Jump to content
Sadikhov IT Certification forums
Sign in to follow this  
gerg

Two tunnel interfaces and HSRP

Recommended Posts

We have one router which connects to two other routers on the remote end.

 

We have multiple setups with tunnel interfaces. So ideally i would have two tunnel interfaces to the two remote locations, both /30.

 

Is it possible to activate HSRP for the two tunnel interfaces? If not, is it possible to make one shared subnet/vlan between three routers, and then use Tunnel interfaces?

 

Or do the tunnel interfaces have to be a point to point link, a /30 always?

Share this post


Link to post
Share on other sites

What's your connection on the WAN side? Basically R1 connects to R2 and R1 connects to R3, is that your setup?

Share this post


Link to post
Share on other sites

What's your connection on the WAN side? Basically R1 connects to R2 and R1 connects to R3, is that your setup?

 

 

yeah r1 is the hub, r2 and r3 are spokes

 

now: /30 gre tunnel from r1 to r2, and /30 gre tunnel from r1 to r3

 

wanted: failover between the routers, if r1->r2 goes down, traffic should flow from r1->r3

 

so i was thinking hsrp address for r2 and r3 but don't know if this is possible

 

r1 is a 3750, r2 and r3 and 7200 routers

Share this post


Link to post
Share on other sites

You want IPSEC tunnels or GRE? With GRE you can achieve this without any HSRP config. If not IPSEC&HSRP will work fine.

Share this post


Link to post
Share on other sites

You want IPSEC tunnels or GRE? With GRE you can achieve this without any HSRP config. If not IPSEC&HSRP will work fine.

 

no ipsec needed

 

it's just sorta like a transit segment

 

so gre with redundancy

Share this post


Link to post
Share on other sites

GRE with redundancy?

 

Just use a routing protocol and loopbacks interfaces as source/destination for the GRE tunnels.

Share this post


Link to post
Share on other sites

GRE with redundancy?

 

Just use a routing protocol and loopbacks interfaces as source/destination for the GRE tunnels.

 

yeah exactly this is what the setup was

 

i guess the mpls network doesn't route to the loopback interfaces.. it's like we just add in some networks on r2 and advertise it, but service provider doesn't know how to route to the loopbacks is my guess

Share this post


Link to post
Share on other sites

yeah exactly this is what the setup was

 

i guess the mpls network doesn't route to the loopback interfaces.. it's like we just add in some networks on r2 and advertise it, but service provider doesn't know how to route to the loopbacks is my guess

 

Is a layer 3 VPN? Are the loopbacks advertised to the SP?

 

Maybe your provider have some route filtering in place, and you'll have to ask them to allow routes to your loopbacks.

Edited by kecho

Share this post


Link to post
Share on other sites

Is a layer 3 VPN? Are the loopbacks advertised to the SP?

 

Maybe your provider have some route filtering in place, and you'll have to ask them to allow routes to your loopbacks.

 

im not sure what type of vpn it is, yeah i advertised the routes to the loopbacks on r2 to r1 and i see them coming in on r1

 

i guess the service provider is either filtering them or does not route to them somehow

Share this post


Link to post
Share on other sites

im not sure what type of vpn it is, yeah i advertised the routes to the loopbacks on r2 to r1 and i see them coming in on r1

 

i guess the service provider is either filtering them or does not route to them somehow

 

If you run a routing protocol with the PE routers, must be a layer 3 VPN...

Share this post


Link to post
Share on other sites

No need for HSRP here if you are runnign mpls and have gre with ipsec. I assume you have a dynamic routing protocol on the LAN networks connected to the spoke router. The routing protocol will work to route the LAN traffic over which ever tunnel is up or primary. If you want to pick which tunnel is primary use the delay statement for EIGRP. I am not as good with OSPF. I can't come up with a reason for HSRP on the WAN interfaces of your spokes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×