WAN Routing

HP MSR900 WAN failover + VPN

 
Magnus-troy
Occasional Contributor

HP MSR900 WAN failover + VPN

Hi everybody!

Tried to find info regarding the MSR900 failover design for 2 ISPs. The config guides depict only the scenario with 3G wan backup.

Is it possible to use HP MSR900 with 2 ISPs on FE interfaces, is load-balancing across WAN interfaces possible or this is just an Active/Standby interface? Are there any experience here or solution guides?

Also i was wondering if it is possible to use site-to-site VPN in such design.

What steps are necessary to create such configuration, is it possible to create 2 VPN profiles for each WAN interface and use one as active, one as a backup?

Are there a better solution and config principles for this design?

 

Thanks in advance.

3 REPLIES 3
AlexGrigorescu
Occasional Advisor

Re: HP MSR900 WAN failover + VPN

Hi Magnus.

 

First of all, the MSR 900 has two modes of operating the WAN interfaces:

 - active-active

 - active-standby

 

For active-standby you have to configure the second WAN interface, as in the configuration guide (it is similar to the 3G example), as a standby interface for the first one:

 

<router> system-view

[router] int eth 0/0

[router-Ethernet0/0]standby int eth 0/1

 

Then you have to configure the process of measuring the quality of the primary link (eth 0/0) and establish the parameters that trigger the passing to the second link (eth 0/1).

The configuration guide has in-depth details of the configuration - study the examples and use the configuartion task-list.

 

Please be aware that you need both interfaces configured for outside nat and two routes (one for each ISP):

 

ip route-static 0.0.0.0 0.0.0.0 x.x.x.x preference 60 description Primary link (1st ISP)

ip route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 120 description Backup link (2nd ISP)

 

x.x.x.x and y.y.y.y are the gateways for the ISPs

 

For active-active (load balancing), you have to have both interfaces connected at the same time (skip the standby part).

The static routes should look like this:

ip route-static 0.0.0.0 0.0.0.0 x.x.x.x preference 60 description (1st ISP)

ip route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 60 description (2nd ISP)

 

Now for the VPN part.

In order to greatly simplify your design, use HP DVPN technology (embedded in all MSR routers).

Make the upgrade to the latest Comware OS and configure one router as DVPN Hub (VAM server + VAM client) and the other as DVPN Spoke (VAM Client).

You can find all the details in the configuration guide.

You can use OSPF to route traffic between the subnets of the internal LANs of your routers.

 

For maximum redundancy, you can configure:

- both routers with two active-active interfaces;

- router 1: VAM Server on ISP1 and ISP 2 (two VAM instances)

- router 2: VAM client on ISP 1 and VAM client on ISP 2

- use OSPF to route traffic

There is a very good example in the configuration guide (Layer 3 - IP Services -> DVPN Configuration)

 

Regards,

Alex

 

pmonardo
Occasional Contributor

Re: HP MSR900 WAN failover + VPN

I am having issues doing active-active as well

See my post
http://h30499.www3.hp.com/t5/WAN-Routing/MSR931-WAN-load-balancing-LTE-failover-How-to/td-p/6402455

I have set a preference for the 4 wans I have to be 60 (default) and the LTE to 120 and I lose access

Any ideas?
chrisdowland950
Visitor

Re: HP MSR900 WAN failover + VPN

Thanks for the information I was trying to do this over one router I purchased a second router and it works perfectly