ASA to advertise a default into the internal network.

The ASAs do route tracking (see but you probably only want to track reachability to the next hop from each of the ASAs.  The MPLS cloud would have to pass a default route, which will mean either BGP or a GRE tunnel, neither of which the ASA does, so you would need to add a real router at site B.  If that's working properly, inside routers will receive default routes from each of the ASAs and if one ISP becomes unreachable, that ASA will stop advertising that default route and traffic will take the other path.

One place where you may run into problems is if hosts are using the ASA as their default gateway, I'm pretty sure the ASA will not redirect traffic off that inside interface to get to the firewall.  If that's the case, you may need to point the hosts to a router in the middle that can direct traffic either way based on what's in the routing table.

Author Comment

ID: 34139339

The MPLS is managed by the ISP. I think they are running BGP  and redistributes our RIP.

There is a router in site B but I did not include it in the design. The client's default GW in both networks is the router (not the ASAs).

So, given this information, if both ASA advertises the default route and does route tracking, that would be a possible solution?

Also, if this works, how do you tell the network to "stop broadcasting" the default route since my guess is that the mpls should not advertise it?
LVL 18

Expert Comment

ID: 34139909
The "stop broadcasting" should happen with the ASA withdraws the default route it was advertising.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

ID: 34140821
Yes but how do you manage one default route at each site (so 2) and only one default route for both sites when the isp goes down?

If both sites advertises a default route, where does the "cutoff" happen so that the other site doesnt get that route? (but does when the failure occurs)

Sorry if I am being vague, do not hesitate do ask me questions if things are unclear

LVL 18

Assisted Solution

jmeggers earned 500 total points
ID: 34155974
If I'm understanding your question correctly, the "cutoff" will be based on the costs associated with a particular path; when the cost becomes less (or the only option) for sending traffic the other direction, the router will send it that direction.  Metrics will be based, at least in part, on the number of hops, the speed of links, how "loaded" the link is, etc., but you can assign those parameters to influence the decision.  Assuming no other parameters such as policy-based routing, traffic engineering, etc., routers will always choose the lowest-cost path.

So in your case, my recommendation would be to ensure the MPLS cloud is a higher-cost path.  In that case, router A will receive a DR from its local ASA but will also receive a DR from the other side, but that other DR will have a higher cost, so it will be viewed as less preferable.  But if the local ASA withdraws its DR (stops advertising it) because its route tracking is telling it the connection to the ISP is down, then the only DR Router A will receive will be from the other side of the network, and it will take that path regardless of cost because at that point it's the only game in town.  How you do this depends on what routing protocol you're using.  RIP is going to be less effective than OSPF or EIGRP for this because RIP's metric is based solely on hop count, whereas with OSPF and EIGRP you can assign costs to interfaces.  Not really knowing anything else about your network, I would probably use EIGRP because I think it's the easiest to configure.  But OSPF would work as well and if you have non-Cisco devices, or if you're running 7.x code on your ASAs you will need to use OSPF.

Author Comment

ID: 34503867
LVL 69

Expert Comment

ID: 34859906
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Clarification about access via WAN 6 45
ASA 5505 packet drops 14 58
Router question 6 258
Export and Import an SPA 8000 config 7 18
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question