|
Posted by on May 7, 2007, 2:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Have you looked into 2 Routers doing VRRP to resolve this issue?
>
>
>
> > Hi everyone,
>
> > We are currently migrating all of our remote store sites to Nortel
> > Contivity 1100 routers (called 1100 VPN routers now I believe).
>
> > At our head office and DRP site we have 1750's, which the 1100's will
> > be connecting to via branch office tunnels. We also have a 2208
> > alteon (application switch) at each site which will be doing load
> > balancing and failover between the head office and DRP site.
>
> > All is fine with the current setup, we setup the 1100's to connect to
> > vpn.domain.com (not real) for the destination of the tunnel and route
> > all traffic down that tunnel.
>
> > The problem we have now is, we have another ethernet interface in the
> > 1100's we want to use as a backup interface incase the tunnel using
> > the main line dies. We have cellular routers that go over the HSDPA
> > or EDGE networks we want to utilize on this secondary ethernet
> > interface, only if the main line is down.
>
> > First we tried using Demand with the trigger as ping, but the router
> > will not allow us to use a DNS name for the destination address... so
> > we do not want to just point to one address, incase that one address
> > dies all of our stores would switch over to the backup interface. If
> > we could somehow ping our destination for our BOVPN it would be great
> > (because our vpn.domain.com contains the addresses of both our sites).
>
> > Interface groups would also be nice, which we have tried as well... in
> > the interface group we added the two tunnels to both 1750's and setup
> > the Demand trigger to use this group. Now, when we disconnect the
> > main line in testing, it switches over to the backup line and
> > establishes the tunnel. Problem with this is, now that the interface
> > group is back up, because the tunnels are back online, the router
> > tries to switch back over to the main line even though it is still
> > down. Then it notices the interface group has dropped once more
> > (because the main line is still down) and switches to backup again -
> > this loop continues until the main line is actually back up.
>
> > I guess I am just looking for any recommendations on how we can
> > possibly configure this to have complete redundancy at our remote
> > sites.
>
> > So, in review... we have a contivity 1100 at the remote sites with 2
> > ethernet interfaces, both online. We want the main line (DSL)
> > connected to a tunnel via a DNS name (vpn.domain.com - which has 2 ips
> > of each of our 1750s at the head office and DRP site).
>
> > Once the tunnel dies, we want to establish another tunnel with the
> > secondary ethernet interface (cellular) and route all traffic through
> > it, but only until the main line (DSL) has come back online.... at
> > that point we would want the tunnel to re-establish using that
> > interface.
>
> > Any recommendations are greatly appreciated.
>
> > Thank you.
In what sense?
I thought a bit about using an HSRP address as the destination for
each remote site to ping (as a trigger for the backup interface), but
this will not work as our head office and DRP are using different ISPs
and are on completely different subnets.
Or did you mean using HSRP at each remote site? If so, we would need
2 routers at each site and would nearly double the expense of this
project. (We have over 300 remote sites..)
Let me know if your idea was different than I have taken it, or if
anyone else has ideas, I would love to hear them!
Thanks again
| 
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map