Hello,
We've been using Routed Based VPN's w/ OSPF over the past year with a few minor issues. We're hoping to resolve some of our issues with firmware upgrades (currently on ns50ns25.5.1.0tw1.0). Has anyone come across issues with OSPF relating to neighbor states?
Basically, each site has two ISP's and two VPN's. All VPN's are bound to single Tunnel Int's w/ auto NHTB in a full and partial mesh. Each ISP link is monitored via IP Tracking so that when an ISP goes down, the Interface and routes are downed as well. This provides failover via the second tunnel interface/VPN.
When both ISP's are up, our VPN Monitor is up and all VPN's are OK. The issues we've noticed are related to our OSPF states. Since both OSPF instances are bound to the same Backbone, we've noticed that we see varies states (Exstart, etc). When a failover occurs, we sometimes have to down OSPF on the tunnel int in order for it to fail back over to the primary VPN.
Does anyone know of a way to utilize redundant VPN's and Tun Int's in a full mesh with "Full" OSPF states via a single backbone. In a perfect world we would like to have both VPN's, Tunnel's and OSPF Neighbor relations ships working at the same time. This would allow us to have two routes for each site (one with a higher metric via the OSPF cost field).
Any feeedback is welcome. Thank you.
Rgds,
John
We've been using Routed Based VPN's w/ OSPF over the past year with a few minor issues. We're hoping to resolve some of our issues with firmware upgrades (currently on ns50ns25.5.1.0tw1.0). Has anyone come across issues with OSPF relating to neighbor states?
Basically, each site has two ISP's and two VPN's. All VPN's are bound to single Tunnel Int's w/ auto NHTB in a full and partial mesh. Each ISP link is monitored via IP Tracking so that when an ISP goes down, the Interface and routes are downed as well. This provides failover via the second tunnel interface/VPN.
When both ISP's are up, our VPN Monitor is up and all VPN's are OK. The issues we've noticed are related to our OSPF states. Since both OSPF instances are bound to the same Backbone, we've noticed that we see varies states (Exstart, etc). When a failover occurs, we sometimes have to down OSPF on the tunnel int in order for it to fail back over to the primary VPN.
Does anyone know of a way to utilize redundant VPN's and Tun Int's in a full mesh with "Full" OSPF states via a single backbone. In a perfect world we would like to have both VPN's, Tunnel's and OSPF Neighbor relations ships working at the same time. This would allow us to have two routes for each site (one with a higher metric via the OSPF cost field).
Any feeedback is welcome. Thank you.
Rgds,
John